Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser re-direct and Internet Connection Loss [Solved]

Started by intothwoods , Apr 20 2012 09:11 AM

  • This topic is locked This topic is locked

#1
intothwoods
Posted 20 April 2012 - 09:11 AM

intothwoods

    New Member

  • Member
  • Pip
  • 8 posts
Hello. I recently have been having internet connection issues that eventually forced me to disable my wireless connection and only use a LAN connection. Even now I lose my connection repeadetly and have to run diagnostics which blames the problem on my router. Although I believe my router is fine.

As of yesterday when I type something in a search engine instead of directing me what I click on it directs me to various websites that is a different search engine wanting me to click on there links.

I have tried running my Malwarebytes and performed a quick scan and it came back with nothing. After trying to run a full scan it crashed the program and now it says the files are corrupt and wont let me download a new version. Once while trying to recover Malwarebytes Mircosoft secuirty popped up and said there was a Trojan and click to clean but I didnt think of getting the file name then and havent seen it since. I do not have a virus name im sorry. Im not sure where to go from here. This is a work computer which many people have access to so im not sure what got picked up where. Please help. I appreciate your time thank you.



OTL logfile created on: 4/20/2012 9:30:25 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jared\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.07% Memory free
3.98 Gb Paging File | 2.40 Gb Available in Paging File | 60.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 229.97 Gb Free Space | 81.15% Space Free | Partition Type: NTFS

