7 replies to this topic

[parkpapa]

Internet was working fine when I purchased and installed Total Security this afternoon. I also purchased the Lavasoft Registry Tuner. I ran the tuner and then installed Total Security (TS). When TS wanted to update files it said it couldn't connect. So I tried Firefox and it couldn't connect. My computer says my wireless router is working and I am connected to the internet, but I tried to ping a couple of sites from a command line and nothing. MSN Messenger returns an error that says there is a problem with the DNS and Key Ports... but doesn't say what the problem is. I run the diagnostic under control panel and it says I am connected to the internet. I am running Windows 7 Pro.

I also uninstalled Total Security just to see if that would help. Same results. I had to borrow a computer and am using it on my home wireless system (the same as for my computer) and it works fine, so it is NOT my internet connection - it is something that either the Registry Tuner or TS did.

Since I cannot connect with my computer, I cannot register my product and apparently for that same reason I cannot log into Lavasoft Support. They sent me a password when I requested it, but they seemingly forgot to install it on their end because it also does not work.

Very disgusted.

[CeciliaB]

Hi parkpapa,

Did Total Security find any malicious files that it removed? Sometimes this behaviour occurs when only parts of an infection is removed.

Is it possible to cancel or restore the changes that Registry Tuner made?

[parkpapa]

Hi parkpapa,

Did Total Security find any malicious files that it removed? Sometimes this behaviour occurs when only parts of an infection is removed.

Is it possible to cancel or restore the changes that Registry Tuner made?

The only thing Total Security found was a tracking cookie. As for the Registry Tuner, I restored the registry and still nothing. Then I tried doing a system restore back to before I installed everything. Same result. Two other things might have affected this also:

1. Previously had Zonealarm firewall installed. Total Security seemed to successfully remove it.
2. Also had Avira anti-virus installed at one time though I had (supposedly) uninstalled it and then had just the Adaware anti-virus immediately prior to buying Total Security. TS could not remove the Avira files but by this time I had lost my internet connection. I manually removed all but two of the remaining Avira files by going into Safe Mode. The two remaining Avira files are dll files and a message pops up saying they are in use. I can find no other Avira related files anywhere, however.

Oddly enough, I have two or three non-browser programs that can access the internet just fine. One is a windows 'gadget' on the desktop and the other is a game client. From a command prompt, I can ping google after doing a DNS dump, as well as the game client's web address, but nothing else.

[CeciliaB]

I guess that the programs that can access internet doesn't use the DNS server but is addressing their server with IP address.

Probably something with ZoneAlarm that still is there. Let us see if DDS can show us what. Download DDS on a computer with internet and transfer it to the desktop of the computer without proper internet.
http://download.blee...om/sUBs/dds.scr

Double-click on the DDS tool to run it.

When finished, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Transfer them to the computer with internet and paste their content into your answer.

Edit:
I found https://support.zone...windows-7-64bit with a link to an uninstallation tool. You might try to run that to get rid of more ZoneAlarm files and settings.

Avira RegistryCleaner: http://www.avira.com...registrycleaner after that and a restart you should be able to remove the remaining files

You only need to run DDS if you cannot reach internet after running those tools.

[parkpapa]

I guess that the programs that can access internet doesn't use the DNS server but is addressing their server with IP address.

Probably something with ZoneAlarm that still is there. Let us see if DDS can show us what. Download DDS on a computer with internet and transfer it to the desktop of the computer without proper internet.
http://download.blee...om/sUBs/dds.scr

Double-click on the DDS tool to run it.

When finished, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Transfer them to the computer with internet and paste their content into your answer.

Edit:
I found https://support.zone...windows-7-64bit with a link to an uninstallation tool. You might try to run that to get rid of more ZoneAlarm files and settings.

Avira RegistryCleaner: http://www.avira.com...registrycleaner after that and a restart you should be able to remove the remaining files

You only need to run DDS if you cannot reach internet after running those tools.

