Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet connected but not working [Solved]

Started by 314 , Mar 22 2013 10:04 PM

This topic is locked

#1
314

Posted 22 March 2013 - 10:04 PM

Member

Member
65 posts

My sisters computer has internet problems, she gave it to me cause I know more about computers, but I am stumped. I have ran malwarebytes, combo fix, roguekiller, adwcleaner. but still wont resolve dns. I have also uninstalled the network adapter and flushed the dns server, and changed the dns server to google's free dns server and still nothing. In review of the logs I have found spyware and I think that it is the root cause of the issue.

To whom helps me here are the otl logs Thank you:

OTL logfile created on: 3/22/2013 9:27:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\debbie\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.12% Memory free
15.96 Gb Paging File | 14.17 Gb Available in Paging File | 88.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.41 Gb Total Space | 386.35 Gb Free Space | 83.01% Space Free | Partition Type: NTFS
Drive E: | 976.20 Mb Total Space | 950.03 Mb Free Space | 97.32% Space Free | Partition Type: FAT

Computer Name: DEBBIE-PC | User Name: debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/13 18:19:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\debbie\Desktop\OTL.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/03 09:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/06/26 14:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/06/11 12:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/06/11 12:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011/11/18 14:22:32 | 001,316,720 | ---- | M] (Shaw Communications) -- C:\Program Files (x86)\shaw\bin\shawsupport.exe
PRC - [2009/09/17 13:55:06 | 000,663,552 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe
PRC - [2008/04/23 04:30:36 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2001/03/15 08:17:00 | 000,217,088 | ---- | M] (MySoftware, Inc.) -- C:\Program Files (x86)\Common Files\MySoftware\newsflsh.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/26 14:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/06/26 14:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/06/26 14:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/06/26 14:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/06/26 14:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012/06/26 14:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2009/04/16 17:31:14 | 004,210,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\PC Internet Access\GraphicsResources.ngr
MOD - [2008/11/12 11:18:00 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\PC Internet Access\TextResources_eng-us.nlr
MOD - [2006/01/12 22:20:26 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\AcroTray.DEU
MOD - [2006/01/12 22:13:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\AcroTray.FRA

========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/12 20:52:35 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/10 11:20:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/03 09:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/06/11 12:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/11 12:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/09 18:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/01/09 18:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/01/09 18:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/01/09 18:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/15 21:05:00 | 000,121,832 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/02/13 07:51:42 | 000,364,520 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 7C 92 55 FA DE CD 01 [binary data]
IE - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-635144532-2922666282-4183104592-1001\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 11:20:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/12/23 00:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\debbie\AppData\Roaming\Mozilla\Extensions
[2013/03/21 23:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\extensions
[2013/02/22 23:04:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/02/13 21:50:31 | 000,213,470 | ---- | M] () (No name found) -- C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\extensions\[email protected]
[2013/02/26 22:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/10 11:20:24 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/26 22:45:13 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/21 22:58:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [shawnotify] c:\Program Files\Shaw\Update\siuloader.exe (Shaw Cablesystems)
O4 - HKU\S-1-5-21-635144532-2922666282-4183104592-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-635144532-2922666282-4183104592-1000..\Run: [NokiaPCInternetAccess] C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe (Nokia)
O4 - HKU\S-1-5-21-635144532-2922666282-4183104592-1000..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-635144532-2922666282-4183104592-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-635144532-2922666282-4183104592-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-635144532-2922666282-4183104592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-635144532-2922666282-4183104592-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A42DF94-D481-47AB-B995-F1FA3916EBE3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68754A8A-A47F-4B28-9361-7DD244FAF641}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68754A8A-A47F-4B28-9361-7DD244FAF641}: NameServer = 8.8.8.8,8.8.4.4
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/22 21:25:44 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\debbie\Desktop\aswMBR.exe
[2013/03/22 21:25:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\debbie\Desktop\OTL.exe
[2013/03/21 23:19:35 | 000,000,000 | ---D | C] -- C:\Users\debbie\Desktop\RK_Quarantine
[2013/03/21 23:00:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/21 22:58:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/21 22:54:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/21 22:54:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/21 22:54:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/21 22:54:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/03/21 22:52:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/21 22:52:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/21 22:49:58 | 005,042,224 | R--- | C] (Swearware) -- C:\Users\debbie\Desktop\ComboFix.exe
[2013/03/21 22:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2013/03/21 22:16:11 | 000,000,000 | ---D | C] -- C:\Users\debbie\AppData\Local\Diagnostics
[2013/03/15 23:08:11 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/03/15 23:08:11 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/03/15 23:08:11 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/03/15 23:08:11 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/03/15 23:08:09 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/03/15 23:08:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/03/15 23:08:07 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/03/15 23:08:07 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/03/15 23:08:07 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/03/15 23:08:07 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/03/15 23:08:07 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/15 23:08:07 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/15 23:08:07 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/15 23:08:07 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/15 23:08:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/15 23:08:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/15 23:08:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/15 23:08:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/15 23:08:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/15 23:08:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/15 23:08:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/15 23:08:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/15 23:08:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/15 23:08:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/15 23:08:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/15 23:08:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/15 23:08:07 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/15 23:08:07 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/15 23:08:06 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/03/15 23:08:06 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/03/15 23:08:06 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/03/15 23:08:06 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/03/15 23:08:06 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/03/15 23:08:06 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/03/15 23:08:06 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/03/15 23:08:06 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/03/15 23:08:06 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/03/15 23:08:06 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/03/15 23:08:05 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/03/15 23:08:05 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/03/15 23:08:05 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/03/15 23:07:22 | 002,558,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013/03/15 23:02:57 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/14 23:36:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/14 23:36:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/14 23:36:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/14 23:36:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/14 23:36:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/14 23:36:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/14 23:36:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/14 23:36:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/14 23:36:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/14 23:36:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/14 23:36:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/14 23:36:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/14 23:36:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/14 23:36:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/14 23:36:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/10 11:21:55 | 000,000,000 | ---D | C] -- C:\Users\debbie\AppData\Local\Programs
[2013/02/26 22:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/26 00:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/02/26 00:32:44 | 002,505,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/02/26 00:32:42 | 015,129,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/02/26 00:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/02/26 00:32:38 | 018,055,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/02/26 00:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/02/26 00:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/02/26 00:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/02/26 00:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/02/26 00:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/02/26 00:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/02/26 00:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/02/26 00:32:08 | 012,641,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/02/26 00:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/02/26 00:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/02/26 00:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/02/24 16:25:02 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013/02/24 16:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013/02/24 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Open Office
[2013/02/23 14:14:56 | 000,000,000 | ---D | C] -- C:\Users\debbie\Documents\AdobeExtensionManager-6_0_5-mul-AdobeUpdate
[2013/02/22 21:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/22 21:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/22 21:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/22 21:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/22 21:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/22 08:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/02/22 08:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/02/22 08:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/02/22 07:47:25 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/02/22 07:47:25 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/02/22 07:47:25 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/02/22 07:47:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/02/22 07:47:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/02/22 07:47:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/02/22 07:47:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/02/22 07:47:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/22 07:47:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/22 07:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/22 07:47:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/02/22 07:47:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/02/22 07:47:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/02/22 07:47:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/22 07:47:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/02/22 07:47:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/02/22 07:47:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/02/22 07:47:17 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/02/22 07:47:17 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/02/22 07:47:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/02/22 07:47:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/02/22 07:47:17 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/02/22 07:47:17 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/02/22 07:47:17 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/02/22 07:47:17 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/02/22 07:47:17 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/02/22 07:47:17 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/02/22 07:47:17 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/02/22 07:47:17 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/02/22 07:47:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/02/22 07:47:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/02/22 07:47:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/02/22 07:47:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/02/22 07:47:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/02/22 07:47:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/02/22 07:47:17 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/02/22 07:47:17 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/02/22 07:47:16 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/02/22 07:47:16 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/02/22 07:47:16 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/02/22 07:47:16 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/02/22 07:47:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/02/22 07:47:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/02/22 07:47:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/02/22 07:47:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/02/22 07:47:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/02/22 07:47:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/02/22 07:47:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/02/22 07:47:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/02/22 07:47:10 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/02/22 07:47:09 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/02/22 07:47:09 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/02/22 07:47:07 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/02/22 07:47:07 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/02/22 07:47:07 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/02/22 07:47:07 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013/02/22 07:47:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2013/02/22 07:47:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2013/02/22 07:47:07 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013/02/22 07:38:00 | 000,000,000 | ---D | C] -- C:\temp
[2013/02/21 20:05:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/21 20:05:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/21 20:05:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/21 20:05:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/21 20:05:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/21 20:05:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/21 20:05:05 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/21 20:05:03 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/21 20:05:02 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/21 20:05:02 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/21 18:55:45 | 000,000,000 | ---D | C] -- C:\Users\debbie\AppData\Local\shaw
[2013/02/21 18:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\shaw
[2013/02/21 18:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Shaw
[2013/02/21 18:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shaw Internet
[2013/02/21 18:55:26 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2013/02/21 18:55:26 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2013/02/21 18:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\shaw