Computer Name: JARED-WIN7 | User Name: Jared | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/20 09:30:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe
PRC - [2012/02/28 07:23:15 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2012/02/08 07:09:31 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/10 14:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2011/04/10 14:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2011/04/10 14:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2011/04/05 06:26:34 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/04/05 06:10:28 | 001,149,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/11/03 16:37:10 | 000,111,216 | ---- | M] (STMicroelectronics) -- C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
PRC - [2010/10/18 14:52:50 | 001,021,504 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Dell\duo Stage\duoStage.exe
PRC - [2010/09/23 12:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxAudMsg32.exe
PRC - [2010/09/23 12:24:36 | 000,123,008 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxUSBDock32.exe
PRC - [2010/08/20 14:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/30 13:56:32 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
PRC - [2010/07/30 13:56:18 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe
PRC - [2010/07/30 13:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe
PRC - [2010/07/20 21:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/06/08 10:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/24 16:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
PRC - [2010/05/12 17:38:16 | 002,928,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2010/02/26 19:11:30 | 000,562,504 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Dell\Dell Location and GPS\Dell Location Utility\xpscontrolpanel.exe
PRC - [2010/02/26 19:10:50 | 000,699,208 | ---- | M] (Skyhook Wireless) -- c:\Program Files\Dell\Dell Location and GPS\Dell Location Utility\xpssvc.exe
PRC - [2009/12/15 17:51:50 | 002,488,832 | ---- | M] (Wisair Ltd.) -- C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe
PRC - [2009/12/01 15:13:30 | 001,086,464 | ---- | M] (Wisair Ltd.) -- C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe
PRC - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 05:29:41 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll
MOD - [2012/04/13 05:29:11 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012/02/16 07:18:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/16 07:18:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/16 07:18:18 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/14 06:21:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2011/10/14 06:12:12 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/11/03 16:37:10 | 000,146,032 | ---- | M] () -- C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll
MOD - [2010/09/29 09:46:50 | 000,103,488 | ---- | M] () -- C:\Program Files\Dell\duo Stage\en-US\UI\MiniStageUI.dll
MOD - [2010/07/20 21:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/20 21:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/20 21:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/20 21:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/20 21:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/20 21:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/20 21:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/20 21:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/26 19:07:52 | 000,019,784 | ---- | M] () -- C:\Program Files\Dell\Dell Location and GPS\Dell Location Utility\xpscontrolpanel.ENU.dll
MOD - [2010/01/05 16:19:38 | 000,082,432 | ---- | M] () -- C:\Program Files\Wireless USB\Components\WirelessUSBManager\WUSBResource.dll
MOD - [2009/12/23 10:45:04 | 007,505,920 | ---- | M] () -- C:\Program Files\Dell\duo Stage\QtGui4.dll
MOD - [2009/09/08 19:51:08 | 000,347,648 | ---- | M] () -- C:\Program Files\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll
MOD - [2009/09/08 19:50:52 | 000,177,664 | ---- | M] () -- C:\Program Files\Dell\duo Stage\QtSql4.dll
MOD - [2009/09/08 14:01:32 | 002,070,528 | ---- | M] () -- C:\Program Files\Dell\duo Stage\QtCore4.dll
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/17 17:08:36 | 000,850,944 | ---- | M] () -- C:\Program Files\Dell\duo Stage\QtNetwork4.dll
MOD - [2009/06/25 10:05:10 | 000,311,296 | ---- | M] () -- C:\Program Files\Dell\duo Stage\QtXml4.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/04/13 09:39:14 | 000,252,672 | ---- | M] () -- C:\Program Files\Dell\duo Stage\kgl.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/08 07:09:58 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/08 07:09:31 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/10 14:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011/04/05 06:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/16 12:40:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/25 02:48:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/23 12:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\System32\CxAudMsg32.exe -- (CxAudMsg)
SRV - [2010/09/23 12:24:36 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [On_Demand | Running] -- C:\Windows\System32\CxUSBDock32.exe -- (CxUSBDock)
SRV - [2010/08/20 14:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/07/30 13:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/06/08 10:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/05/24 16:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/02/26 19:10:50 | 000,699,208 | ---- | M] (Skyhook Wireless) [Auto | Running] -- c:\Program Files\Dell\Dell Location and GPS\Dell Location Utility\xpssvc.exe -- (xpssvc)
SRV - [2009/12/01 15:13:30 | 001,086,464 | ---- | M] (Wisair Ltd.) [Auto | Running] -- C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe -- (CableAssociation)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\QWARQNet.sys -- (QWARQNet)
DRV - File not found [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A04DC26-7B79-4724-97EC-A4F567A62F46}\MpKsl988aef92.sys -- (MpKsl988aef92)
DRV - [2012/04/20 09:13:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/20 07:44:00 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44808609-80A8-4B31-BC69-25031D924EED}\MpKsle2ca372a.sys -- (MpKsle2ca372a)
DRV - [2012/02/08 07:09:35 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/10 20:08:50 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort)
DRV - [2011/04/10 14:07:03 | 000,182,896 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2011/04/10 14:07:03 | 000,014,448 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/21 11:54:54 | 000,028,272 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LSM303DLH.sys -- (LSM303DLH)
DRV - [2010/08/12 10:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/30 21:43:22 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010/07/30 11:12:32 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010/07/30 11:12:32 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010/07/30 11:12:32 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010/07/30 11:12:32 | 000,047,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV - [2010/07/30 11:12:32 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010/07/30 11:12:32 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010/07/30 11:12:32 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010/07/22 11:24:42 | 001,802,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/06/22 12:27:46 | 000,521,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/06/22 03:30:14 | 000,116,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO)
DRV - [2010/03/24 16:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/02/10 19:08:12 | 000,012,416 | ---- | M] (Skyhook Wireless) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\XPSVCOM.sys -- (XPSVCOM)
DRV - [2009/12/22 21:02:32 | 000,138,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSR_RCI.SYS -- (HWARadio)
DRV - [2009/12/22 21:02:18 | 000,473,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSR_DWA.SYS -- (DWA)
DRV - [2009/12/22 21:01:52 | 000,773,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSR_HWA.SYS -- (hwa)
DRV - [2009/12/15 18:21:06 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSR_TBF.sys -- (DLCopyFilter)
DRV - [2009/12/01 15:35:14 | 000,044,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_USF.sys -- (WSR_USF)