Ok, I ran both the Avira and Zone Alarm cleaners and restarted the computer. No change in internet connectivity. I am pasting the DDS reports below. In looking them over, many of the false starts and program stoppages were me and my computer programmer son trying to shut down or change various services in order to try and figure out what is going on. Anyway, here are the reports you asked for:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Charles at 22:22:23 on 2011-10-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6078.4057 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Charles\AppData\Local\Apps\2.0\A0Q8E722.KDQ\JPKLOQR8.WPD\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by CenturyLink
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: AutorunsDisabled - No File
BHO: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Magellan CmTray] C:\Program Files (x86)\Content Manager\CmTray.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{679A5FF8-B798-4E7D-AFF5-FA506399391D} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{679A5FF8-B798-4E7D-AFF5-FA506399391D}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{679A5FF8-B798-4E7D-AFF5-FA506399391D}\3416C6962616E602D202458656 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{679A5FF8-B798-4E7D-AFF5-FA506399391D}\34963736F62373438343 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{679A5FF8-B798-4E7D-AFF5-FA506399391D}\75963707562784F647A7F6E6562333 : DhcpNameServer = 192.168.92.1 201.221.253.254 201.221.253.252
TCP: Interfaces\{679A5FF8-B798-4E7D-AFF5-FA506399391D}\84F64756C6 : DhcpNameServer = 200.75.200.2 200.75.200.3
TCP: Interfaces\{679A5FF8-B798-4E7D-AFF5-FA506399391D}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8FB30093-05F8-40B4-A9F3-CA660E498846} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AutorunsDisabled - No File
BHO-X64: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
BHO-X64: Ad-Aware WebFilter Class - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\ip77sjkb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Charles\AppData\Local\HuluDesktop\instances.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]
R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]
R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]
R1 GizmoDrv;Gizmo Device Driver;C:\Windows\system32\drivers\GizmoDrv.sys --> C:\Windows\system32\drivers\GizmoDrv.sys [?]
R1 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 ssoftnt4;ssoftnt4;\??\C:\Windows\system32\Drivers\ssoftnt4.sys --> C:\Windows\system32\Drivers\ssoftnt4.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-4-23 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-13 366152]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-10 341296]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-15 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 AntiVirService;Avira AntiVir Guard; [x]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/15 14:32:32;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-9-15 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AntiVirWebService;Avira AntiVir WebGuard; [x]
S4 AVKProxy;Ad-Aware Total Security Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-6-29 1081384]
S4 AVKService;Ad-Aware Scheduler;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-6-29 412944]
S4 AVKWCtl;Ad-Aware Filesystem Monitor;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-6-23 2170224]
S4 GDBackupSvc;Ad-Aware Backup Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-6-29 911976]
S4 GDFwSvc;Ad-Aware Personal Firewall;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-6-15 1954472]
S4 GDScan;Ad-Aware Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-6-29 624064]
