TechSpot

Chrome issues & possible virus?

Solved
By top_model_guy
Nov 15, 2012
  1. Hey everyone,
    For the past few weeks I have been having the worst internet browsing experience and believe the culprit could be some form of virus or malware. For one my Google Chrome browser has not been able to load any Google websites such as gmail. I researched some online solutions such as deleting my browsing history and cookies, but this did not solve the problem. I then reinstalled the browser, but that also did not fix the problem. I then downloaded Firefox for browsing purposes--it has been able to open gmail--but that browser is also generally having a very slow browsing experience as well as experiencing many delays and glitches such as not being able to keep up with the writing of this message and webpages freezing and the browser crashing and rebooting.
    Thanks for any help in advance.

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.15.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Jill Cowan :: JILLCOWAN-PC [administrator]

    11/15/2012 12:50:20 PM
    mbam-log-2012-11-15 (12-50-20).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207022
    Time elapsed: 29 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 6
    C:\Users\Jill Cowan\Local Settings\Application Data\ShamrockSpringSA (Adware.HotBar.SS) -> Quarantined and deleted successfully.
    C:\Users\Jill Cowan\Local Settings\Application Data\ShamrockSpringSA\bin (Adware.HotBar.SS) -> Quarantined and deleted successfully.
    C:\Users\Jill Cowan\Local Settings\Application Data\ShamrockSpringSA\bin\1.0.18.0 (Adware.HotBar.SS) -> Quarantined and deleted successfully.
    C:\Users\Jill Cowan\AppData\Local\ShamrockSpringSA (Adware.HotBar.SS) -> Quarantined and deleted successfully.
    C:\Users\Jill Cowan\AppData\Local\ShamrockSpringSA\bin (Adware.HotBar.SS) -> Quarantined and deleted successfully.
    C:\Users\Jill Cowan\AppData\Local\ShamrockSpringSA\bin\1.0.18.0 (Adware.HotBar.SS) -> Quarantined and deleted successfully.

    Files Detected: 2
    C:\Users\Jill Cowan\Local Settings\Application Data\ShamrockSpringSA\bin\1.0.18.0\shamrockspringSAHook.dll (Adware.HotBar.SS) -> Quarantined and deleted successfully.
    C:\Users\Jill Cowan\AppData\Local\ShamrockSpringSA\bin\1.0.18.0\shamrockspringSAHook.dll (Adware.HotBar.SS) -> Quarantined and deleted successfully.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-11-15 13:42:26
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP
    Running: 5oy3ecuq.exe; Driver: C:\Users\JILLCO~1\AppData\Local\Temp\pwryauow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 8.0.7601.17514
    Run by Jill Cowan at 13:50:14 on 2012-11-15
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1167 [GMT -8:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.alothome.com/en-us
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\users\jill cowan\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 65.208.187.211 206.124.64.253
    TCP: Interfaces\{26A7A8A4-5669-4C19-A352-26D43C6A12C6} : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{8E1146BC-55D6-4CD0-A8D6-B206C31F2D0B} : DHCPNameServer = 65.208.187.211 206.124.64.253
    TCP: Interfaces\{8E1146BC-55D6-4CD0-A8D6-B206C31F2D0B}\2456C6B696E6F5E4B2F5246323243434 : DHCPNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{8E1146BC-55D6-4CD0-A8D6-B206C31F2D0B}\D427E2022516765627D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jill cowan\appdata\roaming\mozilla\firefox\profiles\cfpv5fn9.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\jill cowan\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\jill cowan\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\jill cowan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\jill cowan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: 2012-10-07 10:31; {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - ExtSQL: 2012-11-03 15:34; adblockpopups@jessehakanen.net; c:\users\jill cowan\appdata\roaming\mozilla\firefox\profiles\cfpv5fn9.default\extensions\adblockpopups@jessehakanen.net.xpi
    FF - ExtSQL: 2012-11-03 15:34; spellcheckerimproved@mozilla.firefox; c:\users\jill cowan\appdata\roaming\mozilla\firefox\profiles\cfpv5fn9.default\extensions\spellcheckerimproved@mozilla.firefox.xpi
    FF - ExtSQL: 2012-11-15 12:45; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
    FF - ExtSQL: !HIDDEN! 2011-01-21 18:49; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-15 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-15 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-15 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-15 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-15 44808]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-6 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-28 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-11-15 20:41:02 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-11-15 20:40:57 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-11-15 20:40:53 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-11-15 20:39:28 41224 ----a-w- c:\windows\avastSS.scr
    2012-11-15 20:39:10 -------- d-----w- c:\programdata\AVAST Software
    2012-11-15 20:39:10 -------- d-----w- c:\program files\AVAST Software
    2012-11-15 20:22:02 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3078c717-1e9c-4627-9d66-30495bbb431b}\mpengine.dll
    2012-11-03 22:41:27 -------- d-----w- c:\users\jill cowan\appdata\local\Macromedia
    2012-11-03 21:53:02 -------- d-----w- c:\windows\tiinst
    .
    ==================== Find3M ====================
    .
    2012-11-03 22:40:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-03 22:40:59 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-24 16:57:48 981504 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 15:20:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-21 20:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-04-18 03:23:22 3993600 ----a-w- c:\program files\GUT454C.tmp
    .
    ============= FINISH: 13:52:24.65 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/26/2010 9:59:19 AM
    System Uptime: 11/15/2012 1:38:06 PM (0 hours ago)
    .
    Motherboard: TOSHIBA | | IAKAA
    Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U2E1 | 1733/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 110 GiB total, 30.264 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart C7200 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart C7200 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C7200 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C7200 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP232: 10/30/2012 9:06:26 AM - Windows Update
    RP233: 11/3/2012 2:02:01 PM - Windows Update
    RP235: 11/3/2012 2:52:30 PM - Installed TIPCI
    RP236: 11/7/2012 12:19:08 PM - Windows Update
    RP237: 11/15/2012 12:20:30 PM - Windows Update
    RP238: 11/15/2012 12:38:53 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    BufferChm
    C5200
    C5200_Help
    C7200
    C7200_Help
    Copy
    Destinations
    DeviceDiscovery
    DivX Setup
    DocProc
    EpicBot
    EPSON NX410 Series Printer Uninstall
    EPSON Scan
    Facebook Video Calling 1.2.0.287
    Fax
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.0.0
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    HP Photosmart Essential 3.5
    HP Product Detection
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    iCloud
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.65.1.1000
    MarketResearch
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.2
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    OCR Software by I.R.I.S. 13.0
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_Min
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Shop for HP Supplies
    Skype™ 5.10
    SmartWebPrinting
    SolutionCenter
    Spotmau Wincare 2008
    Status
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    VirtualCloneDrive
    Vorton Financial Tools
    Vuze
    WebReg
    WinRAR 4.20 beta 2 (32-bit)
    Yahoo! Messenger
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2012 1:35:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MALDA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8E1146BC-55D6-4CD0-A8D6-B206C31F2. The master browser is stopping or an election is being forced.
    11/15/2012 12:15:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
    11/15/2012 12:15:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Security Scan Component Host Service service to connect.
    11/15/2012 12:15:48 PM, Error: Service Control Manager [7000] - The McAfee Security Scan Component Host Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/15/2012 1:22:56 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/15/2012 1:22:56 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    11/15/2012 1:22:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    11/10/2012 2:24:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8E1146BC-55D6-4CD0-A8D6-B206C31F2. The master browser is stopping or an election is being forced.
    11/10/2012 12:07:06 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Jill Cowan [Admin rights]
    Mode : Scan -- Date : 11/16/2012 11:24:52