DRV - [2009/10/02 00:25:36 | 000,047,104 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ax88178.sys -- (AX88178)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {1CAD0445-1F95-4259-8E45-6BC354E0FC25}
IE - HKLM\..\SearchScopes\{1CAD0445-1F95-4259-8E45-6BC354E0FC25}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MRSDD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {1CAD0445-1F95-4259-8E45-6BC354E0FC25}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/11/25 02:23:16 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: c:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/01 09:15:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/01 09:15:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (LocationFinder Class) - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - c:\Program Files\Skyhook Wireless\Loki Plugin\loki.dll (Skyhook Wireless)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Location Utility] c:\Program Files\Dell\Dell Location and GPS\Dell Location Utility\xpscontrolpanel.exe (Skyhook Wireless)
O4 - HKLM..\Run: [Dell Magneto Popup] C:\Program Files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://192.168.1.5:85/WebClient.cab (WebClient Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CA4900-82A4-48F1-8593-53CFB4FAF116}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2C5BF91-C19D-4E3D-AB3E-EFF299B43BFA}: DhcpNameServer = 127.0.0.1 192.168.1.3
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7524e1cc-7710-11e0-a4da-485d60abe58a}\Shell - "" = AutoRun
O33 - MountPoints2\{7524e1cc-7710-11e0-a4da-485d60abe58a}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{7e0df4f9-593c-11e0-b888-485d60abe58a}\Shell - "" = AutoRun
O33 - MountPoints2\{7e0df4f9-593c-11e0-b888-485d60abe58a}\Shell\AutoRun\command - "" = D:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 09:29:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe
[2012/04/20 09:10:23 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{443796EA-EC9F-4C19-9186-97B0BBBEF35C}
[2012/04/20 09:06:09 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/04/20 07:54:01 | 000,000,000 | ---D | C] -- C:\Users\Jared\Desktop\Backup
[2012/04/19 10:16:18 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/04/17 10:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{7D9A5ADB-508A-4C85-BB92-168398580C7B}
[2012/04/12 09:38:03 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{D6993B8B-0912-40C2-BBFB-D5AD57F49CF3}
[2012/04/11 07:08:29 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{1EB85F6C-7980-4E57-A529-76F863041986}
[2012/04/11 07:08:04 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{F021240B-2E59-4F5F-BC49-6A2FDDB23FC8}
[2012/04/11 07:07:52 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{ADF90793-F46E-44AC-A7FB-0E91ABBF72C9}
[2012/04/10 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{3259B409-8B07-4BF1-80D6-9603C64ED76A}
[2012/04/10 09:20:59 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{1F31FDBC-797C-424D-B9BD-2382FCCD88AC}
[2012/04/10 09:17:41 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{630044FA-4F91-49BB-9B48-EA5FDD47030B}
[2012/04/06 09:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{C93B7AE7-1C6C-433C-B0D7-B916F752DC9E}
[2012/04/06 09:03:32 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{9A2163EC-C012-42B0-B339-B580ACC131C4}
[2012/04/05 07:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{E8F9A552-2833-4FCB-AF99-2063B7F362D6}
[2012/04/04 07:14:22 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{2AB0DB39-136A-425A-AF4E-8109B710601B}
[2012/04/04 07:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{0D5FD2C2-5D80-4793-A049-57CFA2D06BDD}
[2012/04/03 09:16:56 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{399FBD75-DD54-4DB3-9747-E637359EBAB3}
[2012/04/03 09:16:44 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{97660E1D-02F9-4B7D-8847-5DC517CC397C}
[2012/04/03 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{ECFEEBC9-457C-47A2-83E3-48AA98B7401A}
[2012/04/03 07:43:22 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{71342919-8380-47B8-B321-0BA88E0A525E}
[2012/03/30 08:17:40 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{4A816957-043A-4397-8A77-0FD01D280017}
[2012/03/28 08:17:45 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{0CAF3295-8F6A-4C70-868B-167FF37411EB}
[2012/03/28 08:17:31 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{C3C16C1D-F727-46A5-8AFB-DF7C97C82D0E}
[2012/03/27 07:03:28 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{A98F6B15-4A07-4A64-B27A-76056C32078B}
[2012/03/27 07:03:16 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{006FE9B4-798B-4BD0-95B4-1864B4760FBD}
[2012/03/26 09:40:20 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{8E91B786-A9BC-47CE-8C80-CB52891141C7}
[2012/03/26 09:40:06 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{D3DD07F7-799D-49EF-AB35-F3347BCAE21B}
[2012/03/24 07:49:25 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{66261359-2459-4963-AB65-3081097FD56A}
[2012/03/23 08:36:01 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{275E61C7-11B8-4A33-BE8D-0939F82D7473}
[2012/03/23 08:35:48 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{542A13A1-85D2-4785-83BF-1DE2E5AF579C}
[2012/03/22 10:06:10 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{ABC6C937-68F8-49E7-9BE9-F10DEAD092DE}
[2012/03/22 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\{66B8DB81-7E82-4D89-89F0-394CE30FE399}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/20 09:30:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\OTL.exe
[2012/04/20 09:13:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/04/20 08:58:37 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/20 08:58:37 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 07:51:09 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 07:51:09 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 07:44:14 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/04/20 07:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 07:43:30 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/16 07:32:38 | 339,952,165 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/03 07:42:49 | 000,001,778 | ---- | M] () -- C:\Users\Jared\Desktop\Piece Counting.lnk
[2012/03/23 09:53:24 | 000,006,047 | ---- | M] () -- C:\Users\Jared\Desktop\ofx.qbo
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/16 07:32:38 | 339,952,165 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/03 07:42:17 | 000,001,778 | ---- | C] () -- C:\Users\Jared\Desktop\Piece Counting.lnk
[2012/03/23 09:53:23 | 000,006,047 | ---- | C] () -- C:\Users\Jared\Desktop\ofx.qbo
[2011/09/15 06:12:51 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011/09/15 06:12:51 | 000,137,073 | ---- | C] () -- C:\Windows\unins000.dat
[2011/06/29 10:32:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2011/06/29 10:32:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd11.dll
[2011/06/29 10:32:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2011/05/20 12:34:29 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/04/19 06:39:35 | 000,000,163 | ---- | C] () -- C:\Users\Jared\AppData\Roaming\default.rss
[2011/03/01 09:05:20 | 000,221,545 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/03/01 09:05:20 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/01/04 15:05:30 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/01/04 15:05:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/01/04 15:03:20 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/04 15:00:17 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7440n.dat
[2011/01/04 14:59:39 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/01/04 14:59:38 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/01/04 14:59:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/01/04 14:59:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/01/04 14:58:47 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/01/04 14:52:45 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/11/25 02:36:01 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
[2010/11/03 15:55:32 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/06/22 03:30:08 | 000,864,276 | R--- | C] () -- C:\Windows\System32\drivers\bcm70015fw.bin
[2010/06/22 03:30:04 | 002,786,404 | R--- | C] () -- C:\Windows\System32\drivers\bcm70012fw.bin
[2010/06/07 22:02:24 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin

========== LOP Check ==========

[2010/12/16 11:42:35 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\BookStage
[2010/11/25 03:33:03 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Leadertech
[2011/02/11 11:31:48 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\ScanSoft
[2011/08/06 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Stardock
[2011/02/01 10:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Windows Live Writer
[2011/02/11 11:31:59 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Zeon
[2012/04/16 07:32:53 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB15043$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 20 April 2012 - 11:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you confirm with your IT department that they are happy for me to help... If they are

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
intothwoods
Posted 23 April 2012 - 06:49 AM

intothwoods

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you Essexboy. Yes they would be very happy to have your help. Here is the log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 06:39:56
-----------------------------
06:39:56.322 OS Version: Windows 6.1.7600
06:39:56.322 Number of processors: 4 586 0x1C0A
06:39:56.322 ComputerName: JARED-WIN7 UserName: Jared
06:39:57.742 Initialize success
06:40:03.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
06:40:03.471 Disk 0 Vendor: Hitachi_ EC2O Size: 305245MB BusType: 3
06:40:03.503 Disk 0 MBR read successfully
06:40:03.518 Disk 0 MBR scan
06:40:03.534 Disk 0 Windows VISTA default MBR code
06:40:03.549 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
06:40:03.565 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
06:40:03.596 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
06:40:03.627 Disk 0 scanning sectors +625140400
06:40:03.705 Disk 0 scanning C:\Windows\system32\drivers
06:40:13.393 Service scanning
06:40:23.658 Service MpKsld069c9ba c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44808609-80A8-4B31-BC69-25031D924EED}\MpKsld069c9ba.sys **LOCKED** 32
06:40:23.845 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
06:40:35.451 Modules scanning
06:40:50.817 Disk 0 trace - called modules:
06:40:50.911 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
06:40:50.942 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x876b0030]
06:40:50.958 3 CLASSPNP.SYS[8919059e] -> nt!IofCallDriver -> [0x85b88920]
06:40:50.989 5 ACPI.sys[88ac33b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85b52028]
06:40:51.020 Scan finished successfully
06:46:45.905 Disk 0 MBR has been saved successfully to "C:\Users\Jared\Desktop\MBR.dat"
06:46:45.968 The log file has been saved successfully to "C:\Users\Jared\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 23 April 2012 - 01:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case I now know what we have so lets go on a killing spreee

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
intothwoods
Posted 24 April 2012 - 07:48 AM

intothwoods

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ran combofix and it found and deleted a few things. Internet is not re-directing me and seems to be running faster. All my connectivity issues still exsists. Maybe its a hardware problem I dont know. Here is the log.