========== Files - Modified Within 30 Days ==========

[2013/03/22 21:26:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/22 21:26:51 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/22 21:26:51 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/22 21:26:41 | 000,000,512 | ---- | M] () -- C:\Users\debbie\Desktop\MBR.dat
[2013/03/22 21:23:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/22 21:22:56 | 2132,873,215 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/21 23:25:49 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 23:25:49 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 23:18:20 | 000,791,040 | ---- | M] () -- C:\Users\debbie\Desktop\RogueKillerX64.exe
[2013/03/21 23:08:56 | 000,609,993 | ---- | M] () -- C:\Users\debbie\Desktop\AdwCleaner.exe
[2013/03/21 22:58:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/21 22:49:38 | 005,042,224 | R--- | M] (Swearware) -- C:\Users\debbie\Desktop\ComboFix.exe
[2013/03/21 22:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/14 07:54:34 | 000,147,309 | ---- | M] () -- C:\Users\debbie\Documents\A19-PhotoPostersLRT.odg
[2013/03/14 07:37:03 | 000,429,347 | ---- | M] () -- C:\Users\debbie\Documents\A20-WebsiteScreenshot.odg
[2013/03/13 22:56:40 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\debbie\Desktop\aswMBR.exe
[2013/03/13 20:59:40 | 000,031,924 | ---- | M] () -- C:\Users\debbie\Documents\20120619.jpg
[2013/03/13 20:59:24 | 000,036,767 | ---- | M] () -- C:\Users\debbie\Documents\20120618.jpg
[2013/03/13 18:19:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\debbie\Desktop\OTL.exe
[2013/03/12 20:52:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 20:52:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/10 11:22:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/02 21:10:38 | 000,295,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/01 02:50:48 | 000,020,468 | ---- | M] () -- C:\Users\debbie\Desktop\AGM June 2 2012.odt
[2013/02/26 00:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/02/26 00:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/02/26 00:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/02/26 00:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/02/26 00:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/02/26 00:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/02/26 00:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013/02/26 00:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/02/26 00:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/02/26 00:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/02/26 00:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/02/26 00:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013/02/26 00:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/02/26 00:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/02/26 00:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/02/26 00:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/02/26 00:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/02/26 00:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/02/26 00:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/02/26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/02/26 00:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/02/24 22:30:00 | 000,063,358 | ---- | M] () -- C:\Users\debbie\Desktop\CalgaryDance2009.ods
[2013/02/24 16:25:03 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013/02/23 15:14:37 | 000,000,085 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_0_7.sta
[2013/02/23 14:32:03 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/02/22 07:49:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013/02/22 07:49:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/21 18:55:29 | 000,002,008 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shaw Support.lnk
[2013/02/21 18:55:29 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Shaw Support.lnk