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Jill Cowan\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringSA.exe" -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
    --- User ---
    [MBR] 6eddaf9ca75b304476d4a6ad5a7397a3
    [BSP] 8529171cb2a38ca0961adabbbb654461 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112972 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_11162012_02d1124.txt >>
    RKreport[1]_S_11162012_02d1124.txt


    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Jill Cowan [Admin rights]
    Mode : Remove -- Date : 11/16/2012 11:25:19

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Jill Cowan\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringSA.exe" -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
    --- User ---
    [MBR] 6eddaf9ca75b304476d4a6ad5a7397a3
    [BSP] 8529171cb2a38ca0961adabbbb654461 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112972 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11162012_02d1125.txt >>
    RKreport[1]_S_11162012_02d1124.txt ; RKreport[2]_D_11162012_02d1125.txt


    After completing this step, Chrome still will not open gmail and browsing experience still seems slow. Will continue on with next steps.
     
  4. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    During the aswMBR.exe scan, my computer crashed and a blue screen appeared. Upon rebooting a Windows Solution window appeared with the following:

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7601.2.1.0.256.1
    Locale ID: 1033

    Additional information about the problem:
    BCCode: d1
    BCP1: 0113FE58
    BCP2: 00000002
    BCP3: 00000000
    BCP4: 893CBFB6
    OS Version: 6_1_7601
    Service Pack: 1_0
    Product: 256_1

    Files that help describe the problem:
    C:\Windows\Minidump\111612-23478-01.dmp
    C:\Users\Jill Cowan\AppData\Local\Temp\WER-47985-0.sysdata.xml

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
     
  5. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    Should I rerun aswMBR.exe?
     
  6. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Re-run it from safe mode.
     