ComboFix 12-04-24.01 - Jared 04/24/2012 6:28.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2036.938 [GMT -6:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB15043$
c:\windows\$NtUninstallKB15043$\1506368489
c:\windows\$NtUninstallKB15043$\737218866\@
c:\windows\$NtUninstallKB15043$\737218866\cfg.ini
c:\windows\$NtUninstallKB15043$\737218866\Desktop.ini
c:\windows\$NtUninstallKB15043$\737218866\L\xadqgnnk
c:\windows\$NtUninstallKB15043$\737218866\oemid
c:\windows\$NtUninstallKB15043$\737218866\U\00000001.@
c:\windows\$NtUninstallKB15043$\737218866\U\00000002.@
c:\windows\$NtUninstallKB15043$\737218866\U\00000004.@
c:\windows\$NtUninstallKB15043$\737218866\U\80000000.@
c:\windows\$NtUninstallKB15043$\737218866\U\80000004.@
c:\windows\$NtUninstallKB15043$\737218866\U\80000032.@
c:\windows\$NtUninstallKB15043$\737218866\version
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 12:43 . 2012-04-24 12:44 -------- d-----w- c:\users\Jared\AppData\Local\temp
2012-04-24 12:43 . 2012-04-24 12:43 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-04-24 12:43 . 2012-04-24 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 12:43 . 2012-04-24 12:43 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2012-04-24 12:07 . 2012-04-24 12:07 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69267C49-ED9F-478D-ACDB-9301B55A7F31}\offreg.dll
2012-04-23 12:42 . 2012-04-13 06:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69267C49-ED9F-478D-ACDB-9301B55A7F31}\mpengine.dll
2012-04-20 15:06 . 2012-04-20 15:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-12 18:20 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 18:20 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 18:20 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 18:20 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 18:18 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 18:18 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 13:23 . 2012-02-28 13:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 16:14 . 2012-02-16 16:14 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-16 16:14 . 2012-02-16 16:14 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-16 16:14 . 2012-02-16 16:14 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-16 16:14 . 2012-02-16 16:14 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-16 16:14 . 2012-02-16 16:14 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-16 16:14 . 2012-02-16 16:14 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-16 16:14 . 2012-02-16 16:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-16 16:14 . 2012-02-16 16:14 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 16:14 . 2012-02-16 16:14 367104 ----a-w- c:\windows\system32\html.iec
2012-02-16 16:14 . 2012-02-16 16:14 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-16 16:14 . 2012-02-16 16:14 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-16 16:14 . 2012-02-16 16:14 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-16 16:14 . 2012-02-16 16:14 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-16 16:14 . 2012-02-16 16:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-16 16:14 . 2012-02-16 16:14 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-16 16:14 . 2012-02-16 16:14 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-16 16:14 . 2012-02-16 16:14 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-15 05:44 . 2012-03-13 17:09 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 17:09 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 17:09 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 18:09 . 2012-02-14 18:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-13 13:39 . 2012-02-13 13:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4FB1EB3-5440-46ED-9A89-0A7A9D0F4A61}\gapaengine.dll
2012-02-10 05:41 . 2012-03-14 12:47 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 12:47 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 12:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 12:47 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 12:47 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-08 13:09 . 2011-06-21 14:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-08 13:09 . 2011-06-21 14:36 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-08 13:09 . 2011-06-21 14:36 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-08 13:09 . 2011-06-21 14:36 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 04:01 . 2012-03-14 12:47 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-12-16 16:42 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-13 1873192]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-07-30 470176]
"AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-07-30 289952]
"Dell Location Utility"="c:\program files\Dell\Dell Location and GPS\Dell Location Utility\xpscontrolpanel.exe" [2010-02-27 562504]
"Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"WirelessUSBManager"="c:\program files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe" [2009-12-15 2488832]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell duo Stage.lnk - c:\program files\Dell\duo Stage\duoStage.exe [2010-10-18 1021504]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-11-25 08:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2010-07-30 47144]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [2009-10-02 47104]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-04-20 40776]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-16 1343400]
R3 WSR_USF;Debug1;c:\windows\system32\Drivers\WSR_USF.sys [2009-12-01 44928]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-04-10 14448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-07-30 38560]
S2 CableAssociation;CableAssociation;c:\program files\Wireless USB\Components\Association\CableAssociation.exe [2009-12-01 1086464]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 5240168]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-02-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-01-12 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 xpssvc;Dell Location Utility;c:\program files\Dell\Dell Location and GPS\Dell Location Utility\xpssvc.exe [2010-02-27 699208]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-07-30 37224]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-07-30 256360]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-07-30 28200]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-07-30 177704]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-07-30 46952]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-07-30 143080]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-07-31 230760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2011-04-11 21888]
S3 DLCopyFilter;DLCopyFilter;c:\windows\system32\Drivers\wsr_tbf.sys [2009-12-16 39936]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-04-10 182896]
S3 DWA;Wireless USB Device Adapter;c:\windows\system32\DRIVERS\WSR_DWA.SYS [2009-12-23 473600]
S3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2009-12-23 773632]
S3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2009-12-23 138240]
S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 XPSVCOM;XPSVCOM;c:\windows\system32\DRIVERS\XPSVCOM.sys [2010-02-11 12416]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://192.168.1.5:85/WebClient.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-24 06:49:49
ComboFix-quarantined-files.txt 2012-04-24 12:49
.
Pre-Run: 249,145,692,160 bytes free
Post-Run: 248,940,273,664 bytes free
.
- - End Of File - - 2022C8F12D00D2455C36012122E8B593
  • 0