========== Files Created - No Company Name ==========

[2013/03/22 21:26:41 | 000,000,512 | ---- | C] () -- C:\Users\debbie\Desktop\MBR.dat
[2013/03/21 23:19:22 | 000,791,040 | ---- | C] () -- C:\Users\debbie\Desktop\RogueKillerX64.exe
[2013/03/21 23:09:56 | 000,609,993 | ---- | C] () -- C:\Users\debbie\Desktop\AdwCleaner.exe
[2013/03/21 22:54:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/21 22:54:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/21 22:54:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/21 22:54:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/21 22:54:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/14 07:50:30 | 000,147,309 | ---- | C] () -- C:\Users\debbie\Documents\A19-PhotoPostersLRT.odg
[2013/03/14 06:28:27 | 000,429,347 | ---- | C] () -- C:\Users\debbie\Documents\A20-WebsiteScreenshot.odg
[2013/03/13 20:59:40 | 000,031,924 | ---- | C] () -- C:\Users\debbie\Documents\20120619.jpg
[2013/03/13 20:59:24 | 000,036,767 | ---- | C] () -- C:\Users\debbie\Documents\20120618.jpg
[2013/03/01 02:50:48 | 000,020,468 | ---- | C] () -- C:\Users\debbie\Desktop\AGM June 2 2012.odt
[2013/02/24 22:29:58 | 000,063,358 | ---- | C] () -- C:\Users\debbie\Desktop\CalgaryDance2009.ods
[2013/02/24 16:25:03 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013/02/23 14:24:41 | 000,496,663 | ---- | C] () -- C:\Users\debbie\Desktop\Operating Grant - 2011-AFA0077.pdf
[2013/02/23 14:07:37 | 000,000,085 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_0_7.sta
[2013/02/22 07:49:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013/02/21 18:55:29 | 000,002,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shaw Support.lnk
[2013/02/21 18:55:29 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Shaw Support.lnk
[2013/02/21 18:55:26 | 000,072,192 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013/01/20 11:11:10 | 000,007,680 | ---- | C] () -- C:\Users\debbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/20 10:43:39 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/12/22 19:52:15 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/12/21 00:50:32 | 000,001,133 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/12/21 00:50:10 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\rsUtil.dll
[2012/12/21 00:48:35 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 3/22/2013 9:27:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\debbie\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.12% Memory free
15.96 Gb Paging File | 14.17 Gb Available in Paging File | 88.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.41 Gb Total Space | 386.35 Gb Free Space | 83.01% Space Free | Partition Type: NTFS
Drive E: | 976.20 Mb Total Space | 950.03 Mb Free Space | 97.32% Space Free | Partition Type: FAT

Computer Name: DEBBIE-PC | User Name: debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-635144532-2922666282-4183104592-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0179FC73-2636-4DCB-938C-658471265744}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0836563F-01DD-4A5E-87BB-327E2064E99D}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{0DD101BB-DA61-41A2-BD1A-148D03E981B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{445B482F-3BB0-4B01-AEE0-73D48107DD15}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{505EC9A6-E72A-443B-8B2B-CA7E88E18165}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A23D622-BD47-408A-97CB-ED5BF22A6FDD}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{92EB428E-8D19-4999-8983-15D605C4037A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{950BC666-A98E-4F75-A888-8E29C97D7D83}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{9C20EFC6-E5FB-4B56-923A-73F167345C57}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CA8524A7-52F1-4DDD-936D-53FA9E2BEA63}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D2A95110-3B82-4C93-B65B-1B68659DEE86}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DDA1FC0C-7995-48FC-A723-48A6BD9987D1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EAEFDC22-118F-4096-A6F1-0682A0ACCBF0}" = protocol=6 | dir=in | app=c:\users\debbie\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3BDB135-406C-4F13-B845-6CBAE6BEACD0}" = protocol=17 | dir=in | app=c:\users\debbie\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"doPDF 7 printer_is1" = doPDF 7.3 printer
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FF181E7-C890-4DC0-956B-4FB08F9A4A81}" = Nokia PC Internet Access
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1" = Shaw Support 3.5.22
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AC76BA86-1033-F400-7760-1000003D0002}" = Adobe Acrobat 3D
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{D574C6E1-2184-42E7-9C99-0224B17BAA3A}" = calibre
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"Adobe Acrobat 3D - V" = Adobe Acrobat 3D 7.1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Foxit Reader_is1" = Foxit Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Nokia PC Internet Access" = Nokia PC Internet Access
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Shaw Internet Update_is1" = Shaw Internet Update 3.3.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-635144532-2922666282-4183104592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2013 12:42:49 AM | Computer Name = debbie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp:
0x4a083a29 Faulting module name: WININET.dll, version: 9.0.8112.16470, time stamp:
0x510c8848 Exception code: 0xc0000005 Fault offset: 0x00007048 Faulting process id:
0xc68 Faulting application start time: 0x01ce26b741ba37a4 Faulting application path:
C:\Program Files\Shaw\Update\siuloader.exe Faulting module path: C:\Windows\syswow64\WININET.dll
Report
Id: f2958203-92aa-11e2-9bcc-bcaec5394b56

Error - 3/22/2013 1:00:00 AM | Computer Name = debbie-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2013 1:03:12 AM | Computer Name = debbie-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2013 1:04:40 AM | Computer Name = debbie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp:
0x4a083a29 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002fcad Faulting process id:
0xd70 Faulting application start time: 0x01ce26ba90967337 Faulting application path:
C:\Program Files\Shaw\Update\siuloader.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 000c39bd-92ae-11e2-8640-bcaec5394b56