  7. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    I re-ran aswMBR in safe mode and here are the results:

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-16 13:28:25
    -----------------------------
    13:28:25.069 OS Version: Windows 6.1.7601 Service Pack 1
    13:28:25.069 Number of processors: 2 586 0xE0C
    13:28:25.069 ComputerName: JILLCOWAN-PC UserName: Jill Cowan
    13:29:00.075 Initialize success
    13:29:02.259 AVAST engine defs: 12111600
    13:29:13.273 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    13:29:13.288 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7DP Size: 114473MB BusType: 3
    13:29:13.319 Disk 0 MBR read successfully
    13:29:13.319 Disk 0 MBR scan
    13:29:13.943 Disk 0 Windows 7 default MBR code
    13:29:13.975 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    13:29:14.786 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
    13:29:14.911 Disk 0 scanning sectors +234440704
    13:29:15.503 Disk 0 scanning C:\Windows\system32\drivers
    13:29:34.629 Service scanning
    13:30:04.378 Modules scanning
    13:30:14.316 Disk 0 trace - called modules:
    13:30:14.362 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    13:30:14.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e2d948]
    13:30:14.394 3 CLASSPNP.SYS[8928f59e] -> nt!IofCallDriver -> [0x840a5838]
    13:30:14.409 5 ACPI.sys[88a173d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d4d580]
    13:30:14.784 AVAST engine scan C:\Windows
    13:30:16.827 AVAST engine scan C:\Windows\system32
    13:33:11.126 AVAST engine scan C:\Windows\system32\drivers
    13:33:24.917 AVAST engine scan C:\Users\Jill Cowan
    13:44:28.557 File: C:\Users\Jill Cowan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\40dbdf4b-5d37eb93 **INFECTED** Win32:MalOb-GR [Cryp]
    13:47:54.930 AVAST engine scan C:\ProgramData
    13:49:17.096 Scan finished successfully
    13:49:35.519 Disk 0 MBR has been saved successfully to "C:\Users\Jill Cowan\Desktop\MBR.dat"
    13:49:35.519 The log file has been saved successfully to "C:\Users\Jill Cowan\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    Here is the Combofix log. Chrome still is not able to load Gmail. Was I supposed to do the rKill program as well or was that just if I was unable to run Combofix?

    ComboFix 12-11-16.02 - Jill Cowan 11/16/2012 15:54:18.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1179 [GMT -8:00]
    Running from: c:\users\Jill Cowan\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files\BasicScan
    c:\program files\BasicScan\uninstall.exe
    c:\programdata\fadc28b75271e62aca46418fa472a1e8_c
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-17 01:12 . 2012-11-17 01:12 -------- d-----w- c:\users\Jill Cowan\AppData\Local\temp
    2012-11-17 01:12 . 2012-11-17 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-15 21:51 . 2012-11-17 01:13 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3078C717-1E9C-4627-9D66-30495BBB431B}\offreg.dll
    2012-11-15 20:41 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-11-15 20:41 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-11-15 20:41 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-11-15 20:41 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-11-15 20:40 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-11-15 20:40 . 2012-10-30 23:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-11-15 20:39 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
    2012-11-15 20:39 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-11-15 20:39 . 2012-11-15 20:39 -------- d-----w- c:\programdata\AVAST Software
    2012-11-15 20:39 . 2012-11-15 20:39 -------- d-----w- c:\program files\AVAST Software
    2012-11-15 20:22 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3078C717-1E9C-4627-9D66-30495BBB431B}\mpengine.dll
    2012-11-03 22:41 . 2012-11-03 22:41 -------- d-----w- c:\users\Jill Cowan\AppData\Local\Macromedia
    2012-11-03 22:22 . 2012-11-03 22:22 -------- d-----w- c:\users\Jill Cowan\AppData\Local\Mozilla
    2012-11-03 22:22 . 2012-11-03 22:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-11-03 21:54 . 2012-11-03 21:54 -------- d-----w- c:\program files\InstallShield Installation Information
    2012-11-03 21:53 . 2012-11-03 21:53 -------- d-----w- c:\windows\tiinst
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-03 22:40 . 2012-07-21 14:03 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-03 22:40 . 2011-06-15 16:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-30 03:54 . 2012-01-03 16:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-14 18:28 . 2012-10-10 16:24 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-31 17:18 . 2012-10-10 16:23 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 17:12 . 2012-10-10 16:23 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 16:23 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-24 16:57 . 2012-10-10 16:24 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 16:57 . 2012-09-22 15:49 981504 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 15:20 . 2012-09-22 15:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-22 17:16 . 2012-09-12 16:00 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16 . 2012-09-12 16:00 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16 . 2012-09-12 16:00 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16 . 2012-09-12 16:00 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 20:12 . 2012-09-26 15:45 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-21 20:01 . 2012-09-19 05:06 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 20:01 . 2012-07-20 15:15 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-20 17:40 . 2012-10-10 16:23 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 17:40 . 2012-10-10 16:23 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 17:37 . 2012-10-10 16:23 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 17:32 . 2012-10-10 16:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 15:33 . 2012-10-10 16:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33 . 2012-10-10 16:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33 . 2012-10-10 16:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33 . 2012-10-10 16:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-04-18 03:23 . 2012-04-18 02:34 3993600 ----a-w- c:\program files\GUT454C.tmp
    2012-10-24 17:50 . 2012-11-03 22:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-27 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Jill Cowan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
    path=c:\users\Jill Cowan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
    backup=c:\windows\pss\IMVU.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-08-28 04:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX410 Series]
    2008-10-01 13:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFCA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
    2012-07-13 17:23 138096 ----atw- c:\users\Jill Cowan\AppData\Local\Facebook\Update\FacebookUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-10-24 19:39 136176 ----atw- c:\users\Jill Cowan\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2011-05-10 07:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-07-22 23:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2011-08-01 19:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-09-10 06:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
    2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-12-27 15:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-07-17 23:11 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 22:40]
    .
    2012-11-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000Core.job
    - c:\users\Jill Cowan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-27 17:23]
    .
    2012-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000UA.job
    - c:\users\Jill Cowan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-27 17:23]
    .
    2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 15:47]
    .
    2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 15:47]
    .
    2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000Core.job
    - c:\users\Jill Cowan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:39]
    .
    2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000UA.job
    - c:\users\Jill Cowan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.alothome.com/en-us
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 65.208.187.211 206.124.64.253
    FF - ProfilePath - c:\users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\
    FF - ExtSQL: 2012-10-07 10:31; {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - ExtSQL: 2012-11-03 15:34; spellcheckerimproved@mozilla.firefox; c:\users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\extensions\spellcheckerimproved@mozilla.firefox.xpi
    FF - ExtSQL: 2012-11-15 12:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2012-11-15 14:51; printPages2Pdf@reinhold.ripper; c:\users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\extensions\printPages2Pdf@reinhold.ripper
    FF - ExtSQL: 2012-11-15 14:51; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
    FF - ExtSQL: !HIDDEN! 2011-01-21 18:49; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Spotmau WinCare 2008_is1 - c:\program files\Spotmau WinCare 2008\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\01\06\0e\15\0a6Í"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-16 17:16:11
    ComboFix-quarantined-files.txt 2012-11-17 01:16
    .
    Pre-Run: 42,635,739,136 bytes free
    Post-Run: 44,388,433,920 bytes free
    .
    - - End Of File - - 3D3519C9BF2693E8AA79C11F9F68946C
     