#6
Essexboy
Posted 24 April 2012 - 01:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you tried rebooting the router or resetting it ?

Also have you tried a different ethernet cable

Could you now update and run Malwarebytes, posting the resultant log
  • 0

#7
intothwoods
Posted 25 April 2012 - 07:55 AM

intothwoods

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay Malwarebytes opened regularly and I manually updated it. I wasnt sure if you wanted me to run a quick scan or full scan. Here is the report for quickscan. Thanks.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.25.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Jared :: JARED-WIN7 [administrator]

Protection: Enabled

4/25/2012 7:38:23 AM
mbam-log-2012-04-25 (07-38-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235102
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Essexboy
Posted 25 April 2012 - 12:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Quickscan is good


What are the current problems ?
  • 0

#9
intothwoods
Posted 26 April 2012 - 07:06 AM

intothwoods

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I currently have no browser issues. Seems I am running fine and faster than before. You cured whatever was going on there. Still have connectivity issues. Still can not connect wirelessly and have disabled it. About every ten minutes it loses its connection through the LAN cable and I have to diagnose the problem. It says "The default gateway is not available." The other computers on the network work fine and so do the other wireless devices. I have not tried another cable I do not currently have one. If we cant work this issue out thats ok we can live with it. Thank you.
  • 0

#10
Essexboy
Posted 26 April 2012 - 01:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you go to control panel > device manager
Then take a screenshot of the area I have marked below
Then post that


  • 0

Advertisements

#11
intothwoods
Posted 27 April 2012 - 08:40 AM

intothwoods

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hope this is correct!

Attached Thumbnails

  • Device Manager.jpg

  • 0

#12
Essexboy
Posted 27 April 2012 - 12:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have found the latest driver for your wireless

Download the zip file from here to your desktop
Extract all the files to their own folder on the desktop
Right click netathr.inf
Select install

Reboot and let me know if the wireless works
  • 0

#13
intothwoods
Posted 28 April 2012 - 06:26 AM

intothwoods

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you. I downloaded "Download Atheros driver 10.0.0.45 for AR9285" and after extracting to its own folder I right click and click on install it gives me a warning and says "Installation failed." I click ok and nothing happened.
  • 0

#14
Essexboy
Posted 28 April 2012 - 06:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if windows can update the drivers

Go to device manager again
Right click the wireless connection
Select Properties
Select the driver tab
Press update driver

Then repeat For the Realtek

If they fail then I to would suspect some hardware problems

Meanwhile how is the computer behaving ? If you are happy I will then remove my tools and tidy up
  • 0

#15
intothwoods
Posted 28 April 2012 - 08:10 AM

intothwoods

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Woohoo! It worked. I am connected wirelessly. I updated them both and pushed on a network to connect to and it connected me. Still unsure if it will kick me off every ten minutes but I think I have enough info to go on my own from here. Thank you very much. Everything seems to be performing well and I have not had any browser issues since we worked out the problems. We can start the removal process!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP