Author Topic: [Resolved] Redirected Searches, Delays in typing, System Slowed  (Read 16235 times)

Offline adammedonca

  • Bronze Member
  • Posts: 51
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #15 on: December 23, 2011, 04:52:35 AM »
OTL Extras logfile created on: 12/23/2011 4:37:54 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Adam\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 62.87% Memory free
5.71 Gb Paging File | 4.71 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.88 Gb Total Space | 106.12 Gb Free Space | 48.26% Space Free | Partition Type: NTFS
 
Computer Name: ADAM-LAPTOP | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0030BD4E-5770-4133-8C9C-5600C7BB1709}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{191B61B3-EB46-4B00-A9CD-C50001554691}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D23C717-2BD3-4C22-80FB-3795BAB16D58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FA93BF5-084B-49AE-A83C-6BD6F0431B15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E553270-9D8F-45FA-9FDB-711FF74AEB59}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3D589A50-D690-46A2-9095-AC32994CBC02}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C9D3CE7-AE95-4669-BEF0-D08AF430F60E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60E24793-8AEB-41C6-8E6B-DB4034F0846E}" = rport=137 | protocol=17 | dir=out | app=system |
"{6E875D1D-6883-458A-B807-A516C17D5C65}" = rport=445 | protocol=6 | dir=out | app=system |
"{710AC3C0-C5D3-443D-99C3-C2C34E1CC1A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{928A7B03-F05F-4660-BBC3-BDC235C19521}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94352A8B-DD0C-4BEE-B5BD-F07D4B5A2FFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A27682C9-827C-4479-9E3A-3213C672C553}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7E302B9-1C84-4229-8C68-FA0E47CD304A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B97D0758-F807-44A7-A35A-197630EE5C0C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4B5978E-6592-4F40-B01E-7C5C5FD88303}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4BEDB01-9F55-4A35-9789-2043C8AD7B87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CC679489-586B-4904-AD67-DE4B800FBB0A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7F42EB4-E90F-4D5A-A816-70BCFC594C58}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EAD9A8DE-A5FB-47C1-973E-E9B184643638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB5DC992-A09E-4AAD-BAB3-167A726976CD}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CA042A-CFC8-4725-A895-9AC93FA4AFAF}" = protocol=6 | dir=out | app=system |
"{02FA2E2C-0CDB-4CE1-BBEF-47004A230AD2}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{037CCFF0-885B-4502-9CE5-E42AE70EC9AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03FAF552-E6E8-4FDC-AF19-EE165F4C243D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05461B83-1507-4F8B-A135-275E54A406C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{058EE441-548C-4449-A380-75823141154C}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{098D0297-7C83-4AA8-ACD7-54F483DBF5A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A010995-45D2-4A11-A683-010EFD5AB6CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B5C4252-DC4F-413B-B1EF-2C251E3FBC41}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{109F2576-6F3B-4EFC-8F75-BEF10D9B2AB2}" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{19AB15F1-0B2E-4731-B849-367C73A7D8DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24084618-AE15-4719-82B7-CC17C717EA4D}" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{243308FA-B98B-4C7A-9AD1-10006ED3F21C}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{25BEB134-3C8F-4126-B444-50B2B2FEB6BB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4DFE59FA-0A08-48B3-B7D8-D4C7BDE9502A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4F57C44B-F6D6-4ACB-B2AD-EBE2996B2FA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5402F0C6-3D6A-4C12-902A-7F09A1028A11}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{60FD1820-DC0E-41AC-9F59-0D911ACA587E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E0C9373-E6AB-4C61-9259-BFD00D9F1922}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{70A0CA11-8AE3-4958-BEFC-C90533E4C031}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7249FB22-8CAD-4D92-A751-2198B9875FA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7271DF04-34C5-4028-8E15-08B4753433B7}" = protocol=6 | dir=in | app=c:\program files\aspmonitor\asmonitor.exe |
"{77A993F5-9101-49B0-96FF-93A2AA446399}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79205262-FF3C-46BE-80CF-6B0668459604}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80BCE2F0-84C0-42A6-9B64-19E40C6C3B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8139713D-DD73-454B-863C-2A82274329B2}" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{885B629F-E239-4486-885A-57B5C8D1F21E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8DCBDB91-5385-43EA-80D3-CCA19D4F8131}" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9A02062A-58D9-4FA5-BD3F-F8E8BDE77B56}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A7282EFA-EE27-47D8-AE52-C9CA8D664FA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A847A802-AC5C-4322-B458-77DF42BF2C07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3051700-B3EB-4FE5-B062-009888BDBAD0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6C7AF82-3A0C-4824-8DDB-3D3DAF51EFAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAECA4E5-8745-4AF6-8EEE-197F9FE82CEF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{CD046ADD-5DFC-4931-921C-C98AF49191C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD69561F-2A78-4F44-9D59-85DA06F70E05}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{CF67CF98-C018-468E-9A8C-0687B7F9C535}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DA4E93FB-798B-41F2-AD2B-3C09A836DC97}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DC2D7E2D-154C-4587-A905-7029C1C00B8A}" = protocol=17 | dir=in | app=c:\program files\aspmonitor\asmonitor.exe |
"{EBDCF5FC-02FD-44CE-B85B-2F0A3F2CCB1B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8CC7771-4B04-4BD9-BA64-02A002074B07}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F93C1656-9B39-407D-B77F-581282F3AF17}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{DA73036A-25F1-43E0-88ED-FE9625A3014B}C:\program files\wyzo\wyzo.exe" = protocol=6 | dir=in | app=c:\program files\wyzo\wyzo.exe |
"UDP Query User{74E8990E-8EC0-4389-A0D3-CF8A138EC66A}C:\program files\wyzo\wyzo.exe" = protocol=17 | dir=in | app=c:\program files\wyzo\wyzo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6E434AAA-24B3-8550-5EAB-4D7BF4AC5563}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AVG9Uninstall" = AVG Free 9.0
"Canon MP160 User Registration" = Canon MP160 User Registration
"CanonMyPrinter" = Canon My Printer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"doubleTwist" = doubleTwist
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"eMachines Screensaver" = eMachines ScreenSaver
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.10
"WildTangent emachines Master Uninstall" = eMachines Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Amazon Kindle For PC" = Amazon Kindle For PC
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/4/2011 4:02:30 PM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/4/2011 4:02:31 PM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/4/2011 4:03:23 PM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/4/2011 4:04:34 PM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/5/2011 1:55:50 AM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/5/2011 1:58:52 AM | Computer Name = Adam-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/5/2011 1:58:52 AM | Computer Name = Adam-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/5/2011 1:58:52 AM | Computer Name = Adam-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/5/2011 1:58:52 AM | Computer Name = Adam-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/5/2011 3:00:10 AM | Computer Name = Adam-Laptop | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 12/23/2011 5:41:19 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7030
Description =
 