  10. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Looks good.

    Uninstall McAfee Security Scan Plus, typical foistware.

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    OTL logfile created on: 11/17/2012 4:23:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jill Cowan\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.47% Memory free
    3.98 Gb Paging File | 3.17 Gb Available in Paging File | 79.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 110.32 Gb Total Space | 39.71 Gb Free Space | 35.99% Space Free | Partition Type: NTFS

    Computer Name: JILLCOWAN-PC | User Name: Jill Cowan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/17 16:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jill Cowan\Desktop\OTL.exe
    PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2008/06/20 07:14:00 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 18:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 18:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV - [2012/11/17 16:01:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/12/28 08:34:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JILLCO~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/11/01 21:52:48 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/10/15 08:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/09/21 14:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/11/09 02:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2006/07/06 12:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/08/17 03:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
    DRV - [2005/08/17 03:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 03:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 03:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en-us
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 4D A3 3D 8A DC CC 01 [binary data]
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{945EAF50-7F8C-42DB-9D1B-54F31F23035E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=6ADB5E7F-8A75-4655-9790-7916B4B16558
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searc...d=30028&camp_id=4714&tb_version=1.2.2000.2(B)
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: spellcheckerimproved@mozilla.firefox:1.0.0
    FF - prefs.js..extensions.enabledAddons: printPages2Pdf@reinhold.ripper:0.1.8.0
    FF - prefs.js..extensions.enabledAddons: {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}:0.7.7
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jill Cowan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jill Cowan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jill Cowan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jill Cowan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jill Cowan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/21 18:49:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/15 12:45:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/07 09:31:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 12:39:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/03 14:22:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/21 18:49:04 | 000,000,000 | ---D | M]