Error - 3/22/2013 1:14:03 AM | Computer Name = debbie-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2013 1:14:08 AM | Computer Name = debbie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp:
0x4a083a29 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002fcad Faulting process id:
0xa38 Faulting application start time: 0x01ce26bbdc9f6cf0 Faulting application path:
C:\Program Files\Shaw\Update\siuloader.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 5267110e-92af-11e2-8695-bcaec5394b56

Error - 3/22/2013 1:25:02 AM | Computer Name = debbie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp:
0x4a083a29 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002fcad Faulting process id:
0x634 Faulting application start time: 0x01ce26bd672428d5 Faulting application path:
C:\Program Files\Shaw\Update\siuloader.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: d881e194-92b0-11e2-b668-bcaec5394b56

Error - 3/22/2013 1:25:07 AM | Computer Name = debbie-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2013 11:24:38 PM | Computer Name = debbie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp:
0x4a083a29 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002fcad Faulting process id:
0xbc4 Faulting application start time: 0x01ce2775c7ef6bc3 Faulting application path:
C:\Program Files\Shaw\Update\siuloader.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 30931978-9369-11e2-8609-bcaec5394b56

Error - 3/22/2013 11:24:49 PM | Computer Name = debbie-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 3/21/2013 10:03:01 AM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 8:03:01 AM - Error connecting to the internet. 8:03:01 AM - Unable
to contact server..

Error - 3/21/2013 11:03:06 AM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 9:03:06 AM - Error connecting to the internet. 9:03:06 AM - Unable
to contact server..

Error - 3/21/2013 8:02:50 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 6:02:50 PM - Error connecting to the internet. 6:02:50 PM - Unable
to contact server..

Error - 3/21/2013 8:02:55 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 6:02:55 PM - Error connecting to the internet. 6:02:55 PM - Unable
to contact server..

Error - 3/21/2013 9:03:00 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 7:03:00 PM - Error connecting to the internet. 7:03:00 PM - Unable
to contact server..

Error - 3/21/2013 9:03:05 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 7:03:05 PM - Error connecting to the internet. 7:03:05 PM - Unable
to contact server..

Error - 3/21/2013 10:03:10 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 8:03:10 PM - Error connecting to the internet. 8:03:10 PM - Unable
to contact server..

Error - 3/21/2013 10:03:15 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 8:03:15 PM - Error connecting to the internet. 8:03:15 PM - Unable
to contact server..

Error - 3/21/2013 11:03:20 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 9:03:20 PM - Error connecting to the internet. 9:03:20 PM - Unable
to contact server..

Error - 3/21/2013 11:03:25 PM | Computer Name = debbie-PC | Source = MCUpdate | ID = 0
Description = 9:03:25 PM - Error connecting to the internet. 9:03:25 PM - Unable
to contact server..

[ System Events ]
Error - 2/23/2013 1:18:01 AM | Computer Name = debbie-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR11.

Error - 2/23/2013 1:18:02 AM | Computer Name = debbie-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR11.

Error - 2/24/2013 8:55:55 AM | Computer Name = debbie-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2/24/2013 10:31:00 PM | Computer Name = debbie-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume E: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 3/5/2013 10:19:42 PM | Computer Name = debbie-PC | Source = DCOM | ID = 10010
Description =

Error - 3/21/2013 9:12:28 PM | Computer Name = debbie-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.147.94.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/21/2013 10:12:38 PM | Computer Name = debbie-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.147.94.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/21/2013 11:12:48 PM | Computer Name = debbie-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.147.94.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/22/2013 12:56:16 AM | Computer Name = debbie-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/22/2013 12:57:22 AM | Computer Name = debbie-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

< End of report >

#2
maliprog

Posted 25 March 2013 - 01:09 AM

Trusted Helper

Malware Removal
6,172 posts

Hello 314 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
You must reply within 3 days or your topic will be closed

Usually this is not the way we do things but I'll make exception this time

.

Can you give me some more info about your problem.

Can you connect to internet at all? Is it slow?
What errors do you get when you try to connect?
Do you use wireless or cable to connect to your router?

Let's do some initials scan and see if we could find a problem.

Step 1

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 2

QuickEvents

Download QuickEvents and save it on Desktop
Run downloaded program
After the scan it will open log file
Copy and paste content of that log in your next reply.

Step 3

Download the adwCleaner

Run the Tool
(Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Step 4

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image

On the Start Repairs tab and click Start button

Leave the preselected items ticked and press Start

Step 5

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Step 6

Please don't forget to include these items in your reply:

MiniToolBox log
adwCleaner log
GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

#3
314

Posted 25 March 2013 - 02:04 AM

Member

Topic Starter
Member
65 posts

Can you connect to internet at all? Is it slow?
I can get an ip, and windows says that it's connected to internet
What errors do you get when you try to connect?
failed to resolve Address, Tried pinging and I have tried to go directly to google via input of ip address into both web browser, But alas no joy
Do you use wireless or cable to connect to your router?
I use a cable, but used to use wireless

I had an error when running the windows repair, psexec.exe stoped working

so i have not run gmer just in case. I wanted to hear from you first.

