# Audio Ads playing randomly while in IE



## ratherbeingarden (Aug 8, 2012)

Yesterday, my husband infected our computer with the "Data Recovery Virus". I was able to remove the virus with Malwarebytes and Rogue killer.

All is fine except for one glitch (that I know of!). When in IE, random audio ads play. I don't have a pop up ad on screen , just the audio. The pop up blocker is enabled for IE but I still get the audio.

System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) 9850 Quad-Core Processor, AMD64 Family 16 Model 2 Stepping 3
Processor Count: 4
RAM: 4095 Mb
Graphics Card: ATI Radeon HD 5450, 1024 Mb
Hard Drives: C: Total - 953753 MB, Free - 743124 MB;
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD, 785GTM-E45 (MS-7549)
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:00:05 PM, on 8/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\AOL\1302653456\ee\aolsoftware.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Users\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3131886
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: (no name) - !{f9bbf004-6e40-4019-8214-c43a37e1d058} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1302653456\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~2\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13969 bytes


----------



## ratherbeingarden (Aug 8, 2012)

bump


----------



## ratherbeingarden (Aug 8, 2012)

bump


----------



## ratherbeingarden (Aug 8, 2012)

bump


----------



## CatByte (Feb 24, 2009)

Please do the following:


Please download *aswMBR.exe* and save it to your desktop.

Double click *aswMBR.exe* to start the tool. 
When asked if you want to download *Avast's* virus definitions please select *Yes*.

Click *Scan*

Upon completion of the scan, click *Save log* and save it to your desktop, and post that log in your next reply for review. * Note - do NOT attempt any Fix yet. *

You will also notice another file created on the desktop named *MBR.dat*. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


*NEXT*

Please download TDSSKiller.zip

Extract it to your desktop
Double click *TDSSKiller.exe*
when the window opens, click on *Change Parameters*
under *"Additional options"*, put a check mark in the box next to *"Detect TDLFS File System"*
click *OK* 
Press *Start Scan*
As we are only looking for a log of what is on the machine right now > choose to *skip* whatever is found
Then click *Continue* > *Reboot now*

Copy and paste the log in your next reply
_A copy of the log will be saved automatically to the root of the drive (typically C:\)_


----------



## ratherbeingarden (Aug 8, 2012)

I can download the two files; however they will not run. I tried and tried and tried...


----------



## CatByte (Feb 24, 2009)

ok, it is the infection shutting them down, we will take a different approach

please do the following:

download Farbar Recovery Scan Tool  and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options*.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.
*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.
*On the System Recovery Options menu you will get the following options:*


*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst.exe* (for x64 bit version type *e:\frst64*) and press *Enter* 
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click *Yes* to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press *Scan* button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
*services.exe*
now press the *search* button
when the search is complete, search.txt will also be written to your USB
type exit and reboot the computer normally
please copy and paste both logs in your reply.(FRST.txt and Search.txt)


----------



## ratherbeingarden (Aug 8, 2012)

The program icons are on my desk top but the programs are not listed in my program files


----------



## CatByte (Feb 24, 2009)

> The program icons are on my desk top but the programs are not listed in my program files


 that's normal as they don't install on your machine, but the infection is preventing them from running, so we need to use FRST


----------



## ratherbeingarden (Aug 8, 2012)

I cannot get into the bios settings. I've tapped the f8, f10, f11....while rebooting after restarting the computer now 10 times and never am I promted to push any key to continue. So I tried the instalation disc. Still no prompts, the computer just boots up as normal.


----------



## CatByte (Feb 24, 2009)

esc or F2 will usually get you into the BIOS, then you need to change the boot order to CD first

when you tap F8 upon boot up, does an option menu appear?


----------



## ratherbeingarden (Aug 8, 2012)

I can however enter system restore through the control panel


----------



## ratherbeingarden (Aug 8, 2012)

f8 nothing popped up. I will try the esc and f2


----------



## CatByte (Feb 24, 2009)

ok

see if there is a restore point available to before you first started having trouble


----------



## ratherbeingarden (Aug 8, 2012)

F2 and esc did not work either. For a millisecond the words "to configure press f10" appears but that does not work either.

There is no restore point before 8/8/12 when the problems started.


----------



## CatByte (Feb 24, 2009)

ok,

try running the following:

Before saving it to your desktop > rename it to "svchost.exe"

Refer to the *ComboFix User's Guide*


 Download ComboFix from the following location:

*Link *

** IMPORTANT !!! Place ComboFix.exe on your Desktop*

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs *here*

Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
 When finished, it shall produce a log for you. Post that log in your next reply

*Note: 
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.*

---------------------------------------------------------------------------------------------

Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message *"illegal operation attempted on registry key that has been marked for deletion"* and no programs will run - please just reboot and that will resolve that error.


----------



## ratherbeingarden (Aug 8, 2012)

I was able to pause the screen and read the whole boot up screen. It said to press **** f10 and that worked. However there were no configuration options stating to boot up from cd or dvd. The only things I can change are "network boot protocol,boot order, show configuration order, and show message time" Under boot order my choices are, "int 19h, pnp/bev(bevbbs), rom disable, and int 18h"
"


----------



## CatByte (Feb 24, 2009)

ok then, let's move on to ComboFix


----------



## ratherbeingarden (Aug 8, 2012)

I turned off antivirus,downloaded combo fix renamed it and put it on desktop.ran th program and saw a list generated. When the program finishes, it diappears and no log is left to copy to send to you.


----------



## CatByte (Feb 24, 2009)

ok,

I don't think the program has run correctly then

you have Malwarebytes on your system, Malwarebytes has a special driver that we can utilize to try and run TDSSKiller

please follow these instructions carefully

Move tdsskiller.exe to this folder:

*C:\Program Files\Malwarebytes' Anti-Malware\Chameleon*

Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.
*
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o*

A black DOS prompt will appear with a prompt to press any key to continue, please do so.

Now see if *tdsskiller.exe* will run from the Chameleon folder.

you will have to navigate to the new location to run it.

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\tdsskiller.exe

Let me know if you have trouble.


----------



## ratherbeingarden (Aug 8, 2012)

And...when I turned the anti virus program back on, the name on my desk top changed from svchost.exe to combofix


----------



## CatByte (Feb 24, 2009)

yes, that's fine, please try the chameleon folder


----------



## ratherbeingarden (Aug 8, 2012)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs is where my malwarebytes program is located. when I cut and paste to where you told me to put it. is says it is not located there. "location is unavailable"


----------



## ratherbeingarden (Aug 8, 2012)

I have to sign off now , but will back tomorrow. Thanks for your help so far.


----------



## CatByte (Feb 24, 2009)

is the Chameleon folder located in C:\ProgramData\Microsoft\Windows\Start Menu\Programs

if so adjust the path to reflect that location

I don't know why Malwarebytes would install in that location?

Try this as the command in the run box:

*
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o*

this is where you will need to run tdsskiller from
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Chameleon\tdsskiller.exe

If that doesn't work

uninstall MBAM

download a fresh copy and make sure it installs to C:\Program Files


----------



## ratherbeingarden (Aug 8, 2012)

The chameleon is located in "C:\Malwarebytes' Anti-Malware\Chameleon". When I clicked on the chameleon, the screen gave me several "chameleons" to choose from. I click on the first one and the black dos screen appeared. It says it is "killing malcious processes".

I'm lost on how to move the tdsskiller.exe program here. You are going to have to help me in baby steps!


----------



## CatByte (Feb 24, 2009)

ok

open the chameleon folder - make it a little bit smaller so you can see parts of your desktop as well as the chameleon folder (grab the corner of the folder with your mouse pointer till it turns into a diagonal arrow), hold the mouse button down and drag the corner smaller so the window reduces. Now move the window around (click and hold the top bar and the window will move)

make sure you can see the tdsskiller icon on your desktop, now click once on the tdsskiller icon, hold the mouse button down and drag the tdsskiller icon into the chameleon folder and let go, tdsskiller is now in the chameleon folder.

Now to get the driver installed

you need to press the windows key + R to open a run box, now copy/paste the following command into the run box and press enter:

*C:\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o*

The chameleon driver will install

once it has installed - navigate to the chameleon folder again, located the tdsskiller icon and run it

the log it saves will probably save to the chameleon folder


----------



## ratherbeingarden (Aug 8, 2012)

Everything I tried to run, would not run. so I started all over with downloading the programs to the right folders.I got the malwarbytes program to *C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\ *and I got the TDSSkiller in the chameleon folder. i was able to install the chameleon drive, got the black dos screen and it said the driver installed. I tried to run the tdsskiller from there, it starts to go, ask if I want to allow it to make changes, I say yes, click... nothing happens. I downloaded the Tdsskiller from another computer to make sure I was getting a clean download and it ran fine on the non-infected computer.


----------



## CatByte (Feb 24, 2009)

well you gave it a good try.

Please try running Malwarebytes Antimalware from the chameleon folder, that may run.

If not, we have lot's of other tools we can try, we just need one to run so that the machine will be a lot more stable

rkill is designed to kill the rogue process that is killing the tools, so let's try that:

run rkill, then immediately try running the tools you have on hand (tdsskiller, MBAM, ComboFix)

Please download and run the following tool to help allow other programs to run. _(courtesy of BleepingComputer.com)_
There are 6 different versions. If one of them won't run then download and try to run the next one.

*Note:*_ Vista and Windows 7 users need to right click on the file and choose *Run as administrator*_

You only need to get one of them to run, not all of them.


*rkill.exe*
*rkill.com*
*rkill.scr*
*rkill.pif*
*WiNlOgOn.exe*
*uSeRiNiT.exe*

IF rkill doesn't help and the tools still wont run, then move on to OTH and OTL


Please download *OTH.scr* to your desktop.
Now download *OTL* to your desktop.
Double click the *OTH* file and select *Kill All Processes*, your desktop will go blank










Then select *Start OTL*, - *OTL* will now run:

When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Under Custom scan's and fixes section paste in the below in bold


*netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
DRIVES
CREATERESTOREPOINT*​
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.


----------



## ratherbeingarden (Aug 8, 2012)

clicked on the first one and this is what I got.

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/01/2012 03:55:36 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Owner\Desktop\rkill\rkill-09-01-2012-03-55-38.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity: 
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
Searching for Missing Digital Signatures: 
* No issues found.
Program finished at: 09/01/2012 03:55:51 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)


----------



## CatByte (Feb 24, 2009)

ok,

please move on to the OTL scan if you can't get TDSSKiller to run


----------



## ratherbeingarden (Aug 8, 2012)

I downloaded OTH and OTL , selected kill all processes and the desktop did not go blank. Nothing happened


----------



## CatByte (Feb 24, 2009)

did you try running the OTL scan?

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select *All Users*
Under the Custom Scan box paste this in
*netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
DRIVES
CREATERESTOREPOINT*
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Post both logs


----------



## ratherbeingarden (Aug 8, 2012)

From the OTL.TXT-

OTL logfile created on: 9/1/2012 4:37:16 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.53 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.40 Gb Total Space | 725.97 Gb Free Space | 77.94% Space Free | Partition Type: NTFS
Drive F: | 15.11 Gb Total Space | 0.01 Gb Free Space | 0.10% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Owner\Desktop\OTH.scr (OldTimer Tools)
PRC - C:\Program Files (x86)\AOL Desktop 9.6\waol.exe (AOL Inc.)
PRC - C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe (AOL Inc.)
PRC - C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Common Files\AOL\1302653456\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll ()
MOD - C:\Program Files (x86)\AOL Desktop 9.6\components\Tier2Svc.dll ()
MOD - C:\Program Files (x86)\AOL Desktop 9.6\components\DataSvcs.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:*64bit:* - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found
DRV:*64bit:* - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:*64bit:* - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:*64bit:* - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:*64bit:* - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:*64bit:* - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:*64bit:* - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:*64bit:* - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{B1806B17-C951-4C55-9DE8-E10849BF65F3}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3131886.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "Vgrabber1 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3131886&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&q="
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NexonPlugWebExtension: C:\ProgramData\Nexon\NexonPlug\npPlugWire_1.0.0.0.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/16 17:22:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/16 17:22:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Users\Zachary\AppData\Local\Mozilla Firefox\components [2012/08/27 01:43:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Users\Zachary\AppData\Local\Mozilla Firefox\plugins

[2011/08/04 12:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/08/26 15:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qh5r8wy9.default\extensions
[2012/08/25 10:02:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qh5r8wy9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/26 15:58:14 | 000,000,000 | ---D | M] (Vgrabber1) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qh5r8wy9.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
[2012/07/18 20:02:30 | 000,000,911 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qh5r8wy9.default\searchplugins\conduit.xml
[2012/08/25 10:02:07 | 000,698,987 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QH5R8WY9.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - homepage: 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3131886
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npNxGame.dll
CHR - plugin: Nexon Plug Web Extension (Enabled) = C:\ProgramData\Nexon\NexonPlug\npPlugWire_1.0.0.0.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Vgrabber1 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi\2.3.15.10_0\

O1 HOSTS File: ([2012/08/11 17:08:48 | 000,000,813 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:*64bit:* - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:*64bit:* - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1302653456\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8:*64bit:* - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files (x86)\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files (x86)\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9:*64bit:* - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5E68873-0506-4B50-A659-9DFCF53AB685}: DhcpNameServer = 192.168.1.1
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\http\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\https\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-ica - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\ica - No CLSID value found
O18:*64bit:* - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:*64bit:* - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3e2eacd4-60a4-11e0-9ec8-6c626d945973}\Shell - "" = AutoRun
O33 - MountPoints2\{3e2eacd4-60a4-11e0-9ec8-6c626d945973}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{45c1b43b-7e3a-11e0-a862-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{45c1b43b-7e3a-11e0-a862-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/01 16:16:42 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/09/01 16:16:10 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTH.scr
[2012/09/01 15:55:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rkill
[2012/08/31 10:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/31 10:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/29 20:50:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/29 20:46:57 | 004,740,381 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/08/29 20:24:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/29 20:23:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/29 18:20:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/08/26 19:25:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NETGEARGenie
[2012/08/26 19:24:47 | 000,369,168 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll
[2012/08/26 19:24:47 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2012/08/26 19:24:47 | 000,106,000 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\packet.dll
[2012/08/26 19:24:47 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\packet.dll
[2012/08/26 19:24:47 | 000,035,344 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/08/26 17:36:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\IMG_0702
[2012/08/16 21:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/16 21:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/08/16 21:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012/08/16 21:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/08/15 05:26:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 05:26:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 05:26:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 05:26:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 05:26:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 05:26:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 05:26:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 05:26:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 05:26:31 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 05:26:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 05:26:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 05:26:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 05:26:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 05:21:35 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 05:21:34 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 05:21:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 05:21:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 05:21:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 05:21:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 05:21:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 05:21:10 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 05:15:03 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/13 10:56:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/11 16:58:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\backups
[2012/08/08 16:54:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2012/08/08 15:27:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2012/08/08 15:27:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2012/08/08 09:33:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/08/08 09:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/08 09:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2012/08/08 09:12:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/08/07 20:19:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PC Cleaners
[2012/08/07 20:19:37 | 004,269,368 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/08/07 20:19:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PCPro
[2012/08/07 20:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/08/07 18:19:06 | 000,000,000 | ---D | C] -- C:\dygiscF5xiOvetQ
[2012/08/07 18:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MicroST

========== Files - Modified Within 30 Days ==========

[2012/09/01 16:32:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
[2012/09/01 16:17:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1000UA.job
[2012/09/01 16:16:47 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/09/01 16:16:13 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTH.scr
[2012/09/01 16:11:51 | 000,001,480 | ---- | M] () -- C:\Users\Owner\Desktop\Chameleon - Shortcut.lnk
[2012/09/01 16:11:15 | 000,022,080 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 16:11:15 | 000,022,080 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 16:03:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/01 16:03:42 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 16:03:41 | 556,319,321 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/01 15:58:20 | 000,036,168 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/09/01 15:49:56 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
[2012/09/01 15:49:56 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1000Core.job
[2012/09/01 12:44:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
[2012/09/01 12:32:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
[2012/09/01 08:25:37 | 000,729,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/01 08:25:37 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/01 08:25:37 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/31 10:01:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/29 20:47:30 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/08/29 18:21:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/08/29 16:30:00 | 000,001,748 | ---- | M] () -- C:\Users\Owner\Desktop\Word Smith Prompts - Shortcut.lnk
[2012/08/26 19:24:47 | 000,369,168 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll
[2012/08/26 19:24:47 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2012/08/26 19:24:47 | 000,106,000 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\packet.dll
[2012/08/26 19:24:47 | 000,096,784 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\packet.dll
[2012/08/26 19:24:47 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/08/15 06:15:07 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/15 05:33:33 | 005,002,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/08 16:54:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2012/08/07 20:19:13 | 004,269,368 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/08/06 11:41:37 | 000,000,368 | ---- | M] () -- C:\ProgramData\RciTHnZI51X0dT
[2012/08/06 11:41:10 | 000,000,104 | ---- | M] () -- C:\ProgramData\-RciTHnZI51X0dT
[2012/08/06 11:41:10 | 000,000,072 | ---- | M] () -- C:\ProgramData\-RciTHnZI51X0dTr