    [2012/11/03 14:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\Extensions
    [2012/11/15 14:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\Firefox\Profiles\cfpv5fn9.default\extensions
    [2012/11/15 14:51:18 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\Firefox\Profiles\cfpv5fn9.default\extensions\printPages2Pdf@reinhold.ripper
    [2012/11/03 14:34:47 | 000,020,035 | ---- | M] () (No name found) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\firefox\profiles\cfpv5fn9.default\extensions\spellcheckerimproved@mozilla.firefox.xpi
    [2012/11/15 14:51:18 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Jill Cowan\AppData\Roaming\mozilla\firefox\profiles\cfpv5fn9.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
    [2012/11/03 14:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.alothome.com/en-us
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.alothome.com/en-us
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jill Cowan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jill Cowan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jill Cowan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Drive = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: IMVU Inc = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb\2.3.17.1_0\
    CHR - Extension: YouTube = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/11/16 17:12:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.208.187.211 206.124.64.253
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E1146BC-55D6-4CD0-A8D6-B206C31F2D0B}: DhcpNameServer = 65.208.187.211 206.124.64.253
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/17 16:21:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jill Cowan\Desktop\OTL.exe
    [2012/11/17 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
    [2012/11/17 15:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2012/11/16 17:16:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/16 17:16:13 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\AppData\Local\temp
    [2012/11/16 15:51:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/16 15:51:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/16 15:51:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/16 15:50:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/16 15:50:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/16 15:48:09 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Jill Cowan\Desktop\ComboFix.exe
    [2012/11/16 12:02:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/11/16 11:36:48 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jill Cowan\Desktop\aswMBR.exe
    [2012/11/16 11:24:15 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\Desktop\RK_Quarantine
    [2012/11/15 13:48:12 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Jill Cowan\Desktop\dds.com
    [2012/11/15 12:41:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/11/15 12:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/11/15 12:41:06 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/11/15 12:41:02 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2012/11/15 12:41:00 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/11/15 12:40:57 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/11/15 12:40:53 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/11/15 12:39:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/11/15 12:39:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/11/15 12:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/11/15 12:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/11/10 11:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/11/03 14:41:27 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\AppData\Local\Macromedia
    [2012/11/03 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\AppData\Local\Mozilla
    [2012/11/03 14:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/11/03 14:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/11/03 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/11/03 13:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
    [2012/11/03 13:53:02 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
    [2012/11/02 11:30:14 | 000,000,000 | ---D | C] -- C:\Users\Jill Cowan\AppData\Roaming\Mozilla
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/17 16:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jill Cowan\Desktop\OTL.exe
    [2012/11/17 16:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/17 16:07:22 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/17 15:53:57 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/17 15:53:57 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/17 15:49:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 15:46:56 | 000,001,418 | ---- | M] () -- C:\Users\Jill Cowan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/11/17 15:46:43 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/17 15:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/17 15:45:50 | 274,672,921 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/17 15:44:58 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/17 15:30:33 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000UA.job
    [2012/11/17 15:23:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2012/11/17 15:19:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
    [2012/11/17 14:08:52 | 000,426,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/11/17 13:58:56 | 000,627,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/11/17 13:58:56 | 000,107,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/11/17 13:28:02 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000UA.job
    [2012/11/16 17:12:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/11/16 17:10:33 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000Core.job
    [2012/11/16 15:49:04 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Jill Cowan\Desktop\ComboFix.exe
    [2012/11/16 13:49:35 | 000,000,512 | ---- | M] () -- C:\Users\Jill Cowan\Desktop\MBR.dat
    [2012/11/16 11:37:27 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jill Cowan\Desktop\aswMBR.exe
    [2012/11/16 11:22:37 | 000,673,280 | ---- | M] () -- C:\Users\Jill Cowan\Desktop\RogueKiller.exe
    [2012/11/16 11:13:25 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-401099235-1672096875-2985060059-1000Core.job
    [2012/11/15 13:48:33 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Jill Cowan\Desktop\dds.com
    [2012/11/15 13:30:44 | 000,302,592 | ---- | M] () -- C:\Users\Jill Cowan\Desktop\5oy3ecuq.exe
    [2012/11/15 12:48:51 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/15 12:41:07 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/11/15 12:40:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/11/10 11:21:37 | 000,002,246 | ---- | M] () -- C:\Users\Jill Cowan\Desktop\Google Chrome.lnk
    [2012/11/03 14:22:26 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/10/30 15:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 15:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/10/26 11:57:37 | 000,442,368 | ---- | M] () -- C:\Users\Jill Cowan\Documents\Database1.accdb
    [2012/10/23 23:10:01 | 000,348,160 | ---- | M] () -- C:\Users\Jill Cowan\Documents\Contacts.accdb
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/17 15:49:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/11/17 15:23:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2012/11/17 15:19:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
    [2012/11/17 13:52:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/17 13:49:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/16 15:51:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/16 15:51:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/16 15:51:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/16 15:51:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/16 15:51:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/16 13:49:35 | 000,000,512 | ---- | C] () -- C:\Users\Jill Cowan\Desktop\MBR.dat
    [2012/11/16 12:01:53 | 274,672,921 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/11/16 11:22:21 | 000,673,280 | ---- | C] () -- C:\Users\Jill Cowan\Desktop\RogueKiller.exe
    [2012/11/15 13:30:41 | 000,302,592 | ---- | C] () -- C:\Users\Jill Cowan\Desktop\5oy3ecuq.exe
    [2012/11/15 12:48:51 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/15 12:41:07 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/11/10 11:21:37 | 000,002,246 | ---- | C] () -- C:\Users\Jill Cowan\Desktop\Google Chrome.lnk
    [2012/11/03 14:22:26 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/11/03 14:22:25 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/10/26 10:43:06 | 000,442,368 | ---- | C] () -- C:\Users\Jill Cowan\Documents\Database1.accdb
    [2012/10/23 14:24:06 | 000,348,160 | ---- | C] () -- C:\Users\Jill Cowan\Documents\Contacts.accdb
    [2012/07/30 08:36:35 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2012/07/30 08:36:35 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2012/07/30 08:36:35 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2012/07/30 08:36:35 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2012/07/30 08:36:35 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2012/07/30 08:36:35 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2012/07/30 08:36:35 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2012/07/30 08:36:35 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2012/07/30 08:36:35 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2012/07/30 08:36:35 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2012/07/30 08:36:35 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2012/07/30 08:36:35 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2012/07/30 08:36:35 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2012/07/30 08:36:35 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2012/07/30 08:36:35 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2012/07/30 08:36:35 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2012/01/02 20:20:23 | 000,010,552 | -HS- | C] () -- C:\Users\Jill Cowan\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o
    [2012/01/02 20:20:23 | 000,010,552 | -HS- | C] () -- C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o
    [2011/07/04 19:57:00 | 000,000,129 | ---- | C] () -- C:\Users\Jill Cowan\jagex_runescape_preferences2.dat
    [2011/07/04 19:55:43 | 000,000,035 | ---- | C] () -- C:\Users\Jill Cowan\jagex_runescape_preferences.dat
    [2011/06/06 15:56:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/06/06 15:54:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/01/21 18:36:40 | 000,210,948 | ---- | C] () -- C:\Windows\hpoins21.dat
    [2011/01/21 18:36:40 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
    [2010/12/26 15:40:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/08/22 22:13:53 | 000,000,000 | ---D | M] -- C:\Users\Jill Cowan\AppData\Roaming\Azureus
    [2011/08/07 21:39:05 | 000,000,000 | ---D | M] -- C:\Users\Jill Cowan\AppData\Roaming\EpicBot