Please See my next posts for my logs, And Thank you agian

#4
314

Posted 25 March 2013 - 02:07 AM

Member

Topic Starter
Member
65 posts

MiniToolBox by Farbar Version:05-03-2013
Ran by debbie (administrator) on 25-03-2013 at 01:42:23
Running from "C:\Users\debbie\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 802.11g Network Adapter = Wireless Network Connection (Disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : debbie-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : BC-AE-C5-39-4B-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D71919C7-6AD1-4C70-905C-560FD5FF6F97}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for J@¦b_˜˜˜<”:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...bc ae c5 39 4b 56 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/25/2013 01:38:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: WININET.dll, version: 9.0.8112.16470, time stamp: 0x510c8848
Exception code: 0xc0000005
Fault offset: 0x00007048
Faulting process id: 0xbc8
Faulting application start time: 0xsiuloader.exe0
Faulting application path: siuloader.exe1
Faulting module path: siuloader.exe2
Report Id: siuloader.exe3

Error: (03/25/2013 01:36:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2013 09:24:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2013 09:24:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002fcad
Faulting process id: 0xbc4
Faulting application start time: 0xsiuloader.exe0
Faulting application path: siuloader.exe1
Faulting module path: siuloader.exe2
Report Id: siuloader.exe3

Error: (03/21/2013 11:25:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2013 11:25:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002fcad
Faulting process id: 0x634
Faulting application start time: 0xsiuloader.exe0
Faulting application path: siuloader.exe1
Faulting module path: siuloader.exe2
Report Id: siuloader.exe3

Error: (03/21/2013 11:14:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002fcad
Faulting process id: 0xa38
Faulting application start time: 0xsiuloader.exe0
Faulting application path: siuloader.exe1
Faulting module path: siuloader.exe2
Report Id: siuloader.exe3

Error: (03/21/2013 11:14:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2013 11:04:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002fcad
Faulting process id: 0xd70
Faulting application start time: 0xsiuloader.exe0
Faulting application path: siuloader.exe1
Faulting module path: siuloader.exe2
Report Id: siuloader.exe3

Error: (03/21/2013 11:03:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/21/2013 10:57:22 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/21/2013 10:56:16 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/21/2013 09:12:48 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.147.94.0

Update Source: %NT AUTHORITY59

Update Stage: 4.2.0223.00

Source Path: 4.2.0223.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/21/2013 08:12:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.147.94.0

Update Source: %NT AUTHORITY59

Update Stage: 4.2.0223.00

Source Path: 4.2.0223.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/21/2013 07:12:28 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.147.94.0

Update Source: %NT AUTHORITY59

Update Stage: 4.2.0223.00

Source Path: 4.2.0223.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/05/2013 08:19:42 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/24/2013 08:31:00 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume E: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (02/24/2013 06:55:55 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/22/2013 11:18:02 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR11.

Error: (02/22/2013 11:18:01 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR11.

Microsoft Office Sessions:
=========================
Error: (03/25/2013 01:38:37 AM) (Source: Application Error)(User: )
Description: siuloader.exe1.6.0.04a083a29WININET.dll9.0.8112.16470510c8848c000000500007048bc801ce292b4edde537C:\Program Files\Shaw\Update\siuloader.exeC:\Windows\syswow64\WININET.dll0089be4b-951f-11e2-8530-bcaec5394b56

Error: (03/25/2013 01:36:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2013 09:24:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2013 09:24:38 PM) (Source: Application Error)(User: )
Description: siuloader.exe1.6.0.04a083a29ntdll.dll6.1.7601.177254ec49b8fc00000050002fcadbc401ce2775c7ef6bc3C:\Program Files\Shaw\Update\siuloader.exeC:\Windows\SysWOW64\ntdll.dll30931978-9369-11e2-8609-bcaec5394b56

Error: (03/21/2013 11:25:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2013 11:25:02 PM) (Source: Application Error)(User: )
Description: siuloader.exe1.6.0.04a083a29ntdll.dll6.1.7601.177254ec49b8fc00000050002fcad63401ce26bd672428d5C:\Program Files\Shaw\Update\siuloader.exeC:\Windows\SysWOW64\ntdll.dlld881e194-92b0-11e2-b668-bcaec5394b56

Error: (03/21/2013 11:14:08 PM) (Source: Application Error)(User: )
Description: siuloader.exe1.6.0.04a083a29ntdll.dll6.1.7601.177254ec49b8fc00000050002fcada3801ce26bbdc9f6cf0C:\Program Files\Shaw\Update\siuloader.exeC:\Windows\SysWOW64\ntdll.dll5267110e-92af-11e2-8695-bcaec5394b56

Error: (03/21/2013 11:14:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2013 11:04:40 PM) (Source: Application Error)(User: )
Description: siuloader.exe1.6.0.04a083a29ntdll.dll6.1.7601.177254ec49b8fc00000050002fcadd7001ce26ba90967337C:\Program Files\Shaw\Update\siuloader.exeC:\Windows\SysWOW64\ntdll.dll000c39bd-92ae-11e2-8640-bcaec5394b56

Error: (03/21/2013 11:03:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

=========================== Installed Programs ============================

µTorrent (Version: 3.2.3.28705)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat 3D (Version: 7.1.0)
Adobe Acrobat 3D 7.1.0 (Version: 7.1.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.2.9.0)
Bonjour (Version: 3.0.0.10)
calibre (Version: 0.8.60)
Canon MP Navigator 2.2
doPDF 7.3 printer
Dropbox (Version: 0.7.97)
Foxit Reader (Version: 5.4.2.901)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.2.26)
Java 7 Update 13 (Version: 7.0.130)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia PC Internet Access (Version: 2.0.2.2)
Nokia PC Suite (Version: 7.1.180.94)
Nokia Software Updater (Version: 3.0.655)
NVIDIA 3D Vision Controller Driver 310.70 (Version: 310.70)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PC Connectivity Solution (Version: 12.0.27.0)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Shaw Internet Update 3.3.1
Shaw Support 3.5.22
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VLC media player 2.0.5 (Version: 2.0.5)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)

========================= Devices: ================================

Name: Broadcom 802.11g Network Adapter
Description: Broadcom 802.11g Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 8173.43 MB
Available physical RAM: 6965 MB
Total Pagefile: 16345.04 MB
Available Pagefile: 15107 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.77 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.41 GB) (Free:386.19 GB) NTFS

========================= Users: ========================================

User accounts for \\DEBBIE-PC

Administrator debbie Guest
UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#5
314

Posted 25 March 2013 - 02:07 AM

Member

Topic Starter
Member
65 posts

Done

Adobe
CS2
Single PRogram
Win

X Acrobat 3D 1.0 for Windows
Acrobat Pro 8.0
X Adobe Acrobat Standard 7.0
Adobe Premiere Pro 2.0
Audition 3.0
GoLive CS2
Illustrator CS2
InCopy CS2
InDesign CS2
Photoshop CS2
Photoshop Elements 4.05.0

Photoshop Top Secret DVD 3 - Interactive Video Tutorial

#6
314

Posted 25 March 2013 - 02:08 AM

Member

Topic Starter
Member
65 posts

QuickEvents v0.1 by maliprog
Log file created on 03/25/2013

-------------------------------
System Log
(Error, Warning, Critical)
-------------------------------

Event Type: Warning
Time Written: 03/25/2013 07:35:17
Category: 212
Event Code: 219
Source Name: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F312D81B&1#.
- -

Event Type: Warning
Time Written: 03/23/2013 07:26:00
Category: 0
Event Code: 4001
Source Name: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

- -

Event Type: Warning
Time Written: 03/23/2013 03:23:14
Category: 212
Event Code: 219
Source Name: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F312D81B&1#.
- -

Event Type: Warning
Time Written: 03/22/2013 05:25:49
Category: 0
Event Code: 4001
Source Name: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

- -

Event Type: Warning
Time Written: 03/22/2013 05:23:30
Category: 212
Event Code: 219
Source Name: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_2.0&REV_PMAP#90A70E00FFFF08A4&0#.
- -

Event Type: Warning
Time Written: 03/22/2013 05:22:33
Category: 0
Event Code: 4001
Source Name: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

- -

Event Type: Warning
Time Written: 03/22/2013 05:12:28
Category: 212
Event Code: 219
Source Name: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_2.0&REV_PMAP#90A70E00FFFF08A4&0#.
- -

Event Type: Warning
Time Written: 03/22/2013 05:11:29
Category: 0
Event Code: 4001
Source Name: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

- -

Event Type: Warning
Time Written: 03/22/2013 05:03:08
Category: 212
Event Code: 219
Source Name: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_2.0&REV_PMAP#90A70E00FFFF08A4&0#.
- -

Event Type: Warning
Time Written: 03/22/2013 05:02:07
Category: 0
Event Code: 4001
Source Name: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

-------------------------------
System Log
(Information)
-------------------------------

Event Type: Information
Time Written: 03/25/2013 07:44:00
Category: 0
Event Code: 7036
Source Name: Service Control Manager

The Adobe Flash Player Update Service service entered the stopped state.
- -

Event Type: Information
Time Written: 03/25/2013 07:44:00
Category: 0
Event Code: 7036
Source Name: Service Control Manager

The Adobe Flash Player Update Service service entered the running state.
- -

Event Type: Information
Time Written: 03/25/2013 07:42:21
Category: 0
Event Code: 7036
Source Name: Service Control Manager

The Software Protection service entered the stopped state.
- -

Event Type: Information
Time Written: 03/25/2013 07:41:32
Category: 0
Event Code: 7036
Source Name: Service Control Manager

The Windows Media Center Receiver Service service entered the stopped state.
- -

Event Type: Information
Time Written: 03/25/2013 07:40:42
Category: 0
Event Code: 7036
Source Name: Service Control Manager

The Windows Media Center Scheduler Service service entered the stopped state.
-------------------------------
Application Log
(Error, Warning, Critical)
-------------------------------

Event Type: Error
Time Written: 03/25/2013 07:38:37
Category: 100
Event Code: 1000
Source Name: Application Error

Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: WININET.dll, version: 9.0.8112.16470, time stamp: 0x510c8848
Exception code: 0xc0000005
Fault offset: 0x00007048
Faulting process id: 0xbc8
Faulting application start time: 0x01ce292b4edde537
Faulting application path: C:\Program Files\Shaw\Update\siuloader.exe
Faulting module path: C:\Windows\syswow64\WININET.dll
Report Id: 0089be4b-951f-11e2-8530-bcaec5394b56
- -

Event Type: Error
Time Written: 03/25/2013 07:36:47
Category: 0
Event Code: 10
Source Name: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
- -

Event Type: Warning
Time Written: 03/23/2013 07:25:58
Category: 0
Event Code: 1530
Source Name: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-635144532-2922666282-4183104592-1000:
Process 2848 (\Device\HarddiskVolume2\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-635144532-2922666282-4183104592-1000

- -

Event Type: Error
Time Written: 03/23/2013 03:24:49
Category: 0
Event Code: 10
Source Name: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
- -

Event Type: Error
Time Written: 03/23/2013 03:24:38
Category: 100
Event Code: 1000
Source Name: Application Error

Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002fcad
Faulting process id: 0xbc4
Faulting application start time: 0x01ce2775c7ef6bc3
Faulting application path: C:\Program Files\Shaw\Update\siuloader.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 30931978-9369-11e2-8609-bcaec5394b56
- -

Event Type: Warning
Time Written: 03/22/2013 05:25:48
Category: 0
Event Code: 1530
Source Name: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-635144532-2922666282-4183104592-1000:
Process 2672 (\Device\HarddiskVolume2\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-635144532-2922666282-4183104592-1000

- -

Event Type: Error
Time Written: 03/22/2013 05:25:07
Category: 0
Event Code: 10
Source Name: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
- -

Event Type: Error
Time Written: 03/22/2013 05:25:02
Category: 100
Event Code: 1000
Source Name: Application Error

Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002fcad
Faulting process id: 0x634
Faulting application start time: 0x01ce26bd672428d5
Faulting application path: C:\Program Files\Shaw\Update\siuloader.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: d881e194-92b0-11e2-b668-bcaec5394b56
- -

Event Type: Warning
Time Written: 03/22/2013 05:22:31
Category: 0
Event Code: 1530
Source Name: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-635144532-2922666282-4183104592-1000:
Process 2820 (\Device\HarddiskVolume2\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-635144532-2922666282-4183104592-1000

- -

Event Type: Error
Time Written: 03/22/2013 05:14:08
Category: 100
Event Code: 1000
Source Name: Application Error

Faulting application name: siuloader.exe, version: 1.6.0.0, time stamp: 0x4a083a29
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002fcad
Faulting process id: 0xa38
Faulting application start time: 0x01ce26bbdc9f6cf0
Faulting application path: C:\Program Files\Shaw\Update\siuloader.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 5267110e-92af-11e2-8695-bcaec5394b56
-------------------------------
Application Log
(Information)
-------------------------------

Event Type: Information
Time Written: 03/25/2013 07:42:21
Category: 0
Event Code: 903
Source Name: Microsoft-Windows-Security-SPP

The Software Protection service has stopped.