========== Files Created - No Company Name ==========

[2012/09/01 16:11:51 | 000,001,480 | ---- | C] () -- C:\Users\Owner\Desktop\Chameleon - Shortcut.lnk
[2012/09/01 15:58:20 | 000,036,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/08/31 10:01:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/29 16:30:00 | 000,001,748 | ---- | C] () -- C:\Users\Owner\Desktop\Word Smith Prompts - Shortcut.lnk
[2012/08/26 16:39:12 | 556,319,321 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/10 10:29:13 | 000,000,044 | ---- | C] () -- C:\Users\Owner\Desktop\Track01.cda
[2012/08/10 10:28:41 | 000,000,044 | ---- | C] () -- C:\Users\Owner\Desktop\Track15.cda
[2012/08/06 11:41:10 | 000,000,104 | ---- | C] () -- C:\ProgramData\-RciTHnZI51X0dT
[2012/08/06 11:41:10 | 000,000,072 | ---- | C] () -- C:\ProgramData\-RciTHnZI51X0dTr
[2012/08/06 11:41:06 | 000,000,368 | ---- | C] () -- C:\ProgramData\RciTHnZI51X0dT
[2012/07/13 14:04:19 | 000,000,867 | ---- | C] () -- C:\Windows\SysWow64\msexcr.ini
[2011/12/28 16:53:37 | 000,013,464 | --S- | C] () -- C:\ProgramData\4bhkf64wbau01n8j5pjixpm003636m706n54hh
[2011/12/24 23:58:57 | 000,012,380 | --S- | C] () -- C:\ProgramData\obvkqkha7u3g
[2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/04/23 08:12:56 | 000,000,016 | ---- | C] () -- C:\Users\Owner\persistent_state
[2011/04/16 17:16:14 | 000,231,124 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/04/13 11:44:21 | 000,000,632 | R-S- | C] () -- C:\Users\Owner\ntuser.pol
[2011/04/12 20:08:08 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/07 22:29:07 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/06 11:18:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/01/12 23:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/08/06 16:16:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/06 14:38:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/07 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
[2012/08/07 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MicroST
[2012/01/11 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NeopleLauncherDFO
[2012/08/07 20:19:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Cleaners
[2012/08/07 20:19:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCPro
[2011/10/09 14:53:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PDAppFlex
[2012/04/12 14:37:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stacker
[2012/09/01 12:44:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
[2012/09/01 15:49:56 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
[2012/08/02 16:09:39 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST31000520AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - 
Interface type: USB
Media Type: 
Model: HP Officejet 6500 E USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - 
Interface type: USB
Media Type: 
Model: Sony Card_R/W -CF USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - 
Interface type: USB
Media Type: 
Model: Sony Card_R/W -SM/xD USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 - 
Interface type: USB
Media Type: 
Model: Sony Card_R/W -SD USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 - 
Interface type: USB
Media Type: 
Model: Sony Card_R/W -MS USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE6 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: PNY USB 2.0 FD USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 105906176
Hidden sectors: 0

DeviceID: Disk #6, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 32256
Hidden sectors: 0

< End of report >

From Extras.txt

OTL Extras logfile created on: 9/1/2012 4:37:16 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.53 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.40 Gb Total Space | 725.97 Gb Free Space | 77.94% Space Free | Partition Type: NTFS
Drive F: | 15.11 Gb Total Space | 0.01 Gb Free Space | 0.10% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099E5828-3818-49F0-8037-371C63CEFC90}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0EADB8D0-B689-4DCF-8BFE-3B36CA70209F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F534936-6FCE-4E82-8780-F568A6A7D6CA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{18518842-5F63-44C9-9E24-6255A928BF79}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1940F354-6DD4-4765-A4F4-E80661BE55CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C0CE1B2-235E-49A3-AB65-DFE537D801BC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1E5FD49B-82B7-41A0-A78F-8FE658F22715}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F76637C-28EC-4127-AD00-D0D75064FF7D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2CB2E903-BA2B-4C2B-A513-F3A004E104DE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{313BD2CB-FB51-467B-A5A9-FC63C8111FFA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{55C0E09E-ECD8-40D3-B567-D142861A8312}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74A1298E-33B2-4F05-841A-751244695177}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7BB1A75B-809F-4E63-8E49-4C26193CD8A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A0B945D-882F-4DDC-8388-DA6876E233B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A01CD591-074A-47DE-B25F-E4FA14857C49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA69F6C5-904F-4EC0-8E90-3F7E23113BEC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AEA15B20-CC9F-4EF5-9901-BAC60F67F1C6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B80CACE1-3843-4866-A1EF-4F318DEAD684}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3139FE0-B662-411E-81D6-4F7C7F40C379}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD81C682-A298-430B-AA55-7E044C48C72A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA81D300-2A80-4887-9602-DD8F48137B45}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DCC89B0D-80BB-466F-BF29-BD5672306E87}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E3C55332-401E-4809-84FB-7C124BCC54D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E5C849E9-C28F-443D-8EC7-9206EDDECC84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{EE9D25BB-F267-4C23-9C9B-3E753776AB80}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F8050416-2940-4219-B87B-E8F0ACA85FDD}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E726F9-29DA-4350-93FA-E086053EDA1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{08FA18D6-919F-4C74-ABE6-429C2C625456}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{16E93570-9572-4BFB-9240-FEF0979FACF0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1827B7CB-2677-48DA-BA15-46647D40DC5F}" = protocol=6 | dir=in | app=c:\nexon\nexonplug\nmservice.exe | 
"{1B1D6AC9-C377-4A56-9690-C7773B1A5335}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{1E3E53EB-8859-49DB-95A4-BC8AB42665CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{21437682-8BDE-46AB-B953-BF2ECF203021}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{236E5759-14FB-49DC-B572-98DF51893DFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{28F761B5-4EE7-4B3C-8CB8-365C558C8AD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{2AE5572E-EBF2-4A07-8E45-2D5A3A01AEDE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{2F12C8EA-F986-465A-8FED-37C62FFB5707}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{35BA5538-D145-448F-9673-DCC72FE80D69}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{360573D4-E0AC-44E1-8033-E93D25D5D2E3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{3DB0D689-263C-4E33-9382-401CDCDAF067}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{424BF795-4C3D-420E-B725-DD94EFA8B794}" = protocol=58 | dir=in | [email protected],-28545 | 
"{45914A2F-678C-42DF-8ED5-930FC5D9F7FF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{49AE5187-32E9-48CB-AF4D-193922F44BA4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4B14044B-2BFD-42B7-AF0C-C5785C28BF36}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe | 
"{4F337E3A-EEB2-4E9C-8345-BA386C955B2A}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe | 
"{52A3CBB3-B820-4949-A7C3-78F1D81C5A88}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe | 
"{56AE0A2F-5A80-4A2F-A1A4-4880C5BC5A8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A3616A6-B164-4221-975C-B13D0F2FAA43}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{5CA656EC-DFC7-4CAC-897E-2A1504CD54BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{60927AD8-D3DD-4C6E-A7C1-45D83D55A2F4}" = protocol=17 | dir=in | app=c:\users\zachary\desktop\facemoods.exe | 
"{61C09BB3-E697-47C1-B354-599567CC8DC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6206380F-34C8-40C3-A7DB-199AF4381744}" = protocol=1 | dir=in | [email protected],-28543 | 
"{66499250-4694-4059-BCD4-EAE929D3C8C3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{6A1EDD2D-3C75-4D5B-BDB1-3E846136CF2F}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe | 
"{6C0396E0-82D0-421E-88E6-34D23DFC77D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{6D11E72D-A565-4D38-9804-7EB0A193B81E}" = protocol=6 | dir=in | app=c:\users\zachary\desktop\facemoods.exe | 
"{6DDCBD01-DF8D-46EB-878C-1F4EADD667CB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6E6CF1A3-C179-4F5E-8C92-49E703BDFCD3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{72AC30AB-B328-4B44-B37C-7E85D8592925}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{747FB27D-B3C1-40FC-975A-1FE01F6F6C82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{7779B775-95BD-4DE3-B519-AB24C17E71D3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7C417E02-6FF4-42C4-86CF-63FF4848855B}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe | 
"{7E37268B-22C5-4CB3-932A-2C6ACDEA2965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E639F14-B78E-455C-AD7D-C4726E073C32}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{8206A583-379B-48B7-982C-E92DD1CA94BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{854C5BB5-C2CF-4E0B-9EC7-113017988A82}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{862628F2-B0FA-47BE-AB44-AE68F63AB040}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95BD9E11-42F0-485B-A6E9-99BB364B062C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1302653456\ee\aolsoftware.exe | 
"{9F3DCB05-0C70-4032-8DF9-7DB1BAC4BC5B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{9F9680F4-766F-4917-B098-065CDD24BD31}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A1F15222-9B5A-40F8-A6E0-93A299145001}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A2C1A989-3886-4F95-8C81-AFE78540891A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{A3099DBA-B57C-4836-8013-E4CFFB8506AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{A7016E6E-FD7E-46E0-B691-96E3A10B4CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1302653456\ee\aolsoftware.exe | 
"{B2069D17-0080-4A8B-9B54-9F4D51C579FA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{B3148C5A-CB4E-4718-B8DE-0335B23EFDAF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{B56FAD60-0CBE-4ED9-B9A1-37D70181DA73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{B585A91E-E35A-40F3-AE91-70E2BE7F0098}" = protocol=6 | dir=out | app=system | 
"{B8A47FFA-CE96-4CD6-AD5E-D10552F2D400}" = protocol=1 | dir=out | [email protected],-28544 | 
"{BE6B92B5-32AC-46BB-B64F-1CF28D50E29F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C20499C1-AB9E-4B37-A2C7-8648B79B3F15}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{C71FFE48-F5C1-4979-A765-74D1724684DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA1357E6-AF23-423F-B639-AFFC09FBFEC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{CADBEB13-A6BC-4638-AD19-09B2A737F74A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CC6834E7-81EF-44F6-81E9-5FB4F900FC2C}" = protocol=17 | dir=in | app=c:\nexon\nexonplug\nmservice.exe | 
"{CF9E459C-64A2-4D57-9676-ED08F56FE816}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{DAF12825-37B7-4C59-B447-81034724A2E0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{DB8321EC-4B33-4E45-A426-84E84DE00865}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{E2194B87-A292-4BB8-B59A-82842DB3719F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{E5842EFB-1A5C-40B9-BAEC-F4A996574D8B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9BE9AA4-6798-400F-9E47-1D13F732AF1F}" = protocol=58 | dir=out | [email protected],-28546 | 
"{EB7C8DFA-3D5E-4D33-A8F6-8CF3ADD2F4DD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EEDFB26C-9F95-48E7-9683-303C6A5B5659}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{EF4E69D4-B70E-4D02-9DDD-ADD0B329E4F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3C4EAE0-6437-4B63-955B-842306A3BDE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6BD6870-4D12-4ABC-8FB4-B4CF5A7DC597}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{FA8D5A9A-2718-43A0-ADBB-38F3565C4F07}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe | 
"TCP Query User{0E824DD4-F574-4C03-A55B-CB4FF8BF5A9D}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"TCP Query User{30BACE86-FC06-4AB0-AF5B-2CA0DF5A5BF7}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"TCP Query User{32FF15C8-39EE-4DD7-A367-4F69ABB18A9B}C:\users\zachary\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\zachary\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{50EF5C01-1D3B-4A89-B18C-D4DB848396B8}C:\users\zachary\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\zachary\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{5C4154CE-BB20-47AD-9950-2A6814E73950}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | 
"TCP Query User{6261CB5E-7389-4A4F-9DCD-35793F31B022}C:\users\zachary\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\zachary\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B21B9E24-A5F3-49C6-A7F6-2B1FC8240D87}C:\program files\verizon v cast media manager\verizon.exe" = protocol=6 | dir=in | app=c:\program files\verizon v cast media manager\verizon.exe | 
"TCP Query User{D940CC25-E6F5-4720-A925-18887583189D}C:\users\woody\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\woody\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"TCP Query User{DE84CF23-BFAA-42AF-81B9-6FF9EA6F9C74}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | 
"TCP Query User{ED5B6BE1-E2F0-4BA4-8836-5118E2ECE47F}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe | 
"TCP Query User{F541F280-5F3F-4955-BFFB-7B5E7D516D38}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{108F967E-8711-48EC-BA67-3CC4892E39FD}C:\users\zachary\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\zachary\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{5C7C19F1-A694-45C9-B1C6-54DA27016EF3}C:\users\zachary\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\zachary\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{6A68ED2D-0920-4A29-B3C5-5409CCF55271}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"UDP Query User{6D2D1F61-5B1B-4242-A10A-0653A5D07699}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"UDP Query User{6E1C752E-09A1-4249-835A-CBC90314FF8C}C:\program files\verizon v cast media manager\verizon.exe" = protocol=17 | dir=in | app=c:\program files\verizon v cast media manager\verizon.exe | 
"UDP Query User{7B4C307F-C2B4-4F52-B929-5E6035550626}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | 
"UDP Query User{8B96C965-473C-4688-9B95-1CD439041326}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | 
"UDP Query User{B5ADA3AD-E2F1-4536-874F-08729F08E0BE}C:\users\woody\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\woody\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"UDP Query User{EF0C0FA6-3554-4C13-80D5-967369BE64CF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{F5017D92-109D-4FA7-9856-C985DA69F3F4}C:\users\zachary\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\zachary\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{FF4AAE01-D5F6-4687-A1C0-6B01FB34AEE2}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{47B188E2-2447-5C40-15B6-9D49DC90BF5B}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5F143175-13D3-5AE8-5AE9-262C6D60F994}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D7B6A47A-3DC9-64FE-BFD0-ED02F036D539}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C5EA394-1033-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E884205-E3A3-55F3-2EE2-0E39F8E6CCED}" = Catalyst Control Center Graphics Previews Common
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9329BA0E-DD91-D33E-B73F-AA5179C53736}" = Catalyst Control Center
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD5D6437-94F6-C8F4-AF1B-B1658E0CB8F7}" = CCC Help English
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE67883D-6A00-4E71-9139-3310EE07C521}" = Facebook Messenger 2.1.4623.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AudibleDownloadManager" = Audible Download Manager
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"DragonNest" = DragonNest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"WJ III Normative Update Compuscore and Profiles Program" = WJ III Normative Update Compuscore and Profiles Program

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 16

Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17

Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 12/2/2011 12:27:15 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 12/2/2011 7:08:31 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 7/5/2011 11:54:32 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 11:54:27 AM - Error connecting to the internet. 11:54:27 AM - Unable
to contact server..

[ System Events ]
Error - 9/1/2012 4:03:48 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:59:43 PM on ?9/?1/?2012 was unexpected.

Error - 9/1/2012 4:03:54 PM | Computer Name = Owner-PC | Source = BugCheck | ID = 1001
Description =

Error - 9/1/2012 4:04:04 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 9/1/2012 4:06:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 9/1/2012 4:06:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 9/1/2012 4:19:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly. 
It has done this 1 time(s).

Error - 9/1/2012 4:19:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/1/2012 4:19:44 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It 
has done this 1 time(s).

Error - 9/1/2012 4:20:57 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/1/2012 4:23:34 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It 
has done this 2 time(s).