    ========== Purity Check ==========



    < End of report >
     
     
  12. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    OTL Extras logfile created on: 11/17/2012 4:23:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jill Cowan\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.47% Memory free
    3.98 Gb Paging File | 3.17 Gb Available in Paging File | 79.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 110.32 Gb Total Space | 39.71 Gb Free Space | 35.99% Space Free | Partition Type: NTFS

    Computer Name: JILLCOWAN-PC | User Name: Jill Cowan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-401099235-1672096875-2985060059-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{08675A4D-FC10-42BA-9DE3-7C3962A23908}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{17604521-AC19-4553-B76F-FDE13F56BE03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{17E5B689-B7FD-4306-8B05-568FA892C35C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3C2F6B16-09D8-4E86-9CF0-FC2A4FF01E81}" = rport=139 | protocol=6 | dir=out | app=system |
    "{4EF2B9C9-E0BF-4E25-9A79-60262CB7910D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{5D2DA3B2-B191-4897-B0DA-04203D7F3149}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5ED0A6CF-A0C8-4124-8380-5F1FB942CDA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{623300EC-1597-44CD-B98C-30B1BD214C0B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{86C07C1C-42E0-4030-9181-D5B2B83EECF2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{892EFE00-7F7A-4D6E-AC1D-FCE6D5CAD609}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{8A1E0E3E-4327-4BA6-9BCD-962B620AFA74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{91C296A5-20B8-4530-A6EE-D39C82C9E163}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{9850B788-AE0F-4EFE-A2EB-ABF4151ED865}" = rport=445 | protocol=6 | dir=out | app=system |
    "{99148EE9-866E-461E-ABBE-DA31E58FCFED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{A2FE561C-8348-4AC0-9311-08708C33B23D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AAD8D0E4-C46A-4B50-B5D6-E7C11C571731}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B2DC105E-8D60-4C72-9E12-E563CA992B24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BAABB4EB-3168-46F5-9919-A05B797E37B1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BE57F6C8-19C0-4DB3-9615-1C3482534550}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C25E4731-BA8E-441F-8657-3918824A3BF4}" = lport=138 | protocol=17 | dir=in | app=system |
    "{C2979ABE-9298-4979-849D-7B6EE8286636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C75BD92D-4A2A-44BA-8C6F-6CA97A87F38C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DFADED73-1AA0-45A1-9A1F-B9EBB7362BB5}" = lport=139 | protocol=6 | dir=in | app=system |
    "{EC7D2CFE-CBD3-4BF0-99E7-D7ABF66E6E6B}" = rport=138 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0026DAD9-DE65-4ECF-BEAE-97A76B0D10CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{05E32643-56C4-4FD9-B0FD-4A6544165F5E}" = protocol=6 | dir=in | app=c:\users\jill cowan\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{074171C3-2104-4055-9D60-99F8450DAEB5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{100BCBAD-B4FB-4C8A-A6EC-A9FDE2CF89E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{29943595-F445-4DFF-BA8F-4BDFD5E6EDEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{2E62A508-A720-4E81-B923-7406C12C6BB7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{32E8258A-5B0A-48F6-A4C2-D9AC7BDFC95F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{36C9E619-0A59-4E84-A5AE-DC2E40712748}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{3B0FC70C-FEC2-4D9C-AFBA-24CA957E2C5E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{3B5D2ECC-8482-48BC-88D0-B869E7FC9FC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{401B48AD-89D9-4075-ACB9-D3F5A928FD7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4F43F628-77FE-4FE6-90B5-78C6DAF622F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{80040EE2-059D-4BC4-BD9B-B3A41F6863A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{85E58E6E-C636-418B-8C69-D6BAFB1EB966}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{86AF6A91-A729-4C2C-85DD-FFDDA95BEB3C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{878219FF-48DF-4C29-8A52-B05D8B702DEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8F40C640-B17B-41AF-BC48-B507EA242723}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{90287C08-5BA2-4F5C-819C-9D4F302E54A6}" = dir=in | app=c:\users\jill cowan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{92A2F68F-7758-4F86-8828-4FB7A918BF66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{952F0EF3-A660-4889-988D-F1F5CACD68CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{99692A04-B99D-4D70-AD0F-9EBDBE74E373}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{9A778F31-08E7-4072-931B-91FD142DBFB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{9C4F1535-EC66-44DC-A029-8D43BBAAB4CB}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{A361C52A-C37C-47E8-9EAB-08E63BFAB147}" = protocol=17 | dir=in | app=c:\users\jill cowan\frostwire 5\frostwire.exe |