- -

Event Type: Information
Time Written: 03/25/2013 07:39:29
Category: 0
Event Code: 1000
Source Name: Microsoft-Windows-LoadPerf

Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
- -

Event Type: Information
Time Written: 03/25/2013 07:39:29
Category: 0
Event Code: 1001
Source Name: Microsoft-Windows-LoadPerf

Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
- -

Event Type: Information
Time Written: 03/25/2013 07:38:39
Category: 0
Event Code: 1001
Source Name: Windows Error Reporting

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: siuloader.exe
P2: 1.6.0.0
P3: 4a083a29
P4: WININET.dll
P5: 9.0.8112.16470
P6: 510c8848
P7: c0000005
P8: 00007048
P9:
P10:

Attached files:

These files may be available here:
C:\Users\debbie\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_siuloader.exe_8534ee2d943bee921abafeebce84ec47f83069b_090b8b3e

Analysis symbol:
Rechecking for solution: 0
Report Id: 0089be4b-951f-11e2-8530-bcaec5394b56
Report Status: 2
- -

Event Type: Information
Time Written: 03/25/2013 07:37:21
Category: 0
Event Code: 902
Source Name: Microsoft-Windows-Security-SPP

The Software Protection service has started.
6.1.7601.17514
-------- Done! ---------

#7
314

Posted 25 March 2013 - 02:08 AM

Member

Topic Starter
Member
65 posts

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 23:10:13
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : debbie - DEBBIE-PC
# Boot Mode : Normal
# Running from : C:\Users\debbie\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Users\debbie\AppData\Local\Conduit
Folder Deleted : C:\Users\debbie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\CT3176921
Folder Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}
Folder Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\jetpack
Folder Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\Smartbar
Folder Deleted : C:\Users\debbie\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3176921
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921&SearchSource=61&CUI=UN25138699351354530&UM=UM_ID&UP=SPAE4175D3-AEAF-4727-9012-8C7E1D3C5D56 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\prefs.js

Deleted : user_pref("CT3176921.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3176921.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3176921.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3176921.FF19Solved", "true");
Deleted : user_pref("CT3176921.FirstTime", "true");
Deleted : user_pref("CT3176921.FirstTimeFF3", "true");
Deleted : user_pref("CT3176921.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT317[...]
Deleted : user_pref("CT3176921.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Deleted : user_pref("CT3176921.UserID", "UN36251241321163430");
Deleted : user_pref("CT3176921.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3176921.autoDisableScopes", 0);
Deleted : user_pref("CT3176921.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3176921.defaultSearch", "true");
Deleted : user_pref("CT3176921.enableAlerts", "always");
Deleted : user_pref("CT3176921.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3176921.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3176921.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundError", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3176921.fixUrls", true);
Deleted : user_pref("CT3176921.installDate", "10/3/2013 11:20:01");
Deleted : user_pref("CT3176921.installId", "stub.exe");
Deleted : user_pref("CT3176921.installType", "conduitnsisintegration");
Deleted : user_pref("CT3176921.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3176921.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3176921.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3176921.keyword", "true");
Deleted : user_pref("CT3176921.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3176921.lastVersion", "10.14.65.43");
Deleted : user_pref("CT3176921.mam_gk_AdOptimizer_appState.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_Coming_Up_Next_appState.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_CouponBuddy_appState.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_PriceGong_appState.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_appStateReportTime.enc", "MTM2Mjk2OTk0MjAyMg==");
Deleted : user_pref("CT3176921.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3176921.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3176921.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5Iiw[...]
Deleted : user_pref("CT3176921.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Deleted : user_pref("CT3176921.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3176921.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_lastLoginTime.enc", "MTM2Mjk2OTkzNzk5Nw==");
Deleted : user_pref("CT3176921.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3176921.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3176921.mam_gk_userId.enc", "YTI1ODJkM2ItYzcyMC00NjM0LWFjZjctYTkyNGNkZWQzNWQw");
Deleted : user_pref("CT3176921.mam_gk_user_apps_selection.enc", "");
Deleted : user_pref("CT3176921.migrateAppsAndComponents", true);
Deleted : user_pref("CT3176921.myThings_app_locale.enc", "Q0E=");
Deleted : user_pref("CT3176921.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.c[...]
Deleted : user_pref("CT3176921.openThankYouPage", "false");
Deleted : user_pref("CT3176921.openUninstallPage", "true");
Deleted : user_pref("CT3176921.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3176921.revertSettingsEnabled", "false");
Deleted : user_pref("CT3176921.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM2MjkzNjAzNjQ5NCwxNDQwMDAwMF1[...]
Deleted : user_pref("CT3176921.sac-user-ab-groups.enc", "eyJmZWVkIjo1NywiaG92ZXJfZWZmZWN0Ijo0NCwiY2FsbF90b19hY[...]
Deleted : user_pref("CT3176921.sac-user-id.enc", "IjE3YzA3Y2UwLTg3Y2MtNGIwNy1iOTIyLTYxNmQwNzU3OGQ5NCI=");
Deleted : user_pref("CT3176921.sac-yt-first-ping.enc", "MTM2MjkzNjAzNjQ4OQ==");
Deleted : user_pref("CT3176921.search.searchAppId", "10000002");
Deleted : user_pref("CT3176921.search.searchCount", "0");
Deleted : user_pref("CT3176921.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3176921.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3176921.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3176921.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3176921.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3176921.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362936030447");
Deleted : user_pref("CT3176921.serviceLayer_services_appsMetadata_lastUpdate", "1362936030475");
Deleted : user_pref("CT3176921.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362936030451");
Deleted : user_pref("CT3176921.serviceLayer_services_location_lastUpdate", "1362936029785");
Deleted : user_pref("CT3176921.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363460874404");
Deleted : user_pref("CT3176921.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362936030421");
Deleted : user_pref("CT3176921.serviceLayer_services_searchAPI_lastUpdate", "1362936029656");
Deleted : user_pref("CT3176921.serviceLayer_services_serviceMap_lastUpdate", "1363460874175");
Deleted : user_pref("CT3176921.serviceLayer_services_setupAPI_lastUpdate", "1362936030902");
Deleted : user_pref("CT3176921.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362936030378");
Deleted : user_pref("CT3176921.serviceLayer_services_toolbarSettings_lastUpdate", "1363460874307");
Deleted : user_pref("CT3176921.serviceLayer_services_translation_lastUpdate", "1363460874276");
Deleted : user_pref("CT3176921.settingsINI", true);
Deleted : user_pref("CT3176921.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3176921.smartbar.CTID", "CT3176921");
Deleted : user_pref("CT3176921.smartbar.Uninstall", "0");
Deleted : user_pref("CT3176921.smartbar.homepage", true);
Deleted : user_pref("CT3176921.smartbar.isHidden", true);
Deleted : user_pref("CT3176921.smartbar.toolbarName", "express-files ");
Deleted : user_pref("CT3176921.startPage", "true");
Deleted : user_pref("CT3176921.toolbarBornServerTime", "10-3-2013");
Deleted : user_pref("CT3176921.toolbarCurrentServerTime", "16-3-2013");
Deleted : user_pref("CT3176921.wreck-periodic-reports.enc", "eyJ3cmVja19waW5nXzAiOlsxMzYyOTM2MDM2NDU5LDE0NDAwM[...]
Deleted : user_pref("CT3176921.wreck-user-ab-groups.enc", "eyJkZXNpZ24iOjk4fQ==");
Deleted : user_pref("CT3176921.wreck-user-id.enc", "ImIwZjlkMjI4LTUwMjQtNGI4Yy05NDg4LWRiYTA5M2U2NTIyNyI=");
Deleted : user_pref("CT3176921.ytt-mam-test-ol-ts.enc", 1431665116);
Deleted : user_pref("CT3176921.ytt-mam-test-uid-ol.enc", "NzY3N2U4ZGMtYzIyYS00NDZlLWExMGQtY2ZlYzQ0MzA1OTJj");
Deleted : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3176921&octid=CT317692[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3176921");
Deleted : user_pref("browser.search.defaultthis.engineName", "express-files Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&Sea[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921&Sea[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CU[...]
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3176921");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "about:home");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");