S4 GDTunerSvc;Ad-Aware Tuner Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-6-29 1234896]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-21 03:18:08 -------- d-----w- C:\Users\Charles\AppData\Local\{FA70A90F-15EC-4EC3-9A49-913D25BABD30}
2011-10-21 03:17:07 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D40A2E15-2C35-4B5A-AF66-3EAD2644E4AC}\offreg.dll
2011-10-21 03:07:36 -------- d-----w- C:\Users\Charles\AppData\Local\{A973E22A-A881-482B-AAC2-6D98BBC43DE0}
2011-10-21 03:01:01 45392 ----a-w- C:\Users\Charles\ia_remove.sh6149.tmp
2011-10-21 02:41:31 -------- d-----w- C:\Users\Charles\AppData\Local\{B6B340EA-EF5C-4B37-A919-5B0DD8B1B7BF}
2011-10-21 02:36:07 -------- d-sh--w- C:\AI_RecycleBin
2011-10-21 02:34:58 -------- d-----w- C:\Users\Charles\AppData\Local\HuluDesktop
2011-10-21 02:26:36 -------- d-----w- C:\Users\Charles\AppData\Local\{606D61A8-7873-402C-9A82-184D9F3F7BD2}
2011-10-21 01:39:00 -------- d-----w- C:\Users\Charles\AppData\Local\{B421F350-89CE-4FC0-9909-956904F12E6C}
2011-10-21 01:07:00 -------- d-----w- C:\Users\Charles\AppData\Local\{3880755F-3463-4E81-AEC5-3BF8AFD84724}
2011-10-20 19:39:34 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D40A2E15-2C35-4B5A-AF66-3EAD2644E4AC}\mpengine.dll
2011-10-20 19:26:19 -------- d-----w- C:\Users\Charles\AppData\Local\{7CD24D8F-E395-43D2-BFD0-5D91ECAEECD2}
2011-10-20 17:54:28 -------- d-----w- C:\Users\Charles\AppData\Local\{B31C1EAB-BBBC-4D4C-AAAC-BBB65DDB3267}
2011-10-20 14:56:41 -------- d-----w- C:\Users\Charles\AppData\Local\{B98CE75E-06E3-40FA-BB16-B9CDEED993A4}
2011-10-20 02:59:08 -------- d-----w- C:\Users\Charles\AppData\Local\{9093F7D6-279D-4B62-B9FE-FA5888EB1685}
2011-10-20 02:49:45 -------- d-----w- C:\Users\Charles\AppData\Local\{A24F10E3-C4A0-42D7-9B86-C2F22F98D9F7}
2011-10-20 02:44:38 -------- d-----w- C:\Users\Charles\AppData\Local\{A138FAB7-391E-4490-8379-D06B6861D4CD}
2011-10-20 02:14:53 -------- d-----w- C:\Users\Charles\AppData\Local\{C51399D7-F0FC-478F-8596-B4E18AC56F6A}
2011-10-20 02:06:48 -------- d-----w- C:\Users\Charles\AppData\Local\{A39A1D6A-6F66-4BC9-936A-8AF175CFD740}
2011-10-20 00:02:35 137288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\Components\AvkWebFilterFF.dll
2011-10-20 00:02:01 49096 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2011-10-19 22:34:20 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys
2011-10-19 20:57:38 40392 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2011-10-19 20:57:26 57288 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
2011-10-19 20:57:11 15880 ----a-w- C:\Windows\SysWow64\lsdelete.exe
2011-10-19 20:56:46 85960 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2011-10-19 20:56:46 48584 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2011-10-19 20:55:25 -------- d-----w- C:\ProgramData\G DATA
2011-10-19 20:55:25 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
2011-10-19 14:06:20 -------- d-----w- C:\Users\Charles\AppData\Local\{03551E65-17A3-460B-A767-618722C5CFC6}
2011-10-19 14:06:10 -------- d-----w- C:\Users\Charles\AppData\Local\{0B1F2AF2-E84C-44E0-AA44-24CE4822B40F}
2011-10-19 02:05:42 -------- d-----w- C:\Users\Charles\AppData\Local\{38DF8C4F-7EC3-43C1-B2C4-CBC4A373027D}
2011-10-19 02:05:31 -------- d-----w- C:\Users\Charles\AppData\Local\{5678C2C2-94A2-400E-BC26-026276724383}
2011-10-18 14:05:12 -------- d-----w- C:\Users\Charles\AppData\Local\{2709DAEF-1367-46E5-8F1D-69B6823965E3}
2011-10-18 14:05:01 -------- d-----w- C:\Users\Charles\AppData\Local\{7365D1F5-0F7C-4244-B828-22FF508FBF0C}
2011-10-18 02:04:34 -------- d-----w- C:\Users\Charles\AppData\Local\{2094D9B4-AA54-412A-B3FC-FB7334776A6F}
2011-10-18 02:04:23 -------- d-----w- C:\Users\Charles\AppData\Local\{E1E9CEC1-BA36-4A05-9A74-C34A4FD1C56F}
2011-10-17 14:38:29 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-10-17 14:38:29 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF
2011-10-17 14:03:41 -------- d-----w- C:\Users\Charles\AppData\Local\{4320DCA6-D511-4D44-88E6-BD113CEFEA39}
2011-10-17 14:03:20 -------- d-----w- C:\Users\Charles\AppData\Local\{47342CD5-70D2-4A2A-93EF-0056942DC43E}
2011-10-16 19:14:40 -------- d-----w- C:\Users\Charles\AppData\Local\{ABE9755B-06AD-4239-9029-54033EC31F6E}
2011-10-16 19:14:23 -------- d-----w- C:\Users\Charles\AppData\Local\{6E8676DA-2456-4DE9-8BE2-C9C77F74DE36}
2011-10-16 04:34:25 -------- d-----w- C:\Users\Charles\AppData\Local\{018B70C5-C421-407B-AB27-39D4B3318BC4}
2011-10-16 04:34:15 -------- d-----w- C:\Users\Charles\AppData\Local\{6F294B45-B017-4B73-9273-BF9C409ADCDC}
2011-10-15 16:33:32 -------- d-----w- C:\Users\Charles\AppData\Local\{703EA872-C605-4A55-9789-93755B857333}
2011-10-15 16:33:17 -------- d-----w- C:\Users\Charles\AppData\Local\{A7C10144-FDDE-4EA0-999A-C9F1D3B78005}
2011-10-15 01:54:16 -------- d-----w- C:\Users\Charles\AppData\Local\{1ADBE329-FA44-4F0F-9F4C-C659F80889D5}
2011-10-15 01:54:05 -------- d-----w- C:\Users\Charles\AppData\Local\{CC1220B3-96FB-4CCD-B6B2-956694D8597D}
2011-10-14 13:53:31 -------- d-----w- C:\Users\Charles\AppData\Local\{C3EBC866-A3B0-4C55-8B1C-563B065E602B}
2011-10-14 13:53:09 -------- d-----w- C:\Users\Charles\AppData\Local\{BC0D9165-DE0E-4A90-A7BC-E8B7F62A5E3D}
2011-10-13 16:51:55 -------- d-----w- C:\Users\Charles\AppData\Local\{B75E95C7-83F9-475E-AC46-9083EAF3D70D}
2011-10-13 16:51:43 -------- d-----w- C:\Users\Charles\AppData\Local\{D4F35C14-74FE-4202-A376-580EF7CB5EBC}
2011-10-13 04:48:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-10-13 03:42:18 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 03:33:38 -------- d-----w- C:\Users\Charles\AppData\Local\{088C4B8E-F58D-4DD1-A3C6-F04A0CCA154D}
2011-10-13 03:33:28 -------- d-----w- C:\Users\Charles\AppData\Local\{BB966CEB-19B4-4B4D-AE08-D668CAFC0E95}
2011-10-13 01:39:13 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 01:39:13 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 01:39:13 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 01:39:13 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 01:30:50 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 01:30:50 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 01:30:50 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 01:30:50 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 15:32:55 -------- d-----w- C:\Users\Charles\AppData\Local\{F4391A84-ADAC-4849-B67B-A29E7AC4D69C}
2011-10-12 15:32:40 -------- d-----w- C:\Users\Charles\AppData\Local\{46442861-4B36-4734-9EA0-FD30927B7E75}
2011-10-12 01:32:49 -------- d-----w- C:\Users\Charles\AppData\Local\{3AA0F21B-EFCD-4466-8BB4-C21D840ECD1A}
2011-10-12 01:32:38 -------- d-----w- C:\Users\Charles\AppData\Local\{39CB6463-4F9D-4788-9C2A-9A35979BC380}
2011-10-11 13:32:01 -------- d-----w- C:\Users\Charles\AppData\Local\{3900B22E-2A62-43EF-BB4F-62A19AB48ABB}
2011-10-11 13:31:44 -------- d-----w- C:\Users\Charles\AppData\Local\{6B976029-340F-42B7-B4C8-909B3B0C9FA6}
2011-10-11 00:03:22 -------- d-----w- C:\Users\Charles\AppData\Local\{58776360-BDB0-4997-BFDB-A503B9E77964}
2011-10-11 00:02:58 -------- d-----w- C:\Users\Charles\AppData\Local\{23D76CC4-C4AC-4360-B904-E87404D7D0B8}
2011-10-10 03:52:48 -------- d-----w- C:\Users\Charles\AppData\Local\{83538D99-EA9E-4E19-9827-2D4BADA964A3}
2011-10-10 03:52:38 -------- d-----w- C:\Users\Charles\AppData\Local\{6037DEB8-B0A4-4888-BE3C-DB19CC42382C}
2011-10-09 20:16:08 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2011-10-09 20:10:28 -------- d-----w- C:\ProgramData\Cisco Systems
2011-10-09 15:59:13 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
2011-10-09 15:52:09 -------- d-----w- C:\Users\Charles\AppData\Local\{7B66D477-CC80-47E3-945C-D0895C1314B4}
2011-10-09 15:48:32 -------- d-----w- C:\Users\Charles\AppData\Local\{B40CF7AB-BD9E-4F02-8821-7140E978CA55}
2011-10-08 23:45:49 -------- d-----w- C:\Users\Charles\AppData\Local\{B59AFC04-3605-47B7-98CC-6A680854B94F}
2011-10-08 23:45:17 -------- d-----w- C:\Users\Charles\AppData\Local\{E9275B13-C316-435B-9439-6F94C9233D3E}
2011-10-08 23:08:20 -------- d-----w- C:\Users\Charles\AppData\Local\{5305E9A6-085C-4722-AC5D-72B49A07EF64}
2011-10-07 20:06:25 -------- d-----w- C:\Users\Charles\AppData\Local\{29A8AEA3-DBAB-447A-B252-CC41736324C3}
2011-10-07 20:06:10 -------- d-----w- C:\Users\Charles\AppData\Local\{7EF73D16-FB61-4807-A1C3-7DA80AAF2050}
2011-10-07 01:18:01 -------- d-----w- C:\Users\Charles\AppData\Local\{A763A1C4-5BEF-4E42-806E-0CD5FEE16165}
2011-10-07 01:17:51 -------- d-----w- C:\Users\Charles\AppData\Local\{AC58833A-A630-4A71-BECA-AFC5B424F0C3}
2011-10-07 00:12:23 -------- d-----w- C:\Users\Charles\room
2011-10-06 13:17:14 -------- d-----w- C:\Users\Charles\AppData\Local\{C865B536-DDCE-4114-A3E2-BD062653A484}
2011-10-06 13:17:00 -------- d-----w- C:\Users\Charles\AppData\Local\{84F9693A-9525-4B03-9555-3F994E044C11}
2011-10-05 15:07:56 -------- d-----w- C:\Users\Charles\AppData\Local\{3B0703A9-92BC-460F-80C7-6558D7D7C0EF}
2011-10-05 15:07:44 -------- d-----w- C:\Users\Charles\AppData\Local\{AD8B5BF3-BCB3-4C53-884C-3EF9E24A23EC}
2011-10-04 19:48:01 -------- d-----w- C:\Users\Charles\AppData\Local\{CF3D8D17-1398-4E1C-AD87-BFB1D51C18F5}
2011-10-04 19:47:45 -------- d-----w- C:\Users\Charles\AppData\Local\{9C528B58-2254-4A0D-92AF-F8881D7133FE}
2011-09-26 14:04:22 -------- d-----w- C:\Users\Charles\AppData\Local\{DF1E5E46-EBE1-484A-8714-D7F2BB561291}
2011-09-26 14:04:04 -------- d-----w- C:\Users\Charles\AppData\Local\{48BB698F-D9F1-406F-9AA4-80455ADBD478}
2011-09-25 16:03:43 -------- d-----w- C:\Users\Charles\AppData\Local\{88045F1D-78E8-477C-80E0-DA18D7CFBCF8}
2011-09-25 16:03:33 -------- d-----w- C:\Users\Charles\AppData\Local\{81CE1580-C5E2-48D8-A594-63DC2CB1F022}
2011-09-25 04:02:51 -------- d-----w- C:\Users\Charles\AppData\Local\{FFEE4EB1-035B-49B8-A232-027BDB9EAFFD}
2011-09-25 04:02:38 -------- d-----w- C:\Users\Charles\AppData\Local\{42480912-9663-49A9-9AA2-0D880A8F025F}
2011-09-24 03:28:41 -------- d-----w- C:\Users\Charles\AppData\Local\{F91A38E4-84D7-456E-8252-D8762F691C48}
2011-09-23 15:28:15 -------- d-----w- C:\Users\Charles\AppData\Local\{A83A91F9-A13B-415E-8DD7-5E97CA295A26}
2011-09-23 15:28:04 -------- d-----w- C:\Users\Charles\AppData\Local\{56B8B3B2-F16D-464F-B38B-B5881B459309}
2011-09-23 03:27:37 -------- d-----w- C:\Users\Charles\AppData\Local\{94BE6B37-6B83-4CC9-B308-63254EAE8753}
2011-09-22 15:27:12 -------- d-----w- C:\Users\Charles\AppData\Local\{18C8CCE3-F894-4A7E-B2C7-E8530D425CD8}
2011-09-22 15:27:02 -------- d-----w- C:\Users\Charles\AppData\Local\{9CA43156-4D66-48A1-9CD1-73BD95B975E0}
2011-09-22 15:19:01 -------- d-----w- C:\Program Files\Frieger
2011-09-22 03:26:35 -------- d-----w- C:\Users\Charles\AppData\Local\{11CE1D6C-05A9-4C4A-9A32-6FECC4C90A61}
2011-09-21 15:26:10 -------- d-----w- C:\Users\Charles\AppData\Local\{E4D4F988-8D6E-4883-BE8E-8DF3AB482A86}
2011-09-21 15:25:59 -------- d-----w- C:\Users\Charles\AppData\Local\{BF0E0506-9BF6-4D6E-98BE-301BD5DA349D}
2011-09-21 03:25:33 -------- d-----w- C:\Users\Charles\AppData\Local\{C42EBD28-E3DB-48D0-9841-58521B8CA95D}
.
==================== Find3M ====================
.
2011-10-19 14:26:56 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL
2011-10-19 13:51:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-10 13:31:18 17200 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2011-09-17 23:58:10 6908648 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-13 22:30:30 72280 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2011-07-27 16:03:17 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
.
============= FINISH: 22:24:11.04 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/15/2010 10:21:51 AM
System Uptime: 10/20/2011 10:16:50 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1449
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz | CPU | 1600/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 443 GiB total, 324.934 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 439.426 GiB free.
E: is FIXED (NTFS) - 23 GiB total, 3.325 GiB free.
F: is FIXED (FAT32) - 0 GiB total, 0.082 GiB free.
G: is CDROM ()
H: is Removable
I: is FIXED (NTFS) - 932 GiB total, 852.348 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP268: 10/16/2011 2:22:55 PM - Windows Update
RP269: 10/17/2011 9:36:59 AM - Installed Nitro PDF Reader 2
RP270: 10/17/2011 9:50:34 AM - Removed Microsoft Silverlight
RP271: 10/19/2011 9:26:00 AM - Installed "ViewNX 2"
RP272: 10/19/2011 3:20:08 PM - Installed Lavasoft Registry Tuner
RP273: 10/19/2011 4:05:37 PM - Removed 7-Zip 9.16 (x64 edition)
RP274: 10/19/2011 9:06:22 PM - Restore Operation
RP275: 10/19/2011 10:11:15 PM - Windows Update
RP276: 10/20/2011 12:23:27 PM - Installed HP System Diagnostics UEFI
RP277: 10/20/2011 8:23:52 PM - Restore Operation
RP278: 10/20/2011 9:30:02 PM - Removed COWON Media Center - jetAudio Basic VX
RP279: 10/20/2011 9:33:47 PM - Removed AxCrypt 1.7.2126.0
RP280: 10/20/2011 9:35:48 PM - Removed InstallIQ Updater
RP281: 10/20/2011 9:47:24 PM - Removed Avery Wizard 4.0.
RP282: 10/20/2011 9:50:33 PM - Removed DesignPro 5
RP283: 10/20/2011 10:01:35 PM - Removed COWON Media Center - jetAudio Basic VX
RP284: 10/20/2011 10:02:21 PM - Removed IDT Audio
RP285: 10/20/2011 10:19:09 PM - Removed COWON Media Center - jetAudio Basic VX
.
==== Installed Programs ======================
.
Ad-Aware
Ad-Aware Total Security
Address Book
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Avanquest update
BufferChm
C309g-m
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Connect
ContentManager
COWON Media Center - jetAudio Basic VX
Curse Client
D3DX10
Destinations
DeviceDiscovery
DVD Menu Pack for HP MediaSmart Video
ESU for Microsoft Windows 7
Fable - The Lost Chapters
Feedback Tool
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.1.0
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Video
HP MediaSmart Webcam
HP Product Detection
HP Software Framework
HP Support Assistant
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
Intel® Management Engine Components
Intel® Rapid Storage Technology
IrfanView (remove only)
Junk Mail filter update
KeePass Password Safe 2.15
Lavasoft Registry Tuner
LibreOffice 3.3 Help Pack (English)
LibreOffice 3.4
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon File Uploader 2
Nikon Message Center 2
Nikon Movie Editor
Octoshape add-in for Adobe Flash Player
Panda USB Vaccine 1.0.1.4
Picasa 3
Picture Control Utility
PS_AIO_06_C309g-m_SW_Min
PX Profile Update
QuickTransfer
Razer Naga
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Rename Master
Runes of Magic
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
SugarSync Manager
Toolbox
TrayApp
UFRaw 0.18
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
ViewNX 2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Works Suite OS Pack