< End of report >


----------



## CatByte (Feb 24, 2009)

Please run the following:

Run *OTL.exe*

Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
[2012/08/08 09:12:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/08/07 18:19:06 | 000,000,000 | ---D | C] -- C:\dygiscF5xiOvetQ
[2012/08/07 18:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MicroST
[2012/08/06 11:41:37 | 000,000,368 | ---- | M] () -- C:\ProgramData\RciTHnZI51X0dT
[2012/08/06 11:41:10 | 000,000,104 | ---- | M] () -- C:\ProgramData\-RciTHnZI51X0dT
[2012/08/06 11:41:10 | 000,000,072 | ---- | M] () -- C:\ProgramData\-RciTHnZI51X0dTr
[2011/12/28 16:53:37 | 000,013,464 | --S- | C] () -- C:\ProgramData\4bhkf64wbau01n8j5pjixpm003636m706n54hh
[2011/12/24 23:58:57 | 000,012,380 | --S- | C] () -- C:\ProgramData\obvkqkha7u3g
:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL log

Once you have completed the fix with OTL

please run TDSSKiller and ComboFix

(they should both run successfully now)


----------



## ratherbeingarden (Aug 8, 2012)

Got combofix to run; here is the log, it took hours. I will try TDSSkiller next

ComboFix 12-08-31.08 - Owner 09/01/2012 22:02:05.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2882 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 02:36 . 2012-09-02 02:36 -------- d-----w- c:\users\Zachary\AppData\Local\temp
2012-09-02 02:36 . 2012-09-02 02:36 -------- d-----w- c:\users\Woody\AppData\Local\temp
2012-09-02 02:36 . 2012-09-02 02:36 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2012-09-02 02:36 . 2012-09-02 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 22:29 . 2012-09-01 22:29 -------- d-----w- C:\_OTL
2012-09-01 19:58 . 2012-09-01 19:58 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-09-01 14:46 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E41111F-836A-4578-B8E1-63821C78749C}\mpengine.dll
2012-08-31 14:02 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-31 14:01 . 2012-08-31 14:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-27 01:11 . 2012-08-27 01:41 -------- d-----w- c:\users\Woody\AppData\Local\NETGEARGenie
2012-08-26 23:25 . 2012-08-27 22:51 -------- d-----w- c:\users\Owner\AppData\Local\NETGEARGenie
2012-08-26 23:24 . 2012-08-26 23:24 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-08-26 23:24 . 2012-08-26 23:24 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-08-26 23:24 . 2012-08-26 23:24 106000 ----a-w- c:\windows\system32\packet.dll
2012-08-18 14:51 . 2012-08-18 14:51 -------- d-----w- c:\users\Woody\AppData\Roaming\Malwarebytes
2012-08-17 01:55 . 2012-08-17 19:09 -------- d-----w- c:\users\Woody\AppData\Local\Google
2012-08-17 01:54 . 2012-08-29 22:40 -------- d-----w- c:\program files\Google
2012-08-17 01:50 . 2012-08-17 01:50 -------- d-----w- c:\program files (x86)\LG Electronics
2012-08-17 01:50 . 2012-08-17 01:50 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-08-15 09:21 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 09:21 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 09:21 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 09:21 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 09:21 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 09:21 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 09:21 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 09:21 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 09:21 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 09:21 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 09:21 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 09:21 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 19:27 . 2012-08-08 19:27 -------- d-----w- c:\users\Owner\AppData\Local\Apps
2012-08-08 19:27 . 2012-08-08 19:27 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
2012-08-08 13:33 . 2012-08-08 13:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-08-08 13:32 . 2012-08-08 13:32 -------- d-----w- c:\programdata\Malwarebytes
2012-08-08 13:16 . 2012-08-08 19:05 -------- d-----w- c:\programdata\W3i
2012-08-08 02:15 . 2012-08-08 19:05 -------- d-----w- c:\users\Hannah\AppData\Roaming\PC Cleaners
2012-08-08 02:15 . 2012-08-08 02:15 -------- d-----w- c:\users\Hannah\AppData\Roaming\PCPro
2012-08-08 02:11 . 2012-08-08 19:05 -------- d-----w- c:\users\Zachary\AppData\Roaming\PC Cleaners
2012-08-08 02:11 . 2012-08-08 02:11 -------- d-----w- c:\users\Zachary\AppData\Roaming\PCPro
2012-08-08 01:55 . 2012-08-08 19:05 -------- d-----w- c:\users\Woody\AppData\Roaming\PC Cleaners
2012-08-08 01:55 . 2012-08-08 01:55 -------- d-----w- c:\users\Woody\AppData\Roaming\PCPro
2012-08-08 00:44 . 2012-08-08 01:55 -------- d-----w- c:\users\Woody\AppData\Local\LogMeIn Rescue Applet
2012-08-08 00:19 . 2012-08-08 00:19 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Cleaners
2012-08-08 00:19 . 2012-08-08 00:19 -------- d-----w- c:\users\Owner\AppData\Roaming\PCPro
2012-08-08 00:19 . 2012-08-08 00:19 4269368 ----a-w- c:\windows\uninst.exe
2012-08-08 00:19 . 2012-08-08 00:19 -------- d-----w- c:\programdata\PC1Data
2012-08-05 19:12 . 2012-08-05 19:12 -------- d-----w- c:\users\Zachary\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 09:22 . 2011-04-06 15:38 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-01 18:22 . 2012-07-01 18:22 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-09 05:43 . 2012-07-11 12:35 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 12:35 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 12:35 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 12:34 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 12:35 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 12:35 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 12:34 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( [email protected]_01.31.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-02 01:50 61746 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-02 01:50 37372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-06 15:20 . 2012-09-02 01:50 17018  c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4183818831-1049963728-4091137164-1000_UserData.bin
- 2012-09-01 23:26 . 2012-09-01 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-02 02:40 . 2012-09-02 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-01 23:26 . 2012-09-01 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-02 02:40 . 2012-09-02 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-01 23:23 494960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-02 02:37 494960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-01 04:02 . 2012-09-02 01:45 5023128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1003-8192.dat
+ 2011-08-05 04:46 . 2012-09-02 02:37 24942764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1000-8192.dat
- 2011-08-05 04:46 . 2012-09-01 23:23 24942764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1302653456\ee\AOLSoftware.exe" [2010-03-08 41800]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Zachary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Owner\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe [N/A]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-09-01 36168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-24 53488]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 9258496]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
- c:\users\Zachary\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 16:39]
.
2012-09-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
- c:\users\Zachary\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 16:39]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-17 18:53]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-17 18:53]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 21:06]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 21:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~2\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-combofix - c:\combofix\CF25385.3XE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-09-01 23:20:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 03:20
.
Pre-Run: 785,110,433,792 bytes free
Post-Run: 784,805,900,288 bytes free
.
- - End Of File - - BF91E5BBB2C5CBE0355CAB55D9E86E77


----------



## ratherbeingarden (Aug 8, 2012)

And the TDSSkileer still will not run. I right click on it, run as administrator, the cirlce thing spins..it thinks... and then nothing.


----------



## CatByte (Feb 24, 2009)

try renaming it to a random name 123.exe etc.

and run it in safemode

To Enter Safemode 

Go to *Start> Shut off your Computer> Restart*
As the computer starts to boot-up, Tap the *F8 KEY* repeatedly,
this will bring up a *menu.*
Use the *Up and Down Arrow Keys* to scroll up to *Safemode *
Then press the *Enter Key* on your Keyboard 
go into your usual account


----------



## ratherbeingarden (Aug 8, 2012)

Although I have tried repeatedly to get my computer to enter the DOS mode when booting up and was unsucessful, I tried again thinking we might have cleared a bug out. However, I tried again and all that I can get into is the boot configuaration by pressing "shift+ F10". I have tried every "F" key there is to try. Is there another way to enter the safe mode?


----------



## CatByte (Feb 24, 2009)

no, the only way to do it is by a rythmic tapping of F8 until the option menu appears

what happens when you tap F8 when you boot up?


----------



## ratherbeingarden (Aug 8, 2012)

It boots up as it always does, no hesitation at all. I'm tap, tatp, tapping....the whole time.

Buisness as usual... nothing different.


----------



## CatByte (Feb 24, 2009)

ok,

well try renaming tdsskiller and run it in normal mode

if it still wont run, try this tool:

Download *RogueKiller* to your desktop

1. Quit all running programs
2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
3. The RKreport.txt shall be generated next to the executable.
4. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


----------



## ratherbeingarden (Aug 8, 2012)

Okay rogue killer ran. It is now falshing a caution trainanel with "root MBR". i cannot cut and paste the list in generated.


----------



## ratherbeingarden (Aug 8, 2012)

*Flashing* a caution *triangle*. I cannot copy and paste the list *it* generated.


----------



## CatByte (Feb 24, 2009)

please retry aswMBR


Please download *aswMBR.exe* and save it to your desktop.

Double click *aswMBR.exe* to start the tool. 
When asked if you want to download *Avast's* virus definitions please select *Yes*.

Click *Scan*

Upon completion of the scan, click *Save log* and save it to your desktop, and post that log in your next reply for review. * Note - do NOT attempt any Fix yet. *

You will also notice another file created on the desktop named *MBR.dat*. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


----------



## ratherbeingarden (Aug 8, 2012)

aswMBR.exe will not run. It starts to, asks if I will allow it to make changes, and then nothing happens.


----------



## ratherbeingarden (Aug 8, 2012)

and rogue killer is still on my desktop flashing away.


----------



## CatByte (Feb 24, 2009)

close it out in task manager (ctrl + alt + del)

look for roguekiller.exe and end the process

try running aswMBR from the chameleon folder

if it still wont run

try this

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press *N* then press *Enter* twice.
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. 
Please post the contents of that file.


----------



## ratherbeingarden (Aug 8, 2012)

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line: 
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
System Product Name: MS-7549
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 193):
0x0300B000 \SystemRoot\system32\ntoskrnl.exe
0x035F3000 \SystemRoot\system32\hal.dll
0x00BAB000 \SystemRoot\system32\kdcom.dll
0x00C5D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C6A000 \SystemRoot\system32\PSHED.dll
0x00C7E000 \SystemRoot\system32\CLFS.SYS
0x00CDC000 \SystemRoot\system32\CI.dll
0x00EA1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F45000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F54000 \SystemRoot\system32\drivers\ACPI.sys
0x00FAB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FB4000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FBE000 \SystemRoot\system32\drivers\pci.sys
0x00FF1000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E86000 \SystemRoot\system32\drivers\pciide.sys
0x00E8D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00D9C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DB6000 \SystemRoot\system32\drivers\atapi.sys
0x00DBF000 \SystemRoot\system32\drivers\ataport.SYS
0x00DE9000 \SystemRoot\system32\drivers\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
0x01014000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01049000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01055000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01203000 \SystemRoot\System32\Drivers\msrpc.sys
0x01261000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0127C000 \SystemRoot\System32\Drivers\cng.sys
0x012EE000 \SystemRoot\System32\drivers\pcw.sys
0x012FF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01309000 \SystemRoot\system32\drivers\ndis.sys
0x0141D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0147D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0162B000 \SystemRoot\System32\drivers\tcpip.sys
0x0182E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01878000 \SystemRoot\system32\drivers\volsnap.sys
0x018C4000 \SystemRoot\System32\Drivers\spldr.sys
0x018CC000 \SystemRoot\System32\drivers\rdyboost.sys
0x01906000 \SystemRoot\System32\Drivers\mup.sys
0x01918000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01921000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0195B000 \SystemRoot\system32\drivers\disk.sys
0x01971000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019D7000 \SystemRoot\System32\Drivers\Null.SYS
0x019E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x019E7000 \SystemRoot\System32\drivers\vga.sys
0x014A7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x014CC000 \SystemRoot\System32\drivers\watchdog.sys
0x019F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x014DC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x014E5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x014EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x014F9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0150A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0152C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01539000 \SystemRoot\system32\drivers\afd.sys
0x04049000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0408E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04099000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x040A2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040D7000 \SystemRoot\system32\DRIVERS\serial.sys
0x040F4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0410F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04123000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04174000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04180000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0418B000 \SystemRoot\System32\drivers\discache.sys
0x0419A000 \SystemRoot\System32\Drivers\dfsc.sys
0x041B8000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0x041D3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04026000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x0429A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04803000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x042E9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0512A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05170000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05194000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x051C6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x051D3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x051DE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x051EF000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04256000 \SystemRoot\system32\DRIVERS\parport.sys
0x04273000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0427C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x043DD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x015C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04496000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x044C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x044E0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04501000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0451B000 \SystemRoot\system32\DRIVERS\wanatw64.sys
0x04527000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04536000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04545000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04547000 \SystemRoot\system32\DRIVERS\ks.sys
0x0458A000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x0459E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04400000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0445A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0446F000 \SystemRoot\system32\drivers\AtihdW76.sys
0x045B0000 \SystemRoot\system32\drivers\portcls.sys
0x060CD000 \SystemRoot\system32\drivers\drmk.sys
0x060EF000 \SystemRoot\system32\drivers\ksthunk.sys
0x060F5000 \SystemRoot\system32\drivers\HdAudio.sys
0x06151000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0616E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0617C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06188000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06191000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x061A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x061C1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x061C3000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x061D4000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x061E0000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x06000000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x06028000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06043000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x0604D000 \SystemRoot\System32\drivers\Dxapi.sys
0x06059000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06067000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06080000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06089000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06097000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x060A4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x019A1000 \SystemRoot\system32\drivers\luafv.sys
0x03849000 \SystemRoot\system32\drivers\WudfPf.sys
0x0386A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0387F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03897000 \SystemRoot\System32\Drivers\fastfat.SYS
0x038CD000 \SystemRoot\system32\drivers\HTTP.sys
0x03996000 \SystemRoot\system32\DRIVERS\bowser.sys
0x039B4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x039CC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x074E9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07537000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07400000 \SystemRoot\system32\drivers\peauth.sys
0x074A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x074B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0755B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0756D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07AAF000 \SystemRoot\System32\DRIVERS\srv.sys
0x07A71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x006F0000 \SystemRoot\System32\cdd.dll
0x778F0000 \Windows\System32\ntdll.dll
0x47890000 \Windows\System32\smss.exe
0xFFC10000 \Windows\System32\apisetschema.dll
0xFF9A0000 \Windows\System32\autochk.exe
0xFFB60000 \Windows\System32\clbcatq.dll
0xFFB40000 \Windows\System32\imagehlp.dll
0xFFA60000 \Windows\System32\oleaut32.dll
0x776E0000 \Windows\System32\iertutil.dll
0xFF930000 \Windows\System32\rpcrt4.dll
0xFEBA0000 \Windows\System32\shell32.dll
0xFEAC0000 \Windows\System32\advapi32.dll
0xFEA60000 \Windows\System32\Wldap32.dll
0x77AC0000 \Windows\System32\psapi.dll
0x77AB0000 \Windows\System32\normaliz.dll
0xFE9E0000 \Windows\System32\difxapi.dll
0xFE910000 \Windows\System32\usp10.dll
0xFE8A0000 \Windows\System32\gdi32.dll
0xFE800000 \Windows\System32\msvcrt.dll
0xFE7B0000 \Windows\System32\ws2_32.dll
0xFE790000 \Windows\System32\sechost.dll
0xFE780000 \Windows\System32\lpk.dll
0x77580000 \Windows\System32\wininet.dll
0x77460000 \Windows\System32\kernel32.dll
0xFE750000 \Windows\System32\imm32.dll
0xFE640000 \Windows\System32\msctf.dll
0xFE5C0000 \Windows\System32\shlwapi.dll
0x77360000 \Windows\System32\user32.dll
0xFE520000 \Windows\System32\comdlg32.dll
0xFE310000 \Windows\System32\ole32.dll
0xFE300000 \Windows\System32\nsi.dll
0xFE120000 \Windows\System32\setupapi.dll
0x77210000 \Windows\System32\urlmon.dll
0xFE100000 \Windows\System32\devobj.dll
0xFE0C0000 \Windows\System32\wintrust.dll
0xFE020000 \Windows\System32\comctl32.dll
0xFDEB0000 \Windows\System32\crypt32.dll
0xFDE40000 \Windows\System32\KernelBase.dll
0xFDE00000 \Windows\System32\cfgmgr32.dll
0xFDDF0000 \Windows\System32\msasn1.dll
Processes (total 64):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
384 csrss.exe
456 C:\Windows\System32\wininit.exe
492 csrss.exe
516 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\svchost.exe
832 C:\Program Files\Microsoft Security Client\MsMpEng.exe
940 C:\Windows\System32\atiesrxx.exe
972 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
316 C:\Windows\System32\svchost.exe
476 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\atieclxx.exe
1404 C:\Windows\System32\spoolsv.exe
1492 C:\Windows\System32\svchost.exe
1596 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1656 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1684 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1708 C:\Program Files\Bonjour\mDNSResponder.exe
1764 C:\Windows\System32\svchost.exe
1800 C:\Windows\SysWOW64\svchost.exe
1972 C:\Windows\System32\svchost.exe
1992 C:\Windows\System32\svchost.exe
1060 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1256 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1016 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2312 C:\Windows\System32\svchost.exe
2528 C:\Windows\System32\svchost.exe
2980 C:\Windows\System32\taskhost.exe
2628 C:\Windows\System32\dwm.exe
2664 C:\Windows\explorer.exe
2860 C:\Program Files\Microsoft Security Client\msseces.exe
2888 C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
3100 C:\Program Files (x86)\Common Files\AOL\1302653456\ee\aolsoftware.exe
3464 C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
3564 C:\Windows\System32\SearchIndexer.exe
3884 C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
2320 C:\Windows\System32\svchost.exe
3856 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2660 csrss.exe
3944 C:\Windows\System32\winlogon.exe
3676 C:\Windows\System32\atieclxx.exe
3980 taskhost.exe
3336 dwm.exe
1224 explorer.exe
1896 msseces.exe
1932 aolsoftware.exe
2552 concentr.exe
484 mbamgui.exe
4124 wfcrun32.exe
1840 C:\Windows\System32\LogonUI.exe
1924 C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
1876 C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
3608 C:\Windows\System32\audiodg.exe
3824 C:\Users\Owner\Desktop\MBRCheck.exe
1292 C:\Windows\System32\conhost.exe
1040 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
PhysicalDrive0 Model Number: ST31000520AS, Rev: CC32 
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
Done!