    "{A6B96D05-623C-492D-A538-49837413A71A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
    "{A7249485-D458-45EF-98DB-531E59894AA7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A8358088-F96D-4D35-B661-9FE9D2C5DA20}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{A8DB0A88-2381-4FD2-B2E7-C657D540B412}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{AAB9190B-84FB-4EC1-AA5E-BD163715B10A}" = protocol=6 | dir=in | app=c:\users\jill cowan\frostwire 5\frostwire.exe |
    "{AB0734F9-7C2C-4BD2-9E8A-A895608D17C2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{ACF1162D-E0A3-46C6-9107-6E79DFF94889}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{AD49E0CE-1319-48E1-BE42-EDE7136C5B86}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{B693BD12-36BA-49AC-984E-157BDB5FF8D8}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{BB1D4937-2CC6-4194-AC1F-3B3DC75867AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BFD67AC6-D287-476B-91EF-B3D30EAF8380}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{C48B9CD7-1261-45E9-88D8-1437EA689731}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C6ED3866-4EBD-41B5-A928-AFC200188026}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{C800DB2D-BADA-42B4-BF66-FFF1605A7061}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{C8205C57-EB5A-424D-85C9-DF039867237C}" = protocol=17 | dir=in | app=c:\users\jill cowan\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{CAED5B71-6A38-4224-826F-0D17D2AA438F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{D3668499-3A9F-408C-9F73-0327860931E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DA9DC8F4-71A2-46CE-A39D-474B6750CAB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DC8F71F4-E071-48A7-A379-EDC3865C92C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{E4E17BDC-C382-4F41-8D6F-F2FDA08A9044}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E672C89D-1B75-4B5E-80C4-85D5B021BE9F}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{F040879C-751B-45DB-B715-46640CE0B5EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F3F6C465-CC16-420F-813F-F2AA56B83D42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{F8C1B134-4D72-48AB-BE63-3B91FAADDBFD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "TCP Query User{4DCFCFB7-C599-415A-A7AA-217DE7F7ACD6}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{F408CD64-D86B-4F2E-B9EB-87F2E024FDBC}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{907611B4-1B1B-4810-88CD-965FA49F35F6}" = C5200
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "DivX Setup" = DivX Setup
    "EpicBot" = EpicBot
    "EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
    "EPSON Scanner" = EPSON Scan
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RealPlayer 15.0" = RealPlayer
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VirtualCloneDrive" = VirtualCloneDrive
    "Vorton Financial Tools" = Vorton Financial Tools
    "WinRAR archiver" = WinRAR 4.20 beta 2 (32-bit)
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/16/2012 7:30:51 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 100839

    Error - 11/16/2012 7:30:51 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 100839

    Error - 11/16/2012 7:30:52 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/16/2012 7:30:52 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 101853

    Error - 11/16/2012 7:30:52 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 101853

    Error - 11/16/2012 7:30:53 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/16/2012 7:30:53 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 102851

    Error - 11/16/2012 7:30:53 PM | Computer Name = JillCowan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 102851

    Error - 11/16/2012 9:10:22 PM | Computer Name = JillCowan-PC | Source = Google Update | ID = 20
    Description =

    Error - 11/16/2012 11:28:06 PM | Computer Name = JillCowan-PC | Source = Google Update | ID = 20
    Description =

    [ Media Center Events ]
    Error - 3/30/2012 6:22:14 PM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 11:16:35 AM - Error connecting to the internet. 11:16:35 AM - Unable
    to contact server..

    Error - 3/30/2012 6:22:38 PM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 6:22:29 PM - Error connecting to the internet. 6:22:29 PM - Unable
    to contact server..

    Error - 4/2/2012 3:47:37 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 3:47:37 AM - Error connecting to the internet. 3:47:37 AM - Unable
    to contact server..

    Error - 4/2/2012 3:47:48 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 3:47:42 AM - Error connecting to the internet. 3:47:42 AM - Unable
    to contact server..

    Error - 4/2/2012 4:47:52 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 4:47:52 AM - Error connecting to the internet. 4:47:52 AM - Unable
    to contact server..

    Error - 4/2/2012 4:47:59 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 4:47:58 AM - Error connecting to the internet. 4:47:58 AM - Unable
    to contact server..