Works Synchronization
World of Warcraft
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
10/20/2011 9:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding
10/20/2011 8:53:45 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/20/2011 8:53:07 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/20/2011 8:52:40 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
10/20/2011 8:40:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
10/20/2011 12:41:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
10/20/2011 10:20:54 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {E9513610-F218-4DDA-B954-2C7E6BA7CABB} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding
10/20/2011 10:17:42 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
10/20/2011 10:17:11 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
10/20/2011 10:17:11 PM, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The system cannot find the path specified.
10/20/2011 10:17:10 PM, Error: Service Control Manager [7000] - The Avira AntiVir Scheduler service failed to start due to the following error: The system cannot find the path specified.
10/20/2011 10:17:10 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
10/20/2011 10:17:05 PM, Error: volmgr [46] - Crash dump initialization failed!
10/19/2011 8:48:51 PM, Error: Service Control Manager [7034] - The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 8:48:45 PM, Error: Service Control Manager [7034] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 8:48:32 PM, Error: Service Control Manager [7034] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 8:48:18 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 8:40:15 PM, Error: Service Control Manager [7034] - The Spybot-S&D 2 Hooks Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 8:37:56 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 8:36:36 PM, Error: Service Control Manager [7034] - The Authentication Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 8:35:35 PM, Error: Service Control Manager [7034] - The Cryptainer service service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 8:34:41 PM, Error: Service Control Manager [7034] - The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2011 7:05:07 PM, Error: Service Control Manager [7000] - The Avira Upgrade Service service failed to start due to the following error: The system cannot find the file specified.
10/19/2011 6:31:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.
10/19/2011 6:30:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
10/19/2011 5:28:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/19/2011 5:28:22 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2011 5:28:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/19/2011 5:00:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 5:00:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/19/2011 5:00:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/19/2011 5:00:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/19/2011 5:00:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/19/2011 5:00:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/19/2011 4:59:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/19/2011 4:59:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache GDMnIcpt gdwfpcd GizmoDrv HookCentre MpFilter NetBIOS NetBT nsiproxy Psched rdbss SDHookDriver spldr ssoftnt4 tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 4:59:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 3:59:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
10/18/2011 1:11:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
.
==== End Of File ===========================

[CeciliaB]

There are several Avira Antivir items in the log, including one item that certainly can disturb an internet connection.

Please, save LSPFix on the Desktop: http://www.cexx.org/LSPFix.exe
Start the program.
Check-mark "I know what I'm doing".
In the box called "Keep" there will be one or several lines with this file name:

avsda.dll

Select each of those lines and move them one by one to the box called "Remove" by clicking the >> button.
Click Finish.
Restart the computer and check if internet is working.

To remove Avira services and driver start an elevated "Command Prompt" in the following way, please:

Start menu - All programs - Accessories
Right-click "Command Prompt" and select "Run as administrator".
In the "Command Prompt" window write the following commands:

sc stop avgntflt
sc delete avgntflt
sc stop AntiVirSchedulerService
sc delete AntiVirSchedulerService
sc stop AntiVirService
sc delete AntiVirService
sc stop AntiVirWebService
sc delete AntiVirWebService

If you get any error messages, please write them down.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
You should not have that program installed when running Total Security.

This folder could indicate an infection:
2011-10-13 04:48:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
Please, write here what files that are located in that folder. Note that the folder is marked as both hidden and operating system file why you may need to enable both types of files to be able to see the folder.
Have you noticed any other sign of an infection?

10/20/2011 12:41:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
10/18/2011 1:11:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
The above sometimes indicate a failing hard disk or motherboard.

Regarding the search engine in Internet Explorer:
mSearchAssistant = hxxp://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4
you should read the comments on http://www.mywot.com...d/facemoods.com

The selected search engine Ask.com in Firefox has a privacy policy that many doesn't like.
FF - prefs.js: browser.search.selectedEngine - Ask.com

[parkpapa]

There are several Avira Antivir items in the log, including one item that certainly can disturb an internet connection.

Please, save LSPFix on the Desktop: http://www.cexx.org/LSPFix.exe
Start the program.
Check-mark "I know what I'm doing".
In the box called "Keep" there will be one or several lines with this file name:

avsda.dll

Select each of those lines and move them one by one to the box called "Remove" by clicking the >> button.
Click Finish.
Restart the computer and check if internet is working.

To remove Avira services and driver start an elevated "Command Prompt" in the following way, please:

Start menu - All programs - Accessories
Right-click "Command Prompt" and select "Run as administrator".
In the "Command Prompt" window write the following commands:

sc stop avgntflt
sc delete avgntflt
sc stop AntiVirSchedulerService
sc delete AntiVirSchedulerService
sc stop AntiVirService
sc delete AntiVirService
sc stop AntiVirWebService
sc delete AntiVirWebService

If you get any error messages, please write them down.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
You should not have that program installed when running Total Security.

This folder could indicate an infection:
2011-10-13 04:48:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
Please, write here what files that are located in that folder. Note that the folder is marked as both hidden and operating system file why you may need to enable both types of files to be able to see the folder.
Have you noticed any other sign of an infection?

10/20/2011 12:41:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
10/18/2011 1:11:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
The above sometimes indicate a failing hard disk or motherboard.

Regarding the search engine in Internet Explorer:
mSearchAssistant = hxxp://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4
you should read the comments on http://www.mywot.com...d/facemoods.com

The selected search engine Ask.com in Firefox has a privacy policy that many doesn't like.
FF - prefs.js: browser.search.selectedEngine - Ask.com

You are an absolute angel!!! The LSPFix program removed one instance of the avira dll file and on restart I connected with the internet instantly! I have seen no other signs of infection but am having trouble locating the APPDATA file you refer to above. The computer is only a year old so I sure hope it is not a failing disk or motherboard, but I have an extended warranty. I will look at the mywot.com site after I finish this note to you.

As for the Ask.com search engine, though I like the information available at Ask.com, I do not like having any program that requires me to add something I don't want in order to use the program. I will attempt to remove it as well.

Thanks again for your help!!!!
Charles

[CeciliaB]

You are welcome
I am glad that you now has an internet connection.

We can use a program to check the content of the %APPDATA% folder, if you prefer that.
Save SystemLook on the desktop from one of these linkes:
http://jpshortstuff..../SystemLook.exe
http://images.malwar.../SystemLook.exe

Double-click on SystemLook file to run it.

Copy all lines in the box

:dir
C:\Windows\SysWow64\%APPDATA%

and paste in the big text field in SýstemLook.
Click on the Look button to start the search.
When finished Notepad will pop-up with the log. Copy the log and paste into your answer. If Notepad doesn't pop-up you can find the log as SystemLook.txt on the Desktop.

Keep an eye on the Event Viewer and see if any more errors about Disk issues arrives.