----------



## CatByte (Feb 24, 2009)

Please do the following:

Please follow these instructions very carefully:


Run *MBRCheck.exe*
Wait until you see the following line: *Enter 'Y' and hit ENTER for more options, or 'N' to exit:*
Please push the 'Y' key and then press Enter
When program ask you *Enter your choice:* enter *2* and press the Enter key
Now the program will ask you *"Enter the physical disk number to fix (0-99, -1 to cancel):"*
Enter *0* and press the Enter key.
The program will show *Available MBR codes:*, followed by a list of operating systems. Please enter *5* for Windows 7 and then press *Enter.*
The program will prompt for confirmation. Type *'YES'* and hit *Enter*.
Left click on the title bar (where program name and path is written).
From menu chose *Edit -> Select All*
Hit the *Enter* key on your keyboard to copy selected text.
Paste that text into Notepad, save it to your desktop as *"MBRCheck results.txt"*
Important! *Restart your PC* for the fix to take effect.
Post the contents of the *MBRCheck results log* in your next reply


----------



## ratherbeingarden (Aug 8, 2012)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
System Product Name: MS-7549
Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

 Size Device Name MBR Status
 --------------------------------------------
 931 GB \\.\PhysicalDrive0 MBR Code Faked!
 SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
 [1] Dump the MBR of a physical disk to file.
 [2] Restore the MBR of a physical disk with a standard boot code.
 [3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
 [ 0] Default (Windows 7)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...


----------



## CatByte (Feb 24, 2009)

very good,

did you reboot the computer?

Please see if either TDSSKiller os aswMBR will now run


----------



## ratherbeingarden (Aug 8, 2012)

yes I did the reboot and no , both programs still will not run.


----------



## ratherbeingarden (Aug 8, 2012)

Why do these programs only show up in the chameleon folders and on my desktop but not in the programs folder in the control panal?


----------



## CatByte (Feb 24, 2009)

because they have been moved into the chameleon folder, they are not installed on your machine

please see if malwarebytes will run


----------



## ratherbeingarden (Aug 8, 2012)

yes malware will still run


----------



## CatByte (Feb 24, 2009)

please update the definitions, run a quick scan and post the new log

thanks


----------



## ratherbeingarden (Aug 8, 2012)

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.03.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
Protection: Disabled
9/2/2012 10:07:29 PM
mbam-log-2012-09-02 (22-07-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260244
Time elapsed: 1 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## CatByte (Feb 24, 2009)

please re-run ComboFix, allow it to update if it asks to do so


----------



## ratherbeingarden (Aug 8, 2012)

Combofix took all night.when I last checked, it was generating a log. This morning, the computer had shut down and restarted. There was no log displayed. I went to sign on the internet and now I have lost the ability to access the internet. I,m now sending this with my phone. The computer is real slow. There was an error messagefrom malware. "Failed to perform desired action. Error code:2"


----------



## CatByte (Feb 24, 2009)

ComboFix will give that error sometimes

re-run ComboFix, reboot and see if you have your connection back


----------



## ratherbeingarden (Aug 8, 2012)

Well, I think we finally killed the computer. I have about a five minute window after it boots up ( which takes minutes not seconds) before it locks up. I was able to start ComboFix and after an hour it sated, " ComboFix is preparing. GREP memory exhausted. The system cannot execute the specified program. Attempting to create a nes System Restore point.The system cannot execute the specified program.The system cannot execute the specified program"

I cannot get on the internet. I'm having to use someone else's computer or my phone to relay these messages to you.


----------



## CatByte (Feb 24, 2009)

you have a boot sector virus on board

it has been battling us all the way but shutting down TDSSKiller and aswMBR and not allowing you to boot into the recovery options or even to boot into safe mode

do you have a recovery disk or the installation disk

as to be honest, it is probably better to reformat the computer as it is proving extremely difficult to try and repair

if you do get back into your computer

try one last time to get TDSSKiller to run

I assume it is still in the chameleon folder

let's make sure the chameleon drivers are properly installed

open a run box

(windows key + R) and copy paste the following command

*"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o*

if nothing happens use this command

*"C:\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o*

now try launching TDSSKiller from the chameleon folder


----------



## ratherbeingarden (Aug 8, 2012)

I went back to the computer to try the latest and low and behold, the comboFix log as there.
ComboFix 12-09-01.01 - Owner 09/04/2012 12:20:02.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1827 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 16:54 . 2012-09-04 16:54 -------- d-----w- c:\users\Zachary\AppData\Local\temp
2012-09-04 16:54 . 2012-09-04 16:54 -------- d-----w- c:\users\Woody\AppData\Local\temp
2012-09-04 16:54 . 2012-09-04 16:54 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2012-09-04 16:54 . 2012-09-04 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 14:51 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B6C1FBC-B651-4A90-82EE-8A0576323142}\mpengine.dll
2012-09-01 22:29 . 2012-09-01 22:29 -------- d-----w- C:\_OTL
2012-09-01 19:58 . 2012-09-01 19:58 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-09-01 14:46 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-31 14:01 . 2012-08-31 14:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-27 01:11 . 2012-08-27 01:41 -------- d-----w- c:\users\Woody\AppData\Local\NETGEARGenie
2012-08-26 23:25 . 2012-08-27 22:51 -------- d-----w- c:\users\Owner\AppData\Local\NETGEARGenie
2012-08-26 23:24 . 2012-08-26 23:24 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-08-26 23:24 . 2012-08-26 23:24 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-08-26 23:24 . 2012-08-26 23:24 106000 ----a-w- c:\windows\system32\packet.dll
2012-08-18 14:51 . 2012-08-18 14:51 -------- d-----w- c:\users\Woody\AppData\Roaming\Malwarebytes
2012-08-17 01:55 . 2012-08-17 19:09 -------- d-----w- c:\users\Woody\AppData\Local\Google
2012-08-17 01:54 . 2012-08-29 22:40 -------- d-----w- c:\program files\Google
2012-08-17 01:50 . 2012-08-17 01:50 -------- d-----w- c:\program files (x86)\LG Electronics
2012-08-17 01:50 . 2012-08-17 01:50 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-08-15 09:21 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 09:21 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 09:21 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 09:21 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 09:21 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 09:21 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 09:21 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 09:21 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 09:21 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 09:21 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 09:21 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 09:21 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 19:27 . 2012-08-08 19:27 -------- d-----w- c:\users\Owner\AppData\Local\Apps
2012-08-08 19:27 . 2012-08-08 19:27 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
2012-08-08 13:33 . 2012-08-08 13:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-08-08 13:32 . 2012-08-08 13:32 -------- d-----w- c:\programdata\Malwarebytes
2012-08-08 13:16 . 2012-08-08 19:05 -------- d-----w- c:\programdata\W3i
2012-08-08 02:15 . 2012-08-08 19:05 -------- d-----w- c:\users\Hannah\AppData\Roaming\PC Cleaners
2012-08-08 02:15 . 2012-08-08 02:15 -------- d-----w- c:\users\Hannah\AppData\Roaming\PCPro
2012-08-08 02:11 . 2012-08-08 19:05 -------- d-----w- c:\users\Zachary\AppData\Roaming\PC Cleaners
2012-08-08 02:11 . 2012-08-08 02:11 -------- d-----w- c:\users\Zachary\AppData\Roaming\PCPro
2012-08-08 01:55 . 2012-08-08 19:05 -------- d-----w- c:\users\Woody\AppData\Roaming\PC Cleaners
2012-08-08 01:55 . 2012-08-08 01:55 -------- d-----w- c:\users\Woody\AppData\Roaming\PCPro
2012-08-08 00:44 . 2012-08-08 01:55 -------- d-----w- c:\users\Woody\AppData\Local\LogMeIn Rescue Applet
2012-08-08 00:19 . 2012-08-08 00:19 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Cleaners
2012-08-08 00:19 . 2012-08-08 00:19 -------- d-----w- c:\users\Owner\AppData\Roaming\PCPro
2012-08-08 00:19 . 2012-08-08 00:19 4269368 ----a-w- c:\windows\uninst.exe
2012-08-08 00:19 . 2012-08-08 00:19 -------- d-----w- c:\programdata\PC1Data
2012-08-05 19:12 . 2012-08-05 19:12 -------- d-----w- c:\users\Zachary\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 09:22 . 2011-04-06 15:38 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-01 18:22 . 2012-07-01 18:22 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-09 05:43 . 2012-07-11 12:35 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( [email protected]_01.31.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-01 20:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-04 14:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-01 20:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-04 14:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-01 20:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-04 14:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-09-03 14:44 62402 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-04 14:54 37452 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-06 15:20 . 2012-09-04 12:17 17134 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4183818831-1049963728-4091137164-1000_UserData.bin
- 2011-04-14 19:53 . 2012-08-06 17:58 3880 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-04-14 19:53 . 2012-09-03 12:56 3880 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-09-04 09:35 . 2012-09-04 14:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-01 23:26 . 2012-09-01 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-04 09:35 . 2012-09-04 14:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-01 23:26 . 2012-09-01 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-13 21:24 . 2012-09-03 12:53 382526 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-09-01 12:25 626290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-04 14:07 626290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-04 14:07 107566 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-01 12:25 107566 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-09-04 02:49 494960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-01 23:23 494960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-21 20:41 . 2012-09-01 00:02 9650396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1004-8192.dat
+ 2011-05-21 20:41 . 2012-09-03 01:02 9650396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1004-8192.dat
+ 2011-09-01 04:02 . 2012-09-02 01:45 5023128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1003-8192.dat
+ 2011-05-06 01:10 . 2012-09-03 18:55 44332560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1002-8192.dat
- 2011-05-06 01:10 . 2012-08-31 05:04 44332560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1002-8192.dat
+ 2011-08-05 04:46 . 2012-09-03 15:09 25070383 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1302653456\ee\AOLSoftware.exe" [2010-03-08 41800]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Zachary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Owner\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe [N/A]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-09-01 36168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-24 53488]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 9258496]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
- c:\users\Zachary\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 16:39]
.
2012-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
- c:\users\Zachary\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 16:39]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-17 18:53]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-17 18:53]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 21:06]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 21:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~2\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-04 13:14:42
ComboFix-quarantined-files.txt 2012-09-04 17:14
ComboFix2.txt 2012-09-02 03:20
.
Pre-Run: 776,334,499,840 bytes free
Post-Run: 775,888,343,040 bytes free
.
- - End Of File - - BD93017AF37B0EEEC6F6F423586F812C


----------



## ratherbeingarden (Aug 8, 2012)

And I was able to check the chameleon driver. It is installed however the tdsskiller will not run.


----------



## CatByte (Feb 24, 2009)

TDSSKiller is the best tool to remove the infection that you have, but as it wont run we need to keep trying other tools,

let's first try and repair the internet connection

try this:

Go to start > type: *CMD* into the search box > when cmd.exe populates in the window above > right click it and Run as an Administrator

Type in the following command in the command prompt and press Enter.

*netsh int ip reset reset.log*

Then also type the following command and hit enter.

*netsh winsock reset catalog*

Once that completes then restart the system and see then if you are able to get online.

next this -

Go to start > type: *CMD* into the search box > when cmd.exe populates in the window above > right click it and Run as an Administrator

You will now see a black DOS-like screen.

Type the following at the command prompt:

*IPconfig /release. * (Note the space between the "g" and the slash / it needs to be there)

Hit *enter* Then type:

*IPconfig /Renew* (Note the space between the "g" and the slash / it needs to be there)

Hit *enter*

Then try this tool:

Download *FixTDSS* and save it to your desktop.


Double click on the *FixTDSS.exe* icon to run it.
Click the *"I Accept"* button, then the *"Proceed"* button to begin 
The tool will restart your computer automatically - click *OK* to allow it to do so
The tool will begin it's scan on reboot > click *"run"* to begin 
It will report if an infected MBR is found > click the *"repair"* button
a log is created in the same location as the tool and is called FixTDSS.log, please post the content in your next reply


----------



## ratherbeingarden (Aug 8, 2012)

It let me do the reset log but not the reset catalog. Also there is a hidden background program running causing running,starting and shutting down very slow.

I'm still waiting on the computer to reboot to see if internet is back.


----------



## ratherbeingarden (Aug 8, 2012)

The computer would not shut down. I had to manually shut it down. Still no internet connection. For the catalog command it sais access denied.


----------



## CatByte (Feb 24, 2009)

see if you can restore the computer to a restore point before you ran ComboFix the last time

Open System Restore by clicking the Start button. 
In the search box, type System Restore, and then, in the list of results, click System Restore. 
If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Follow the steps in the wizard to choose a restore point and restore your computer.


----------



## CatByte (Feb 24, 2009)

If system restore doesn't work

try this:


reboot your computer, then please perform the following steps:

Click on the Start button.
Click on the Settings menu option.
Click on the Control Panel option.
When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.

click on the Repair menu option.

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.

Alternatively, if your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair


----------



## CatByte (Feb 24, 2009)

I've been going over the thread with a fine tooth comb and I think we need to give roguekiller another try

I may have misinterpreted what you were referring to with regard to the rootkit detection,

you should actually be presented with an option to use the "delete" button

so lets try that

re- run rogue killer then choose to delete what it finds

don't worry about copying the report if you are unable to do so

I'll give you the full instructions again so you don't have to scroll back through the pages:


Download RogueKiller and save it to your desktop. 
*Quit* all other programs
Start *RogueKiller.exe*
Wait until the *Prescan* has finished ... 
Click on *Scan*








Wait for the end of the scan
A report will be created on your desktop. 
Click on the *Delete* button








Next click on the *ShortcutsFix * 








another report will be created on your desktop.

Please post: *All RKreport.txt* text files located on your desktop. (only if you are able)


----------



## ratherbeingarden (Aug 8, 2012)

I tried to do the system restore before the last combofix. It failed. I still cannot get on internet so I cannot download any programs. Im ready to erase the computer and start over. All of my files were saved on other devices


----------



## ratherbeingarden (Aug 8, 2012)

Im going to try and download rogue killer from anoher computer and put it on flash drive to if i can get it to run


----------



## ratherbeingarden (Aug 8, 2012)

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/05/2012 17:50:09
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] Facebook Messenger.lnk @Zachary : C:\Users\Zachary\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31000520AS ATA Device +++++
--- User ---
[MBR] 849316078d509bfbf617111755d0544d
[BSP] ec445b49b495dd1d44e6f0d2be59bae7 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953753 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4c06e64793d67c79069e6caa0a7a3d5e
[BSP] ec445b49b495dd1d44e6f0d2be59bae7 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953753 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953495040 | Size: 10 Mo
+++++ PhysicalDrive1: HP Officejet 6500 E USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: Kingston DT 100 G2 USB Device +++++
--- User ---
[MBR] 135facb1dfc514ab623f0d33cea59c64
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3741 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## CatByte (Feb 24, 2009)

roguekiller has uncovered a rogue hidden partition that we need to remove as this is what is causing all the issues

please bear with me as I want to consult with a colleague as to the safest way to remove this hidden partition as you are unable to boot to the recovery environment


> 2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953495040 | Size: 10 Mo


----------



## CatByte (Feb 24, 2009)

could you please run listparts to help in identifying the partitions on your system

(you will need to again download and transfer over, at least we are making progress)

For 64bit systems please download Listparts64
Run the tool,
check the "list BCD" box

click "Scan" and post the log (Result.txt) it makes.


----------



## CatByte (Feb 24, 2009)

Hi,

Please print out these instructions so it will be easier for you to follow along,

We need to delete the malware partition and set the proper boot partition as active

please do the following:

I need you to download: 
*gparted-live-0.10.0-3.iso* (115.1 MB)

Create a bootable CD, for Gparted from the ISO image.