*************************

AdwCleaner[S1].txt - [13154 octets] - [21/03/2013 23:10:13]

########## EOF - C:\AdwCleaner[S1].txt - [13215 octets] ##########

#8
314

Posted 25 March 2013 - 02:09 AM

Member

Topic Starter
Member
65 posts

# AdwCleaner v2.115 - Logfile created 03/25/2013 at 01:44:47
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : debbie - DEBBIE-PC
# Boot Mode : Normal
# Running from : C:\Users\debbie\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\jetpack

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\debbie\AppData\Roaming\Mozilla\Firefox\Profiles\pa3mxtfj.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13281 octets] - [21/03/2013 23:10:13]
AdwCleaner[S2].txt - [834 octets] - [25/03/2013 01:44:47]

########## EOF - C:\AdwCleaner[S2].txt - [893 octets] ##########

Just let me know if you want to see the error that happened when I ran the windows repair, I copied the output to a text file

Edited by 314, 25 March 2013 - 02:10 AM.

#9
maliprog

Posted 25 March 2013 - 02:42 AM

Trusted Helper

Malware Removal
6,172 posts

OK. Let's try this.

Step 1

Can you try to run Windows repair tool in Safe mode with networking. Can you tell me when it stops to work. Maybe we could adopt it to run.

Also tell me does Internet connection is working from there.

Please restart in safe mode:

If the computer is running, shut down Windows, and then turn off the power
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe mode with networking option is selected.
Press Enter. The computer then begins to start in Safe mode.

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure that all options are checked
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Step 3

Do GMER scan anyway and post log here for me.

Step 4

Please don't forget to include these items in your reply:

FSS log
GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

#10
314

Posted 25 March 2013 - 04:23 AM

Member

Topic Starter
Member
65 posts

Farbar Service Scanner Version: 03-03-2013
Ran by debbie (administrator) on 25-03-2013 at 03:19:02
Running from "C:\Users\debbie\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#11
314

Posted 25 March 2013 - 04:25 AM

Member

Topic Starter
Member
65 posts

GMER froze, waited 60min and restarted computer. I can Ping now to resolve host names to ip's but I still cannot use a web browser to view web pages, thanks agian for all your help

#12
maliprog

Posted 25 March 2013 - 04:51 AM

Trusted Helper

Malware Removal
6,172 posts

Did you manage to run Windows Repair Tool? Any luck?

#13
314

Posted 25 March 2013 - 04:53 AM

Member

Topic Starter
Member
65 posts

yes I did Thought that I had mentioned that sorry.

#14
maliprog

Posted 25 March 2013 - 04:57 AM

Trusted Helper

Malware Removal
6,172 posts

Let's try this:

Download Complete Internet Repair
Unzip it to your desktop and run CIntRep.exe by double click.
Select all options and press GO! button
Restart your system and tell me is your internet connection back.