    Error - 4/2/2012 5:52:20 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 5:52:20 AM - Error connecting to the internet. 5:52:20 AM - Unable
    to contact server..

    Error - 4/2/2012 5:52:27 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 5:52:25 AM - Error connecting to the internet. 5:52:25 AM - Unable
    to contact server..

    Error - 4/2/2012 6:52:31 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 6:52:31 AM - Error connecting to the internet. 6:52:31 AM - Unable
    to contact server..

    Error - 4/2/2012 6:52:37 AM | Computer Name = JillCowan-PC | Source = MCUpdate | ID = 0
    Description = 6:52:36 AM - Error connecting to the internet. 6:52:36 AM - Unable
    to contact server..

    [ System Events ]
    Error - 11/17/2012 8:12:41 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:12:45 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:12:49 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:12:54 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:12:58 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:13:02 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:13:06 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:13:11 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:13:15 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 11/17/2012 8:13:19 PM | Computer Name = JillCowan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/01/02 20:20:23 | 000,010,552 | -HS- | C] () -- C:\Users\Jill Cowan\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o
      [2012/01/02 20:20:23 | 000,010,552 | -HS- | C] () -- C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    I ran the OTL fix and the computed rebooted on its own, however I do not see the log I need to post with the results.
    Should I continue with next scans or wait until I am able to locate or re-run the OTL fix?
     
  15. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Re-run OTL fix from safe mode.
     
  16. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    Re-ran OTL in safe mode and here are the log results:

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File C:\Users\Jill Cowan\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o not found.
    File C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jill Cowan
    ->Temp folder emptied: 104427 bytes
    ->Temporary Internet Files folder emptied: 244237363 bytes
    ->Java cache emptied: 38261943 bytes
    ->FireFox cache emptied: 87045710 bytes
    ->Google Chrome cache emptied: 148158580 bytes
    ->Flash cache emptied: 120850 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 28788264 bytes
    RecycleBin emptied: 17531 bytes

    Total Files Cleaned = 521.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jill Cowan
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jill Cowan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11202012_181106

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  17. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    SecurityCheck log results:

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player11.5.502.110
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.2)
    Google Chrome 23.0.1271.64
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  18. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    FSS log:

    Farbar Service Scanner Version: 09-11-2012
    Ran by Jill Cowan (administrator) on 20-11-2012 at 18:30:29
    Running from "C:\Users\Jill Cowan\Desktop"
    Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Attempt to access Google.com returned error: Google.com is offline
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2012-11-15 12:31] - [2012-10-03 08:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2012-10-10 08:23] - [2012-06-01 20:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  19. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    AdwCleaner Log:

    # AdwCleaner v2.008 - Logfile created 11/20/2012 at 18:33:05
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : Jill Cowan - JILLCOWAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Jill Cowan\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Free Offers from Freeze.com
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\Jill Cowan\AppData\Local\APN
    Folder Deleted : C:\Users\Jill Cowan\AppData\Local\Conduit
    Folder Deleted : C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
    Folder Deleted : C:\Users\Jill Cowan\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\Jill Cowan\AppData\LocalLow\Conduit

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\Software\PIP

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Jill Cowan\AppData\Roaming\Mozilla\Firefox\Profiles\cfpv5fn9.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Jill Cowan\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2608 octets] - [20/11/2012 18:33:05]

    ########## EOF - C:\AdwCleaner[S1].txt - [2668 octets] ##########
     
  20. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    I've followed each of the steps and am still not able to open Gmail in Chrome

    ESET log:

    ESETSmartInstaller@High as downloader log:
    all ok
    esets_scanner_update returned -1 esets_gle=12
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=f86b1e017be3aa41b41e3c8f5dd470b0
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-11-22 04:25:59
    # local_time=2012-11-21 08:25:59 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776573 100 94 0 105080461 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=431837
    # found=2
    # cleaned=2
    # scan_time=22704
    C:\Users\Jill Cowan\Documents\CouponAlert.exeWin32/AdInstaller application (cleaned by deleting - quarantined)00000000000000000000000000000000C
    C:\Windows.old\Documents and Settings\jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1a25d2cf-37ccf54dmultiple threats (deleted - quarantined)00000000000000000000000000000000C
     
  21. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================

    Uninstall Chrome...

    1. Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
    2. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
    3. Select the default browser you'd like to use.
    4. Click OK in the confirmation prompt.
    5. The uninstall process will begin.
    Install fresh copy.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================

    Uninstall Chrome...

    1. Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
    2. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
    3. Select the default browser you'd like to use.
    4. Click OK in the confirmation prompt.
    5. The uninstall process will begin.
    Install fresh copy.
     
  23. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    Completed the Java update and remove steps as well as uninstalling and installing a fresh version of Chrome. I am still unable to open Gmail in Chrome.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     
  25. top_model_guy

    top_model_guy TS Rookie Topic Starter Posts: 93

    Well thanks for all of your Malware removing guidance Broni. Greatly appreciated.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.