You can use *ImgBurn* do this.

Now boot off of the newly created Gparted CD.

You should be here... Press ENTER










By default, "do not touch keymap" is highlighted.










Leave this setting alone and just press ENTER.










Choose your language and press ENTER. English is default [33]

At the mode prompt enter 0, press ENTER

You will now be taken to the main GUI screen below










According to your logs, the partition that you want to delete is *10 MB*

Right click this partition and select delete .










The Partition has gone

Now select Apply

Now you should be here:










Select Apply after double checking that the right partition was deleted

Is "boot" next to your *100Mb* system drive? 
If "boot" is not next to your *100Mb* System drive under "*Flags*", right-mouse click the OS drive while in Gparted and select *Manage Flags* 









In the menu that pops up, place a checkmark in *boot* like the picture below, then close :










Under File select Quit 









You will see this small Popup 









Choose reboot and then press OK.

now run list parts again, your computer should now respond properly

let me know how that goes


----------



## ratherbeingarden (Aug 8, 2012)

ListParts by Farbar Version: 10-08-2012
Ran by Owner (administrator) on 06-09-2012 at 13:09:21
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************
========================= Memory info ====================== 
Percentage of memory in use: 25%
Total physical RAM: 4095.18 MB
Available physical RAM: 3066.29 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 7091.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:931.4 GB) (Free:742.48 GB) NTFS
4 Drive f: (USB20FD) (Removable) (Total:15.11 GB) (Free:0.01 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 3072 KB 
Disk 1 No Media 0 B 0 B 
Disk 2 No Media 0 B 0 B 
Disk 3 No Media 0 B 0 B 
Disk 4 No Media 0 B 0 B 
Disk 5 No Media 0 B 0 B 
Disk 6 Online 15 GB 0 B 
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
Partition 3 Primary 10 MB 931 GB
======================================================================================================


----------



## ratherbeingarden (Aug 8, 2012)

I have no internet on the infected computer. I have having to download on one computer and transfer over to the infected one.I was able to do the parts list but the next set of instructions has me confused.

I was able to download (on another computer) the two files. I have them saved on a disk and flash drive. On the flash drive I have "setupimgburn 2.5.6.0.exe" the other is"Imgburn 2.5.7.0". I do not see in the links you sent , where to get the "gpartedlive".


----------



## CatByte (Feb 24, 2009)

This is where you get GParted live

http://sourceforge.net/projects/gpa...e/0.13.1-2/gparted-live-0.13.1-2.iso/download

my apologies for the bad link


----------



## ratherbeingarden (Aug 8, 2012)

Remember how I could not get the keyboard to respond during boot up and you said I had a "boot" something or another virus? I had a feeling that booting from the CD would not work as well. After making 3 different CD's thinking I must not have done the download of the gparted live correctly, I took the CD to another computer to see if it would boot up with the disk and it did. The disk is good, but I cannot get the infected computer to boot up from the disk I made.


----------



## CatByte (Feb 24, 2009)

what happens when you try and boot from the CD?

are you able to get into the BIOS (usually by tapping F2) 

if you can get into the BIOS then you need to change the boot order to boot from CD first

you may need to use a PS2 keyboard (the old style round plug, usually green or purple colour)

if you are using a USB keyboard, then it probably wont work


----------



## ratherbeingarden (Aug 8, 2012)

Absolutely nothing happens out of the ordinary when I try and boot from the CD. It boots right up. Tapping the "F" keys (any of them) it totally ignores them. Even when the computer shuts down improperly for example when the electricy goes out, the screen comes back on and gives you the choice to enter safe mode. However, pushing the arrow keys and the enter key, does nothing. The seconds for making a choice click down and then it boots up.

I will try and find a keyboard with a plug. Maybe a thrift store will have one!


----------



## CatByte (Feb 24, 2009)

ok, yes, it sounds like the issue is the keyboard being unable to make a selection prior to windows loading

prior to searching all over for a PS2 keyboard, have a look in normal mode first

I doubt you will be able to fix it in normal mode, but you never know.

please do the following:

open up Control Panel, and type *partition* into the search box

The Administrative Tools, Disk Management Window should open

let me know what you see there

(you should see three partitions)

the bad one is 10MB

if it is visible let me know what options are given if you right click it

there should also be two other partitions showing, one is a system reserved partition and one should be your operating system

let me know which one says "boot" and if you right click on either one, do you get the option to "Mark Partition as Active"?

(don't do anything yet, just report back what you find and what options you have)


----------



## ratherbeingarden (Aug 8, 2012)

There are 4. the first one has no name but it has a capacity of "10 MB" so that must be the bad one. the next is "C" it states healthy (boot pagefile...).
Then there is Gparted, It just says healthy. Then System recovery and it says (healthy ( boot, page file...)


----------



## ratherbeingarden (Aug 8, 2012)

And I found a keyboard from a neighbor.


----------



## ratherbeingarden (Aug 8, 2012)

The neighbor's keyboard worked! Now how do I change the boot order?


----------



## CatByte (Feb 24, 2009)

ok perfect

press F2 when you boot up that should get you into the BIOS

(if it isn't F2 it may be "esc"...it flashes on the bottom of your screen just as you boot)..for "setup" options press.....and it gives you the key to press...mine is F2)


once you are in the BIOS...arrow over to boot order....use the up and down arrows to place CD at the top


----------



## ratherbeingarden (Aug 8, 2012)

Of course, there is no "boot order" to choose from. What I get is this:

The screen title is "advanced Boot options"

Then I have two choices: "Window 7" or "tools"
Highlight Windows 7 press enter and it boots the computer as normal. highlight Windows seven and press F8, then if gives several options.

Safe mode
Safemode with network
Safemode with command prompt
Enable boot logging
Enable low resolution video
Last know good configuration
Directory Services
Debugging Mode
Disable auto restart
Disable Driver Signature
Start Windows Normaly

If instead you choose "tools" instead of "Windows 7" on the first screen, it starts to geneate a list which never appears and the system locks up.
It give the option of


----------



## ratherbeingarden (Aug 8, 2012)

I remembered the shift +F10 option we found before and found the bios boot order. My choices are "int 18h", "Int 19h" , "Pnp /BEV (BBS)" and ROM Disable.

There were no simple choices like "CD first"


----------



## ratherbeingarden (Aug 8, 2012)

There are 2 "network boot protocols" is cna choose as well "PXE" was what it was set on. The other choice was "RPL"


----------



## CatByte (Feb 24, 2009)

I wish I could see what you are seeing, as I don't think you are in the BIOS, when you try hitting F2 on boot up, what happens?

what is the make and model of your computer?

most HP's it is F1 or F2 to enter the BIOS


----------



## ratherbeingarden (Aug 8, 2012)

While waiting on your reply, I tried every combination. I could never get the cd to boot up first.


----------



## CatByte (Feb 24, 2009)

ok

go back to the Disk Management screen in normal mode

right click on the 100MB partition see if you can choose to "Mark partition as Active"

If you can set that partition as Active successfully > then right click the 10MB partition and choose to delete it (Delete Volume)

let me know if you can


----------



## ratherbeingarden (Aug 8, 2012)

I tried every button and restarted the computer 22 times and fianally "F11"without the shift button got me there.....augh!!!! And the gnome partition editor started. I'll start working on that


----------



## CatByte (Feb 24, 2009)

quick thought....

now that you have the PS2 keyboard

see if you can tap F8 and get to the options menu where you can choose "repair my computer" which will lead you to the recovery environment

let me know if you are able to do that now if the disk management is unable to do anything in normal mode


----------



## CatByte (Feb 24, 2009)

ok

that's good,

just saw your latest post, so move on with the gparted instructions to delete the malware partition


----------



## ratherbeingarden (Aug 8, 2012)

I followed th gpart insrtuction. Everything went just as your notes said.; however now the computer will not boot up. It tries 2 times and then it tries to doa sytem repair. That runs for awhile. Then it says "start up cannot repair this computer automatically"


----------



## ratherbeingarden (Aug 8, 2012)

I can get into system recovery options


----------



## ratherbeingarden (Aug 8, 2012)

I just noticed that my operating system says
"Operating system: windows 7 on(D |ocal disk" not c


----------



## CatByte (Feb 24, 2009)

boot into gparted again

go back to the instructions for "Manage Flags"

Instead of the 100MB partition, choose the NTFS Partition 2 Primary 931GB partition

right-mouse click that OS drive while in Gparted and select "Manage Flags"

place a checkmark in *boot * then close :

Under File select Quit and choose to reboot

now see if the computer will boot normally


----------



## CatByte (Feb 24, 2009)

yes, the recovery environment changes the drive letter when it is in the recovery environment because of the recovery partition

now that we have the malware partition deleted, we just have to toggle the boot flag to the correct partition so that your computer will boot

(I expected the boot components to be on the 100MB partition, but it appears they are on the other partition)


----------



## ratherbeingarden (Aug 8, 2012)

I cannot get it to boot up with the disk


----------



## ratherbeingarden (Aug 8, 2012)

Omg..... I kept turning on and off. Now I am In gpart


----------



## CatByte (Feb 24, 2009)

OK

we'll have to do it in the recovery environment

lets see what we have first with this other tool before I give instructions to change it


*Download* *ListParts64* to a USB flash drive.
Plug the USB drive into the infected machine.

*Boot your computer into Recovery Environment*


Restart the computer and press *F8* repeatedly until the *Advanced Options Menu* appears.
Select *Repair your computer*.
Select Language and click *Next*
Enter password (if necessary) and click *OK*, you should now see the screen below ...











Select the *Command Prompt* option.
A command window will open.
Type *notepad* then hit *Enter*.
Notepad will open.
Click *File > Open* then select *Computer*.
Note down the drive letter for your *USB Drive*.
Close Notepad.


Back in the command window ....
Type *e:/listparts64.exe* and hit *Enter* (where *e:* is replaced by the drive letter for your USB drive)
*ListParts* will start to run.
Press the *Scan* button.
When finished scanning it will make a log *Result.txt* on the flash drive.


Close the command window.
post me the *Result.txt* log please.


----------



## ratherbeingarden (Aug 8, 2012)

I got into the gparted program and it started to run and then a black scree with a whole bunch numbers appeared.

Things like kernal attack unable to read. Attempted to kill init


----------



## CatByte (Feb 24, 2009)

ok

let's switch gears and approach this from the recovery environment with list parts

(did you see my previous post)

(that's linux related error codes)


----------



## ratherbeingarden (Aug 8, 2012)

Yes but my f buttons are different. I gotinto the screen pictured I just have to remember how I got there. F8 on mine is to change boot order.


----------



## CatByte (Feb 24, 2009)

try F5


----------



## ratherbeingarden (Aug 8, 2012)

ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 06-09-2012 at 22:37:47
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************
========================= Memory info ====================== 
Percentage of memory in use: 11%
Total physical RAM: 4095.18 MB
Available physical RAM: 3638.13 MB
Total Pagefile: 4093.38 MB
Available Pagefile: 3613.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:931.4 GB) (Free:742.52 GB) NTFS
4 Drive f: (GParted-live) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS
5 Drive g: (USB20FD) (Removable) (Total:15.11 GB) (Free:0.01 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB 
Disk 1 No Media 0 B 0 B 
Disk 2 Online 15 GB 0 B 
Disk 3 No Media 0 B 0 B 
Disk 4 No Media 0 B 0 B 
Disk 5 No Media 0 B 0 B 
Disk 6 No Media 0 B 0 B 
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
======================================================================================================
Disk: 0
Partition 1
Type : 07


----------



## CatByte (Feb 24, 2009)

well this is showing that the 100mb partition does indeed have the boot components

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

so it is set to properly boot to that partition

but let's try this just to make certain


Click *Start* and in the *Search Programs and files* box type *Notepad.exe* then hit *Enter*. 
An empty Notepad file will open.
Copy and paste the contents of the quote box below into Notepad.



> Disk=0 Partition=1 active
> bcdedit



Click *Format* and ensure *Wordwrap* is unchecked.
Save as *Fix.txt* to the flash drive where ListParts is located.

*Next*

*Boot your computer into Recovery Environment*


Restart the computer and press *F8* repeatedly until the *Advanced Options Menu* appears.
Select *Repair your computer*.
Select Language and click *Next*
Enter password (if necessary) and click *OK*, you should now see the screen below ...











Select the *Command Prompt* option.
A command window will open.
Type *notepad* then hit *Enter*.
Notepad will open.
Click *File > Open* then select *Computer*.
Note down the drive letter for your *USB Drive*.
Close Notepad.


Back in the command window ....
Type *e:/listparts64.exe* and hit *Enter* (where *e:* is replaced by the drive letter for your USB drive)
*ListParts* will start to run.
Press the *Fix* button.
ListParts will process the script in *Fix.txt*
When finished please press the *Scan* button.
A log *Result.txt* will be saved to the flash drive.


Close the command window.
Boot back into normal mode and post me the *Result.txt* log please.


----------



## ratherbeingarden (Aug 8, 2012)

Click start from where? I cannot get the system to boot up at all


----------



## ratherbeingarden (Aug 8, 2012)

I am still in the system recovery options screen


----------



## ratherbeingarden (Aug 8, 2012)

I understand now... on the uninfected computer.


----------



## CatByte (Feb 24, 2009)

oh yes, sorry, you need to create the fix.txt on the good computer and save it to the USB

I should have explained that more clearly


----------



## ratherbeingarden (Aug 8, 2012)

ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 06-09-2012 at 23:26:05
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************
========================= Memory info ====================== 
Percentage of memory in use: 11%
Total physical RAM: 4095.18 MB
Available physical RAM: 3616.4 MB
Total Pagefile: 4093.38 MB
Available Pagefile: 3600.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:931.4 GB) (Free:742.52 GB) NTFS
4 Drive f: (GParted-live) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS
5 Drive g: (USB20FD) (Removable) (Total:15.11 GB) (Free:0.01 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status  Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB 
Disk 1 No Media 0 B 0 B 
Disk 2 Online 15 GB 0 B 
Disk 3 No Media 0 B 0 B 
Disk 4 No Media 0 B 0 B 
Disk 5 No Media 0 B 0 B 
Disk 6 No Media 0 B 0 B 
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C System Rese NTFS Partition 100 MB Healthy 
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 931 GB Healthy 
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 31 KB
======================================================================================================
Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB20FD FAT32 Removable 15 GB Healthy 
======================================================================================================
==========================================================
TDL4: custom:26000022

****** End Of Log ******


----------



## CatByte (Feb 24, 2009)

OK I see the issue as to why it wont boot

we need a different tool though

Please do the following:

Download *Farbar Recovery Scan Tool* and save it to a flash drive.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as *fixlist.txt*


```
start
TDL4: custom:26000022
end
```
Now plug the flashdrive into the infected PC.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system*

Now please enter System Recovery Options again.

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst64.exe* and press *Enter* 
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click *Yes* to disclaimer.
Press the *Fix* button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
you should now be able to boot normally


----------



## ratherbeingarden (Aug 8, 2012)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-06 23:53:01 Run:1
Running from G:\
==============================================

The operation completed successfully.
The operation completed successfully.
==== End of Fixlog ====




Yes, the system booted up normally


----------



## CatByte (Feb 24, 2009)

excellent

now we have to try and figure out how to get it to connect again

please run the following:

Please download CheckConns and save it to your USB, transfer it to the computer that cant connect and transfer it to the desktop.

Double click the icon to run it

Post the results in your next reply


----------



## ratherbeingarden (Aug 8, 2012)

==== ServiceGroupOrder =========
PNP_TDI
TDI
NetBIOSGroup
==========================
PNP_TDI = [08], 05, 01, 02, 03, 04, 06, 07, 08
SERVICE_NAME: AFD
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Ancillary Function Driver for Winsock
SERVICE_NAME: BridgeMP
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\bridge.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 10
DISPLAY_NAME : MAC Bridge Miniport
SERVICE_NAME: BVRPMPR5a64
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : BVRPMPR5a64 NDIS Protocol Driver
SERVICE_NAME: NDProxy
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : 
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : NDIS Proxy
SERVICE_NAME: NetBT
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : NetBT
DEPENDENCIES : Tdx, tcpip
SERVICE_NAME: Smb
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\smb.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 8
 DISPLAY_NAME : Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DEPENDENCIES : Tcpip
SERVICE_NAME: Tcpip
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 0 BOOT_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 3
DISPLAY_NAME : TCP/IP Protocol Driver
SERVICE_NAME: tdx
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tdx.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 4
DISPLAY_NAME : NetIO Legacy TDI Support Driver
DEPENDENCIES : Tcpip
SERVICE_NAME: ws2ifsl
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\ws2ifsl.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Winsock IFS Driver
==========================
SERVICE_NAME: Dhcp
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
PID : 952
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : NSI, Tdx, Afd
SERVICE_NAME: Dnscache
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
PID : 1088
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tdx, nsi
SERVICE_NAME: dot3svc
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wired AutoConfig
DEPENDENCIES : RpcSs, Ndisuio, Eaphost
SERVICE_NAME: lmhosts
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
PID : 952
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT, Afd
SERVICE_NAME: Wlansvc
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE  : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : WLAN AutoConfig
DEPENDENCIES : nativewifip, RpcSs, Ndisuio, Eaphost
SERVICE_NAME: WwanSvc
STATE : 1 STOPPED
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : WWAN AutoConfig
DEPENDENCIES : PlugPlay, RpcSs, NdisUio, NlaSvc
==========================
NetBIOSGroup = [02], 01, 02
SERVICE_NAME: NetBIOS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 2
DISPLAY_NAME : NetBIOS Interface


----------



## CatByte (Feb 24, 2009)

I need to get another look with a different tool

please run the following:

Please download *Farbar Service Scanner* and transfer it to the desktop of the computer with the issue.
Make sure only the following option is checked:
*Internet Services*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
Please copy and paste the log to your reply.


----------



## ratherbeingarden (Aug 8, 2012)

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 07-09-2012 at 00:26:27
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## CatByte (Feb 24, 2009)

well, that doesn't give much of a clue unfortunately, all the files are there and all the services are running,

please try the following tool

Download Complete Internet Repair to your desktop

Unzip all the files to their own folder on the desktop
Within the folder double click *CIntRep.exe*
the program will then run










Select *all items*
Press *go *
Select *file* to get the log 
Post the log here


----------



## CatByte (Feb 24, 2009)

I'm very sorry, but I need to go to bed now (it's 12:45am where I am) as I have to get up for work in the morning, but we'll pick this up tomorrow

I do believe you are infection free now we have removed the malware partition from your hard drive

there may be some leftovers to sweep up, but nothing much, so you should be in the clear once we fix the internet connection

so hang in there

you have done a great job in following all the instructions and getting through these difficult procedures

(thank goodness your neighbour had the PS2 keyboard, made our job a lot easier)


----------



## ratherbeingarden (Aug 8, 2012)

Thank you for all your help.

Here is the last log you requested. After the fixes, I was hoping the internet would come back up but it didn't. Here is the log:

./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[07/09/2012 00:48:02] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:12] TCP/IP interfaces reset successful.
[07/09/2012 00:48:14] TCP/IP v6 interfaces reset successful.
[07/09/2012 00:48:14] You may need to restart your computer for the settings to take effect.
[07/09/2012 00:48:14] Finished resetting the Internet Protocol (TCP/IP).
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:14] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:15] Could not reset the Winsock Catalog.
[07/09/2012 00:48:15] Finished repairing Winsock
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:15] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:15] Successfully released TCP/IP connections.
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:15] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:15] Successfully renewed TCP/IP adapters.
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:15] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:35] Windows Event Log Service Configured.
[07/09/2012 00:48:36] Starting the Windows Event Log Service.....
[07/09/2012 00:48:36] Windows Event Log Service Started Successfully.
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:36] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:38] Successfully flushed DNS Resolver Cache.
[07/09/2012 00:48:38] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[07/09/2012 00:48:43] Registration of the DNS resource records has been initiated.
[07/09/2012 00:48:43] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[07/09/2012 00:48:43] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:44] Repairing Internet Explorer 9.0.8112, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:48:50] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[07/09/2012 00:48:51] RegSvr32.exe: 'asctrls.ocx' Specified module not found
[07/09/2012 00:48:51] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:48:51] RegSvr32.exe: 'cdfview.dll' Specified module not found
[07/09/2012 00:48:51] RegSvr32.exe: 'comcat.dll' registration succeeded.
[07/09/2012 00:48:51] RegSvr32.exe: 'comctl32.dll' registration succeeded.
[07/09/2012 00:48:51] RegSvr32.exe: 'corpol.dll' Specified module not found
[07/09/2012 00:48:51] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[07/09/2012 00:48:51] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\custsat.dll"' Specified module not found
[07/09/2012 00:48:51] RegSvr32.exe: 'digest.dll' Specified module not found
[07/09/2012 00:48:51] RegSvr32.exe: 'dispex.dll' registration succeeded.
[07/09/2012 00:48:53] RegSvr32.exe: 'dxtmsft.dll' registration succeeded.
[07/09/2012 00:48:53] RegSvr32.exe: 'dxtrans.dll' registration succeeded.
[07/09/2012 00:48:53] RegSvr32.exe: 'extmgr.dll' Specified module not found
[07/09/2012 00:48:53] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\hmmapi.dll"' Specified module not found
[07/09/2012 00:48:54] RegSvr32.exe: 'hlink.dll' registration succeeded.
[07/09/2012 00:48:57] RegSvr32.exe: 'ieaksie.dll' registration succeeded.
[07/09/2012 00:48:58] RegSvr32.exe: 'ieapfltr.dll' Error number: 0x80070005
[07/09/2012 00:48:59] RegSvr32.exe: 'iedkcs32.dll' registration succeeded.
[07/09/2012 00:48:59] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\iedvtool.dll"' registration succeeded.
[07/09/2012 00:48:59] RegSvr32.exe: 'iedvtool.dll' Specified module not found
[07/09/2012 00:49:02] RegSvr32.exe: 'ieframe.dll' registration succeeded.
[07/09/2012 00:49:06] RegSvr32.exe: 'iepeers.dll' registration succeeded.
[07/09/2012 00:49:18] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\ieproxy.dll"' registration succeeded.
[07/09/2012 00:49:20] RegSvr32.exe: 'ieproxy.dll' Specified module not found
[07/09/2012 00:49:20] RegSvr32.exe: 'iesetup.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:20] RegSvr32.exe: 'imgutil.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:23] RegSvr32.exe: 'inetcpl.cpl' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:23] RegSvr32.exe: 'inetcpl.cpl' registration succeeded.
[07/09/2012 00:49:23] RegSvr32.exe: 'initpki.dll' Specified module not found
[07/09/2012 00:49:23] RegSvr32.exe: 'inseng.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:25] RegSvr32.exe: 'jscript.dll' registration succeeded.
[07/09/2012 00:49:25] RegSvr32.exe: 'licmgr10.dll' registration succeeded.
[07/09/2012 00:49:25] RegSvr32.exe: 'mlang.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:25] RegSvr32.exe: 'mobsync.dll' Specified module not found
[07/09/2012 00:49:25] RegSvr32.exe: 'msapsspc.dll' Specified module not found
[07/09/2012 00:49:26] RegSvr32.exe: 'mscoree.dll' registration succeeded.
[07/09/2012 00:49:26] RegSvr32.exe: 'mscorier.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:26] RegSvr32.exe: 'mscories.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:26] RegSvr32.exe: 'msdbg2.dll' Specified module not found
[07/09/2012 00:49:26] RegSvr32.exe: 'mshta.exe' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:26] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:27] RegSvr32.exe: 'mshtmled.dll' registration succeeded.
[07/09/2012 00:49:27] RegSvr32.exe: 'msident.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:27] RegSvr32.exe: 'msieftp.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:27] RegSvr32.exe: 'msnsspc.dll' Specified module not found
[07/09/2012 00:49:27] RegSvr32.exe: 'msr2c.dll' Specified module not found
[07/09/2012 00:49:28] RegSvr32.exe: 'msrating.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:28] RegSvr32.exe: 'mstime.dll' Specified module not found
[07/09/2012 00:49:28] RegSvr32.exe: 'msxml.dll' Specified module not found
[07/09/2012 00:49:29] RegSvr32.exe: 'ole32.dll' registration succeeded.
[07/09/2012 00:49:30] RegSvr32.exe: 'oleacc.dll' registration succeeded.
[07/09/2012 00:49:30] RegSvr32.exe: 'occache.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:35] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[07/09/2012 00:49:36] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\pdm.dll"' registration succeeded.
[07/09/2012 00:49:36] RegSvr32.exe: 'plugin.ocx' Specified module not found
[07/09/2012 00:49:37] RegSvr32.exe: 'pngfilt.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:37] RegSvr32.exe: 'proctexe.ocx' Specified module not found
[07/09/2012 00:49:37] RegSvr32.exe: 'scrobj.dll' Error number: 0x80070005
[07/09/2012 00:49:37] RegSvr32.exe: 'sendmail.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:38] RegSvr32.exe: 'setupwbv.dll' Specified module not found
[07/09/2012 00:49:38] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:38] RegSvr32.exe: 'tdc.ocx' registration succeeded.
[07/09/2012 00:49:38] RegSvr32.exe: 'url.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:42] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[07/09/2012 00:49:43] RegSvr32.exe: 'urlmon.dll,NI,HKLM' Specified module not found
[07/09/2012 00:49:44] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[07/09/2012 00:49:44] RegSvr32.exe: '"C:\Program Files (x86)\microsoft shared\vgx\vgx.dll"' Specified module not found
[07/09/2012 00:49:44] RegSvr32.exe: 'webcheck.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:49:44] Finished repairing Internet Explorer 9.0.8112
-----------------------------------------------------------------------------------------
[07/09/2012 00:49:44] Repairing Windows Update / Automatic Updates, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:49:44] Stopping the BITS Service.....
[07/09/2012 00:49:44] BITS Stopped Successfully.
[07/09/2012 00:49:44] Stopping the Automatic Updates (wuauserv) Service.....
[07/09/2012 00:49:45] Automatic Updates (wuauserv) Service Stopped Successfully.
[07/09/2012 00:49:45] Clearing File Stores (Update History).....
[07/09/2012 00:49:45] Clearing [C:\Windows\SoftwareDistribution\Download].....
[07/09/2012 00:50:00] [C:\Windows\SoftwareDistribution\Download] Cleared.
[07/09/2012 00:50:00] Clearing [C:\Windows\SoftwareDistribution\DataStore].....
[07/09/2012 00:50:02] Clearing [C:\Windows\SysWOW64\CatRoot2].....
[07/09/2012 00:50:02] [C:\Windows\SysWOW64\CatRoot2] Cleared.
[07/09/2012 00:50:02] Setting BITS Security Descriptor.....
[07/09/2012 00:50:08] BITS Security Descriptor Set.
[07/09/2012 00:50:08] Setting Automatic Updates (wuauserv) Service Security Descriptor.....
[07/09/2012 00:50:12] Automatic Updates (wuauserv) Security Descriptor Set.
[07/09/2012 00:50:12] Configuring the Automatic Updates (wuauserv) Service.....
[07/09/2012 00:50:13] Automatic Updates (wuauserv) Service Configured.
[07/09/2012 00:50:13] Configuring BITS.....
[07/09/2012 00:50:13] BITS Configured.
[07/09/2012 00:50:13] Registering WUAU DLLs.....
[07/09/2012 00:50:18] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[07/09/2012 00:50:19] RegSvr32.exe: 'atl.dll' registration succeeded.
[07/09/2012 00:50:20] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:50:20] RegSvr32.exe: 'corpol.dll' Specified module not found
[07/09/2012 00:50:21] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[07/09/2012 00:50:22] RegSvr32.exe: 'dispex.dll' registration succeeded.
[07/09/2012 00:50:23] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[07/09/2012 00:50:23] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[07/09/2012 00:50:23] RegSvr32.exe: 'initpki.dll' Specified module not found
[07/09/2012 00:50:25] RegSvr32.exe: 'jscript.dll' registration succeeded.
[07/09/2012 00:50:27] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:50:28] RegSvr32.exe: 'msscript.ocx' registration succeeded.
[07/09/2012 00:50:28] RegSvr32.exe: 'msxml.dll' Specified module not found
[07/09/2012 00:50:28] RegSvr32.exe: 'msxml2.dll' Specified module not found
[07/09/2012 00:50:28] RegSvr32.exe: 'msxml3.dll' registration succeeded.
[07/09/2012 00:50:29] RegSvr32.exe: 'msxml4.dll' registration succeeded.
[07/09/2012 00:50:29] RegSvr32.exe: 'msxml6.dll' registration succeeded.
[07/09/2012 00:50:29] RegSvr32.exe: 'muweb.dll' Specified module not found
[07/09/2012 00:50:29] RegSvr32.exe: 'ole.dll' Specified module not found
[07/09/2012 00:50:29] RegSvr32.exe: 'ole32.dll' registration succeeded.
[07/09/2012 00:50:29] RegSvr32.exe: 'oleaut.dll' Specified module not found
[07/09/2012 00:50:32] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[07/09/2012 00:50:32] RegSvr32.exe: 'qmgr.dll' Specified module not found
[07/09/2012 00:50:32] RegSvr32.exe: 'qmgrprxy.dll' registration succeeded.
[07/09/2012 00:50:32] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[07/09/2012 00:50:32] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[07/09/2012 00:50:32] RegSvr32.exe: 'sccbase.dll' Specified module not found
[07/09/2012 00:50:32] RegSvr32.exe: 'scrobj.dll' registration succeeded.
[07/09/2012 00:50:33] RegSvr32.exe: 'scrrun.dll' registration succeeded.
[07/09/2012 00:50:33] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:50:33] RegSvr32.exe: 'shell.dll' Specified module not found
[07/09/2012 00:50:33] RegSvr32.exe: 'shell32.dll' registration succeeded.
[07/09/2012 00:50:33] RegSvr32.exe: 'slbcsp.dll' Specified module not found
[07/09/2012 00:50:33] RegSvr32.exe: 'softpub.dll' registration succeeded.
[07/09/2012 00:50:33] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[07/09/2012 00:50:34] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[07/09/2012 00:50:34] RegSvr32.exe: 'winhttp.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:50:34] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[07/09/2012 00:50:35] RegSvr32.exe: 'wshext.dll' Error number: 0x80070005
[07/09/2012 00:50:36] RegSvr32.exe: 'wuapi.dll' registration succeeded.
[07/09/2012 00:50:36] RegSvr32.exe: 'wuaueng.dll' Specified module not found
[07/09/2012 00:50:36] RegSvr32.exe: 'wuaueng1.dll' Specified module not found
[07/09/2012 00:50:36] RegSvr32.exe: 'wucltui.dll' Specified module not found
[07/09/2012 00:50:36] RegSvr32.exe: 'wucltux.dll' Specified module not found
[07/09/2012 00:50:37] RegSvr32.exe: 'wups.dll' registration succeeded.
[07/09/2012 00:50:37] RegSvr32.exe: 'wups2.dll' Specified module not found
[07/09/2012 00:50:37] RegSvr32.exe: 'wuweb.dll' Specified module not found
[07/09/2012 00:50:38] RegSvr32.exe: 'wuwebv.dll' registration succeeded.
[07/09/2012 00:50:38] WUAU DLLs Reregistered.
[07/09/2012 00:50:38] Resetting proxy settings.....
[07/09/2012 00:50:47] Proxy settings reset successfully.
[07/09/2012 00:50:47] Restarting the Automatic Updates (wuauserv) Service.....
[07/09/2012 00:50:48] Automatic Updates (wuauserv) Service Restarted.
[07/09/2012 00:50:48] Restarting the BITS Service.....
[07/09/2012 00:50:49] BITS Service Restarted.
[07/09/2012 00:50:49] Clearing the BITS queue.....
[07/09/2012 00:50:58] BITS queue cleared.
[07/09/2012 00:50:58] Initiating Windows Updates detection right away.....
[07/09/2012 00:51:14] Finished repairing Windows Update / Automatic Updates.
-----------------------------------------------------------------------------------------
[07/09/2012 00:51:14] Repairing SSL / HTTPS / Cryptography service, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:51:14] Configuring the Cryptographic Service.....
[07/09/2012 00:51:15] Cryptographic Service Configured.
[07/09/2012 00:51:15] Stopping the Cryptographic Service.....
[07/09/2012 00:51:15] Cryptographic service Stopped Successfully.
[07/09/2012 00:51:15] Clearing [C:\Windows\system32\CatRoot].....
[07/09/2012 00:51:16] [C:\Windows\system32\CatRoot] cleared.
[07/09/2012 00:51:16] Re-registering SSL / HTTPS / Cryptography DLLs.....
[07/09/2012 00:51:21] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[07/09/2012 00:51:23] RegSvr32.exe: 'cryptext.dll' registration succeeded.
[07/09/2012 00:51:23] RegSvr32.exe: 'cryptui.dll' registration succeeded.
[07/09/2012 00:51:24] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[07/09/2012 00:51:24] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[07/09/2012 00:51:24] RegSvr32.exe: 'initpki.dll' Specified module not found
[07/09/2012 00:51:24] RegSvr32.exe: 'licdll.dll' Specified module not found
[07/09/2012 00:51:26] RegSvr32.exe: 'mssign32.dll' registration succeeded.
[07/09/2012 00:51:27] RegSvr32.exe: 'mssip32.dll' registration succeeded.
[07/09/2012 00:51:27] RegSvr32.exe: 'regwizc.dll' Specified module not found
[07/09/2012 00:51:27] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[07/09/2012 00:51:27] RegSvr32.exe: 'scardssp.dll' Specified module not found
[07/09/2012 00:51:27] RegSvr32.exe: 'sccbase.dll' Specified module not found
[07/09/2012 00:51:29] RegSvr32.exe: 'scecli.dll' registration succeeded.
[07/09/2012 00:51:29] RegSvr32.exe: 'slbcsp.dll' Specified module not found
[07/09/2012 00:51:29] RegSvr32.exe: 'softpub.dll' registration succeeded.
[07/09/2012 00:51:29] RegSvr32.exe: 'winhttp.dll' Module loaded but entry-point DllRegisterServer was not found.
[07/09/2012 00:51:29] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[07/09/2012 00:51:29] SSL / HTTPS / Cryptography DLLs re-registered.
[07/09/2012 00:51:37] Restarting the Cryptographic Service.....
[07/09/2012 00:51:37] Cryptographic Service restarted.
[07/09/2012 00:51:37] Finished repairing SSL / HTTPS / Cryptography service.
-----------------------------------------------------------------------------------------
[07/09/2012 00:51:37] Resetting the Windows Firewall configuraton, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:52:39] Windows Firewall configuration reset successful.
[07/09/2012 00:52:39] Finished resetting the Windows Firewall configuraton.
-----------------------------------------------------------------------------------------
[07/09/2012 00:52:40] Restoring the default Windows HOSTS file, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:52:40] Writing data to the HOSTS file.....
[07/09/2012 00:52:40] HOSTS file created successfully.
-----------------------------------------------------------------------------------------
[07/09/2012 00:52:40] Repairing Workgroup Computers view, Please wait.....
-----------------------------------------------------------------------------------------
[07/09/2012 00:52:40] Finished repairing Workgroup Computers view.
-----------------------------------------------------------------------------------------
[07/09/2012 00:52:42] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[07/09/2012 00:52:52] Your computer is restarting now.....
-----------------------------------------------------------------------------------------


----------



## CatByte (Feb 24, 2009)

let's have a look at what ComboFix took out,

please post the following:

Press the WinKey + R to open a run box, copy/paste the following bolded text into the Run box and click OK:

*C:\Qoobox\ComboFix-quarantined-files.txt*

A report should pop open for you. Please post the contents in your next reply.


----------



## ratherbeingarden (Aug 8, 2012)

2012-09-02 03:18:03 . 2012-09-02 03:18:03 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2012-09-02 03:15:37 . 2012-09-02 03:15:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-combofix.reg.dat
2012-09-02 01:42:44 . 2012-09-02 01:42:44 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-01425748.sys.reg.dat
2012-09-01 23:11:47 . 2012-09-01 23:11:47 1,366 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2012-09-01 23:11:42 . 2012-09-01 23:11:42 1,092 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2012-09-01 23:08:16 . 2012-09-04 16:43:52 3,240 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-30 00:27:22 . 2012-09-04 16:12:19 357 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-08-26 23:24:47 . 2012-08-26 23:24:47 281,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\wpcap.dll.vir
2012-08-26 23:24:47 . 2012-08-26 23:24:47 96,784 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\Packet.dll.vir
2012-08-15 09:15:03 . 2012-08-15 10:15:07 9,826,504 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\FlashPlayerInstaller.exe.vir


----------



## CatByte (Feb 24, 2009)

OK

we have some trouble shooting steps to work through.

First, let's restore the tcpip.reg files

please do the following:

navigate to this folder
C:\QooBox\Quarantine\*Registry_Backups*

In the right hand panel, locate this file:

C:\Qoobox\Quarantine\Registry_backups\tcpip.reg


Next double click the file and *ALLOW*it to merge into the registry

please advise if you can now connect.

If you still cannot connect, then please run the following:

Please download MiniToolBox, save it to your desktop and run it.

Place a checkmark in the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.
List Minidump Files
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

*Note:* When using the "Reset FF Proxy Settings" option, Firefox should be closed.

*NEXT*

some trouble shooting steps > check your connection after each step so you will be able to advise which one has worked:
(if we get that lucky) (Obviously if your connection restores, there will be no need to complete the other trouble shooting steps)

Go to the Control Panel, click on Hardware and Sound, and then open Device Manager. Right-click on your network card and choose Uninstall. If prompted to remove the driver, click Yes.

Then restart Windows and the default Windows 7 driver will be installed.

*NEXT*

Go to the Network and Sharing Center and right-click on your network card and choose Disable. Then simply re-enable it and see if that does it.

*NEXT*

Click Start and type "command" in the search box. Right-click on Command Prompt and choose Run as administrator.

Type the following commands, pressing Enter after each command:

* netsh int ip reset reset.txt

netsh winsock reset

netsh advfirewall reset*

Restart the computer.

I have more if none of those correct the situation, but let's start with these steps first


----------



## ratherbeingarden (Aug 8, 2012)

That step took me awhile, minitoolbox would not download but I finally got another browser to download it. Here is the log. I will go back now and do the other instructions.

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 07-09-2012 at 20:01:29
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ============================== 
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================

========================= IP Configuration: ================================
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global taskoffload=enabled

popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 40-61-86-99-E9-6B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d0af:9bcb:5df:bb1e%11(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.187.30(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DHCPv6 IAID . . . . . . . . . . . : 241984109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-2E-1A-12-6C-62-6D-94-59-73
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{D5E68873-0506-4B50-A659-9DFCF53AB685}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for .ª;I_˜˜˜ª¢):
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...40 61 86 99 e9 6b ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255  On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.187.30 266
169.254.187.30 255.255.255.255 On-link 169.254.187.30 266
169.254.255.255 255.255.255.255 On-link 169.254.187.30 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.187.30 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.187.30 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::d0af:9bcb:5df:bb1e/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\SysWOW64\rsvpsp.dll [File Not found] ()
Catalog9 29 C:\Windows\SysWOW64\rsvpsp.dll [File Not found] ()
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
========================= Event log errors: ===============================
Application errors:
==================
Error: (09/07/2012 06:40:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 06:38:41 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 01:01:57 AM) (Source: RasClient) (User: )
Description: CoId={570AD136-6D33-48EE-BDA8-858211F7DC7C}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (09/07/2012 01:01:02 AM) (Source: RasClient) (User: )
Description: CoId={E56CE88F-7B16-43AE-B3AC-E5CF129D83EB}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (09/07/2012 00:59:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 00:57:28 AM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 00:44:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 00:43:05 AM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 00:26:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 00:24:50 AM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out

System errors:
=============
Error: (09/07/2012 06:49:37 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
Error: (09/07/2012 06:49:13 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.135.330.0
Update Source: %NT AUTHORITY59
Update Stage: 4.0.1526.00
Source Path: 4.0.1526.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (09/07/2012 06:38:49 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.0 service failed to start due to the following error: 
%%3
Error: (09/07/2012 06:38:43 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014874
Error: (09/07/2012 01:02:25 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error %%-1.
Error: (09/07/2012 00:57:36 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.0 service failed to start due to the following error: 
%%3
Error: (09/07/2012 00:57:31 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014874
Error: (09/07/2012 00:54:06 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (09/07/2012 00:54:05 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error %%-1.
Error: (09/07/2012 00:54:04 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
%%1069

Microsoft Office Sessions:
=========================
Error: (09/07/2012 06:40:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 06:38:41 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 01:01:57 AM) (Source: RasClient)(User: )
Description: {570AD136-6D33-48EE-BDA8-858211F7DC7C}Owner-PC\OwnerBroadband Connection651
Error: (09/07/2012 01:01:02 AM) (Source: RasClient)(User: )
Description: {E56CE88F-7B16-43AE-B3AC-E5CF129D83EB}Owner-PC\OwnerBroadband Connection651
Error: (09/07/2012 00:59:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 00:57:28 AM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 00:44:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 00:43:05 AM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 00:26:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 00:24:50 AM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out

=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 6.2.1)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 50.0.165.000)
Adobe AIR (Version: 2.6.0.19120)
Adobe Community Help (Version: 3.4.980)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.0308.2325.42017)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.816.0)
Audible Download Manager (Version: 6.6.0.15)
Bandisoft MPEG-1 Decoder
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0308.2325.42017)
Catalyst Control Center Graphics Previews Common (Version: 2011.0308.2325.42017)
Catalyst Control Center InstallProxy (Version: 2011.0308.2325.42017)
ccc-utility64 (Version: 2011.0308.2325.42017)
CCC Help English (Version: 2011.0308.2324.42017)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Download Updater (AOL LLC)
DragonNest
Facebook Messenger 2.1.4623.0 (Version: 2.1.4623.0)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fax (Version: 130.0.418.000)
Google Chrome (Version: 21.0.1180.83)
Google Talk Plugin (Version: 3.5.1.8982)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 6500 E709 Series (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iTunes (Version: 10.6.1.7)
LG USB Modem driver
MarketResearch (Version: 130.0.374.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft PhotoDraw 2000 V2 (Version: 2.00.00.0915)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.579.000)
Nexon Game Manager
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Primo (Version: 1.00.0000)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.71.80.42)
Runtime (Version: 1.00.0000)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vindictus
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WJ III Normative Update Compuscore and Profiles Program
WMV9/VC-1 Video Playback (Version: 1.00.0000)
========================= Memory info: ===================================
Percentage of memory in use: 25%
Total physical RAM: 4095.18 MB
Available physical RAM: 3037.9 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 7064.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.69 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:931.4 GB) (Free:742.43 GB) NTFS
4 Drive f: (USB20FD) (Removable) (Total:15.11 GB) (Free:0.01 GB) FAT32
========================= Users: ========================================
User accounts for \\OWNER-PC
Administrator Guest Hannah 
Owner Woody Zachary 
========================= Minidump Files ==================================
No minidump file found

**** End of log ****


----------



## ratherbeingarden (Aug 8, 2012)

Is "Network Adapter" the same as "Network Card"? I don't see an adapter option in the device manager


----------



## CatByte (Feb 24, 2009)

yes,

are there any exclamation points in Device Manager?


----------



## ratherbeingarden (Aug 8, 2012)

There are no exclamation points in device manager.


----------



## CatByte (Feb 24, 2009)

ok, thanks


----------



## ratherbeingarden (Aug 8, 2012)

Okay I did all of the DOS commands. Everything said "OK" afterwards except the command with winsock in it. It said "access denied". Turned, rebooted still no internet.


----------



## CatByte (Feb 24, 2009)

ok

please do the following:

Click the *Start* button.

type *Find and Fix networking and connection problems* into the startbox

click on "Find and Fix networking and connection problems" when it populates above, a troubleshooting window will open

Click NEXT > choose "Troubleshoot my connection to the Internet"

allow the windows troubleshooter to detect any problems

report back what it finds and if it is able to fix anything

Now try resetting the Internet Protocol again:

To open a command prompt, click Start and then type CMD in the Search programs and files. Right-click CMD.exe icon in Programs and choose Run as administrator.
When the User Account Control box pop up, click Yes.
At the command prompt, copy and paste (or type) the following command and then press ENTER:
netsh int ip reset c:\resetlog.txt

Reboot the computer.


----------



## ratherbeingarden (Aug 8, 2012)

When troubleshooting the connection it said a problem was found. "Windows could not automatically detect this network's proxy Detected (then atriangle with an excalmation mark) setting"


----------



## ratherbeingarden (Aug 8, 2012)

And then I did the CMD prompts again, rebooted and still no internet connection.


----------



## CatByte (Feb 24, 2009)

Go to Start > Control Panel > Network and Sharing Center

Select "Change Adapter Settings" in the left window

Right click on your connection > Properties

scroll down in the window and click on Internet Protocol version 6 (TCP/IP) to highlight it > click the properties button underneath the scroll window

Make sure that "Obtain an IPv6 address automatically" and "Obtain DNS server address automatically" are checked.

Press OK

Now click on Internet Protocol Version 4 (TCP/IPv4) in the scroll window to highlight it > click the properties button underneath the scroll window

Make sure that "Obtain an IP address automatically" and "Obtain DNS server address automatically" are checked.

Press OK

now click the advanced button > make certain under "IP addresses" that DHCP Enabled is there, press OK

close out the window, reboot the computer.

next

go back to the elevated command prompt and type *ipconfig /release* and hit enter. The ip address should now read 0.0.0.0 now type *ipconfig /flushdns* and hit enter. now type *ipconfig /renew*. You may get the message that Local Area Connection is disabled. Now search for your network > choose your router, and try to connect.


----------



## ratherbeingarden (Aug 8, 2012)

Under the IP address, there is only, "Automatic configuration Only". There is no DHCP to enable


----------



## CatByte (Feb 24, 2009)

automatic is OK,

follow through with the rest of the steps and let me know the outcome


----------



## ratherbeingarden (Aug 8, 2012)

"An error occurred while releasing interface local area connection to an address has not yet been associated with the network in point " is what I get. Trying to do th first "release" prompt


----------



## CatByte (Feb 24, 2009)

Open Internet Explorer and go to Tools_Internet Options_Connections(tab). Then hit the LAN Settings button. Make sure that "Automatically Detect Settings" is checked and that nothing else is checked. 

try to connect again


----------



## ratherbeingarden (Aug 8, 2012)

Automatic was checked for the LAN. I did not have to change anything


----------



## ratherbeingarden (Aug 8, 2012)

Still no connection


----------



## CatByte (Feb 24, 2009)

Please copy the entire contents of the codebox below into Notepad:


Open Notepad
Copy the contents of the codebox below using *CTRL C*


```
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]
```

Now return to Notepad and use *CTRL V* to paste the script
Verify that you have pasted the complete script
Save the Notepad file to your Desktop as *FixReg.reg* using Save as Type: *All files*
Locate *FixReg.reg* on your desktop
Double click to run, and when prompted Allow the file to merge with your registry
OK your way out.
After that, *Reboot your computer*.

After the reboot, we will reinstall TCP/IP
Go to *Start* the *Control Panel* and choose *Network and Sharing Center*
click "change adapter settings"
Right click on your normal connection icon, and choose *Properties*
Click the *Install* button
Choose *Protocol* then click *Add*
Click *Have disk*
In the drop down box, type in: *C:\WINDOWS\INF* and click *OK*
In the next dialog, click *Internet Protocol (TCP/IP)* then click *OK*
Click *Close* to leave the properties box
After that, *Reboot your computer* and see if you have regained your connection.


----------



## ratherbeingarden (Aug 8, 2012)

There were two tcp/ip s to choose from. I picked the first one with a 4 instead of the one with a six. After reboot still no connection.


----------



## CatByte (Feb 24, 2009)

please re-run MiniToolBox and post a fresh log (check all the boxes)

I want to see if what we have done so far has changed anything, the first log had a couple of entries that I'm not sure about and I need to ask the developer about them

Also ComboFix has recently been updated, at this point I think we should run the latest version and see if it can restore the damage caused by this infection, delete the copy you have on your desktop

download a fresh copy from here

(make sure your security programs are disabled)

post the new log


----------



## ratherbeingarden (Aug 8, 2012)

Here is the mini tool one, Combo Fix is still running.

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 07-09-2012 at 23:27:19
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ============================== 
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================

========================= IP Configuration: ================================
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection 2 (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset

popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 40-61-86-99-E9-6B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6c30:88f:aa66:6eb8%16(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.110.184(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DHCPv6 IAID . . . . . . . . . . . : 322986374
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-2E-1A-12-6C-62-6D-94-59-73
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{01B934FA-53AA-4B9E-A79F-BC77B3BB49A0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for ‡<U_˜˜˜„¢,:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...40 61 86 99 e9 6b ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.110.184 266
169.254.110.184 255.255.255.255 On-link 169.254.110.184 266
169.254.255.255 255.255.255.255 On-link 169.254.110.184 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.110.184 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.110.184 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 266 fe80::/64 On-link
16 266 fe80::6c30:88f:aa66:6eb8/128
On-link
1 306 ff00::/8 On-link
16 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

========================= Event log errors: ===============================
Application errors:
==================
Error: (09/07/2012 11:17:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:15:30 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:09:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:07:33 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:02:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:00:29 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 10:30:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 10:28:48 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 10:17:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 10:15:20 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out

System errors:
=============
Error: (09/07/2012 11:25:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.135.330.0
Update Source: %NT AUTHORITY59
Update Stage: 4.0.1526.00
Source Path: 4.0.1526.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (09/07/2012 11:15:39 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.0 service failed to start due to the following error: 
%%3
Error: (09/07/2012 11:15:32 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014874
Error: (09/07/2012 11:12:46 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error %%-1.
Error: (09/07/2012 11:07:38 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.0 service failed to start due to the following error: 
%%3
Error: (09/07/2012 11:07:34 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014874
Error: (09/07/2012 11:04:48 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error %%-1.
Error: (09/07/2012 11:00:38 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.0 service failed to start due to the following error: 
%%3
Error: (09/07/2012 11:00:32 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014874
Error: (09/07/2012 10:57:44 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error %%-1.

Microsoft Office Sessions:
=========================
Error: (09/07/2012 11:17:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:15:30 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:09:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:07:33 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:02:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:00:29 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 10:30:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 10:28:48 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 10:17:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 10:15:20 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out

=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 6.2.1)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 50.0.165.000)
Adobe AIR (Version: 2.6.0.19120)
Adobe Community Help (Version: 3.4.980)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.0308.2325.42017)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.816.0)
Audible Download Manager (Version: 6.6.0.15)
Bandisoft MPEG-1 Decoder
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0308.2325.42017)
Catalyst Control Center Graphics Previews Common (Version: 2011.0308.2325.42017)
Catalyst Control Center InstallProxy (Version: 2011.0308.2325.42017)
ccc-utility64 (Version: 2011.0308.2325.42017)
CCC Help English (Version: 2011.0308.2324.42017)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Download Updater (AOL LLC)
DragonNest
Facebook Messenger 2.1.4623.0 (Version: 2.1.4623.0)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fax (Version: 130.0.418.000)
Google Chrome (Version: 21.0.1180.83)
Google Talk Plugin (Version: 3.5.1.8982)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 6500 E709 Series (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iTunes (Version: 10.6.1.7)
LG USB Modem driver
MarketResearch (Version: 130.0.374.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft PhotoDraw 2000 V2 (Version: 2.00.00.0915)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.579.000)
Nexon Game Manager
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Primo (Version: 1.00.0000)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.71.80.42)
Runtime (Version: 1.00.0000)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vindictus
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WJ III Normative Update Compuscore and Profiles Program
WMV9/VC-1 Video Playback (Version: 1.00.0000)
========================= Memory info: ===================================
Percentage of memory in use: 25%
Total physical RAM: 4095.18 MB
Available physical RAM: 3054.01 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 7083.72 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.32 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:931.4 GB) (Free:742.37 GB) NTFS
4 Drive f: (USB20FD) (Removable) (Total:15.11 GB) (Free:0.01 GB) FAT32
========================= Users: ========================================
User accounts for \\OWNER-PC
Administrator Guest Hannah 
Owner Woody Zachary 
========================= Minidump Files ==================================
No minidump file found

**** End of log ****


----------



## CatByte (Feb 24, 2009)

the winsock entries need to be reset after our last fix,

please run the following, then re-run minitool box again

Open up the elevated command prompt again, type in the following commands and hit enter after each command:

*netsh winsock reset catalog*

* netsh int ip reset reset.log hit *

Reboot the PC.

then re-run minitool box (check all the boxes in Mini tool box)


----------



## ratherbeingarden (Aug 8, 2012)

Still waiting on combofix log report then I will do reset and minitool


----------



## CatByte (Feb 24, 2009)

:up:


----------



## ratherbeingarden (Aug 8, 2012)

And here is the comboFix Log Report:

ComboFix 12-09-07.03 - Owner 09/07/2012 23:31:15.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2963 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 03:38 . 2012-09-08 03:38 -------- d-----w- c:\users\Zachary\AppData\Local\temp
2012-09-08 03:38 . 2012-09-08 03:38 -------- d-----w- c:\users\Woody\AppData\Local\temp
2012-09-08 03:38 . 2012-09-08 03:38 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2012-09-07 07:52 . 2012-09-07 07:52 -------- d-----w- C:\FRST
2012-09-06 17:15 . 2012-09-06 17:15 -------- d-----w- c:\users\Owner\AppData\Roaming\ImgBurn
2012-09-06 17:11 . 2012-09-08 03:29 -------- d-----r- c:\users\Public
2012-09-06 17:11 . 2012-09-07 05:42 -------- d-----w- c:\program files (x86)\ImgBurn
2012-09-06 10:26 . 2012-09-06 10:26 -------- d-----w- c:\users\Hannah\AppData\Local\VirtualStore
2012-09-06 10:26 . 2012-09-07 05:42 -------- d-----w- c:\users\Hannah\AppData\Roaming\ICAClient
2012-09-06 10:26 . 2012-09-06 10:26 -------- d-----w- c:\users\Hannah\AppData\Local\AOL
2012-09-06 10:26 . 2012-09-06 10:26 -------- d-----w- c:\users\Hannah\AppData\Local\Citrix
2012-09-06 10:26 . 2012-09-06 10:28 -------- d-----w- c:\users\Hannah\AppData\Local\Microsoft
2012-09-03 14:51 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B6C1FBC-B651-4A90-82EE-8A0576323142}\mpengine.dll
2012-09-01 22:29 . 2012-09-01 22:29 -------- d-----w- C:\_OTL
2012-09-01 14:46 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-31 14:01 . 2012-09-05 22:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-27 01:11 . 2012-08-27 01:41 -------- d-----w- c:\users\Woody\AppData\Local\NETGEARGenie
2012-08-26 23:25 . 2012-08-27 22:51 -------- d-----w- c:\users\Owner\AppData\Local\NETGEARGenie
2012-08-26 23:24 . 2012-08-26 23:24 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-08-26 23:24 . 2012-08-26 23:24 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-08-26 23:24 . 2012-08-26 23:24 106000 ----a-w- c:\windows\system32\packet.dll
2012-08-18 14:51 . 2012-08-18 14:51 -------- d-----w- c:\users\Woody\AppData\Roaming\Malwarebytes
2012-08-17 01:55 . 2012-08-17 19:09 -------- d-----w- c:\users\Woody\AppData\Local\Google
2012-08-17 01:54 . 2012-08-29 22:40 -------- d-----w- c:\program files\Google
2012-08-17 01:50 . 2012-08-17 01:50 -------- d-----w- c:\program files (x86)\LG Electronics
2012-08-17 01:50 . 2012-08-17 01:50 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-08-15 09:21 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 09:21 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 09:21 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 09:21 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 09:21 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 09:21 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 09:21 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 09:21 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 09:21 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 09:21 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 09:21 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 09:21 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 09:22 . 2011-04-06 15:38 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-08 00:19 . 2012-08-08 00:19 4269368 ----a-w- c:\windows\uninst.exe
2012-07-01 18:22 . 2012-07-01 18:22 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( [email protected]_01.31.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-09-04 14:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-01 20:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-01 20:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-04 14:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-01 20:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-04 14:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-09-08 03:17 63122 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-08 03:17 37452 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-06 15:20 . 2012-09-08 03:17 17474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4183818831-1049963728-4091137164-1000_UserData.bin
+ 2012-09-07 05:42 . 2012-09-06 22:51 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2009-07-14 04:46 . 2012-09-05 23:00 95712 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-04-14 19:53 . 2012-08-06 17:58 3880 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-04-14 19:53 . 2012-09-06 00:57 3880 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-05-02 12:19 . 2012-09-06 10:28 8970 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4183818831-1049963728-4091137164-1003_UserData.bin
- 2012-09-01 23:26 . 2012-09-01 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 03:15 . 2012-09-08 03:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 03:15 . 2012-09-08 03:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-01 23:26 . 2012-09-01 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-13 21:24 . 2012-09-06 04:20 382934 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-09-01 12:25 626290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-07 04:05 626290 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-01 12:25 107566 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-07 04:05 107566 c:\windows\system32\perfc009.dat
+ 2011-04-06 15:40 . 2012-09-06 18:42 941328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-09-08 03:12 494960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-01 23:23 494960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-21 20:41 . 2012-09-03 01:02 9650396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1004-8192.dat
- 2011-05-21 20:41 . 2012-09-01 00:02 9650396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1004-8192.dat
+ 2011-09-01 04:02 . 2012-09-02 01:45 5023128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1003-8192.dat
- 2011-05-06 01:10 . 2012-08-31 05:04 44332560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1002-8192.dat
+ 2011-05-06 01:10 . 2012-09-03 18:55 44332560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1002-8192.dat
+ 2011-08-05 04:46 . 2012-09-08 02:57 25091560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1000-8192.dat
+ 2011-05-21 20:41 . 2012-09-06 17:15 11473976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1000-12288.dat
- 2011-05-21 20:41 . 2012-08-29 22:37 11473976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4183818831-1049963728-4091137164-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1302653456\ee\AOLSoftware.exe" [2010-03-08 41800]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
.
c:\users\Zachary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-24 53488]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 9258496]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
- c:\users\Zachary\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 16:39]
.
2012-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
- c:\users\Zachary\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 16:39]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-17 18:53]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-17 18:53]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002Core.job
- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 21:06]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183818831-1049963728-4091137164-1002UA.job
- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 21:06]
.
2012-09-04 c:\windows\Tasks\User_Feed_Synchronization-{B14C5C7B-EA42-43E7-B289-7D52C2C60120}.job
- c:\windows\system32\msfeedssync.exe [2011-09-27 21:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~2\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-07 23:48:45
ComboFix-quarantined-files.txt 2012-09-08 03:48
ComboFix2.txt 2012-09-04 17:14
ComboFix3.txt 2012-09-02 03:20
.
Pre-Run: 796,824,911,872 bytes free
Post-Run: 796,755,386,368 bytes free
.
- - End Of File - - 66AFED98D2E174AB560E8CF10BFBFC12


----------



## ratherbeingarden (Aug 8, 2012)

The winsock command states "access denied". This is what it said last time too.


----------



## ratherbeingarden (Aug 8, 2012)

And here is the latest Minitool report. And by the way, we made it to our one month anniversary!

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 07-09-2012 at 23:59:48
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ============================== 
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================

========================= IP Configuration: ================================
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection 2 (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset

popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 40-61-86-99-E9-6B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6c30:88f:aa66:6eb8%16(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.110.184(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DHCPv6 IAID . . . . . . . . . . . : 322986374
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-2E-1A-12-6C-62-6D-94-59-73
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{01B934FA-53AA-4B9E-A79F-BC77B3BB49A0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for ›¦]_˜˜˜,ö:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...40 61 86 99 e9 6b ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.110.184 266
169.254.110.184 255.255.255.255 On-link 169.254.110.184 266
169.254.255.255 255.255.255.255 On-link 169.254.110.184 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.110.184 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.110.184 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 266 fe80::/64 On-link
16 266 fe80::6c30:88f:aa66:6eb8/128
On-link
1 306 ff00::/8 On-link
16 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

========================= Event log errors: ===============================
Application errors:
==================
Error: (09/07/2012 11:58:59 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:48:49 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:17:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:15:30 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:09:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:07:33 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:02:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:00:29 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 10:30:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 10:28:48 PM) (Source: Schedule) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out

System errors:
=============
Error: (09/07/2012 11:59:09 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.0 service failed to start due to the following error: 
%%3
Error: (09/07/2012 11:59:02 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014874
Error: (09/07/2012 11:56:12 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error %%-1.
Error: (09/07/2012 11:39:16 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/07/2012 11:34:51 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/07/2012 11:29:10 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/07/2012 11:29:10 PM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
Error: (09/07/2012 11:25:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.135.330.0
Update Source: %NT AUTHORITY59
Update Stage: 4.0.1526.00
Source Path: 4.0.1526.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (09/07/2012 11:15:39 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.0 service failed to start due to the following error: 
%%3
Error: (09/07/2012 11:15:32 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014874

Microsoft Office Sessions:
=========================
Error: (09/07/2012 11:58:59 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:48:49 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:17:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:15:30 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:09:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:07:33 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 11:02:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 11:00:29 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out
Error: (09/07/2012 10:30:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/07/2012 10:28:48 PM) (Source: Schedule)(User: )
Description: Schedule error: 10044Initialize call failed, bailing out

=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 6.2.1)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 50.0.165.000)
Adobe AIR (Version: 2.6.0.19120)
Adobe Community Help (Version: 3.4.980)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.0308.2325.42017)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.816.0)
Audible Download Manager (Version: 6.6.0.15)
Bandisoft MPEG-1 Decoder
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0308.2325.42017)
Catalyst Control Center Graphics Previews Common (Version: 2011.0308.2325.42017)
Catalyst Control Center InstallProxy (Version: 2011.0308.2325.42017)
ccc-utility64 (Version: 2011.0308.2325.42017)
CCC Help English (Version: 2011.0308.2324.42017)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Download Updater (AOL LLC)
DragonNest
Facebook Messenger 2.1.4623.0 (Version: 2.1.4623.0)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fax (Version: 130.0.418.000)
Google Chrome (Version: 21.0.1180.83)
Google Talk Plugin (Version: 3.5.1.8982)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 6500 E709 Series (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iTunes (Version: 10.6.1.7)
LG USB Modem driver
MarketResearch (Version: 130.0.374.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft PhotoDraw 2000 V2 (Version: 2.00.00.0915)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.579.000)
Nexon Game Manager
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Primo (Version: 1.00.0000)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.71.80.42)
Runtime (Version: 1.00.0000)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vindictus
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WJ III Normative Update Compuscore and Profiles Program
WMV9/VC-1 Video Playback (Version: 1.00.0000)
========================= Devices: ================================

========================= Memory info: ===================================
Percentage of memory in use: 23%
Total physical RAM: 4095.18 MB
Available physical RAM: 3134.7 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 7155.65 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.82 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:931.4 GB) (Free:742.15 GB) NTFS
4 Drive f: (USB20FD) (Removable) (Total:15.11 GB) (Free:0.01 GB) FAT32
========================= Users: ========================================
User accounts for \\OWNER-PC
Administrator Guest Hannah 
Owner Woody Zachary 
========================= Minidump Files ==================================
No minidump file found
========================= Restore Points ==================================
05-09-2012 23:11:38 8/01/2012
08-09-2012 03:29:32 ComboFix created restore point
**** End of log ****


----------



## CatByte (Feb 24, 2009)

well it's been an adventure,

I am going to consult with an expert colleague, we seem to have narrowed it down to the winsock issue

so bear with me till I get a reply

At least we have fixed the malware rogue partition


----------



## ratherbeingarden (Aug 8, 2012)

Thank you again for your help. I guess I will call it a night then.


----------



## CatByte (Feb 24, 2009)

have a good rest


----------



## CatByte (Feb 24, 2009)

good mornin.

Things aren't progressing as I would have hoped, so let's take a step backwards before we can go forward again

Let's see how far back we can restore this machine to.

A restore point was created here
*
05-09-2012 23:11:38 8/01/2012*

Let's restore to that


type *system restore* into the search box in the Start menu and hit *Enter*.
the System Restore wizard will open
choose the recommended restore point, which is usually the most recent one.....
Or you can choose a different restore point, which for our situation we need to do. 
Select the radio button next to *Choose a different restore point* then click *Next.* 
Now a list of different restore points and the description of what was taking place when it was created will populate. 
click on the box next to *Show more restore points*.
Now scroll through and determine which restore point you want. (if there is one prior to 05-09-2012 23:11:38 8/01/2012, let me know how far back it goes)
Confirm the restore point and click *Finish*
Click *Yes* to the message saying that it can't be undone until it has completed, or cannot be undone if running it from Safe Mode.
The System Restore process will begin
several messages should display during the process.
your system should now function how it was during the time it was restored to

post a new MiniToolBox log


----------



## CatByte (Feb 24, 2009)

You still with me?


----------



## ratherbeingarden (Aug 8, 2012)

On Saturday I attempted to work on the computer to get to the restore point when I started to smell something burning. It was the computer! Everything shut down, the computer would not even turn on. Keeping it short, we determined today the motherboard went out. I appreciate your all of your help and if the motherboard had not gone out, I'm sure you could have fixed the internet problems. Again, thank you.


----------



## CatByte (Feb 24, 2009)

oh dear, sorry to hear that,

too much stress, your machine was terribly infected,
sometimes machines just don't recover

what did you decide to do? new Mother board or new computer?


----------