Error - 12/23/2011 6:02:26 AM | Computer Name = Adam-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:00:08 AM on 12/23/2011 was unexpected.
 
Error - 12/23/2011 6:02:59 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12/23/2011 6:02:59 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7024
Description =
 
Error - 12/23/2011 6:02:59 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12/23/2011 6:03:24 AM | Computer Name = Adam-Laptop | Source = WMPNetworkSvc | ID = 866312
Description =
 
Error - 12/23/2011 6:03:24 AM | Computer Name = Adam-Laptop | Source = WMPNetworkSvc | ID = 866312
Description =
 
Error - 12/23/2011 6:28:31 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7034
Description =
 
Error - 12/23/2011 6:31:22 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7034
Description =
 
Error - 12/23/2011 6:34:12 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >





aswMBR will not run. I double click the icon. I click run, then nothing happens

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2829
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #16 on: December 23, 2011, 03:56:49 PM »
Hi Adam

OTL found quite a bit so we will remove it.

1.   Double click on the OTL icon to run it (Vista and Windows 7 users right click and select Run as  Administrator). Make sure all other windows are closed and to let it run uninterrupted. 

2.  In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".  On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked.  Copy the code in the code box below and paste it into the Custom Scan box .

Code: [Select]
:OTL
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
[2011/12/20 17:46:56 | 000,000,000 | ---D | C] -- C:\f148fa03e70fcc8ffc56
[2011/11/26 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\BitTorrent
[2011/12/20 18:13:49 | 000,010,460 | -HS- | M] () -- C:\Users\Adam\AppData\Local\882146l3n571m668j688e0tvj7p3
[2011/12/20 18:13:49 | 000,010,460 | -HS- | M] () -- C:\ProgramData\882146l3n571m668j688e0tvj7p3
[2011/12/18 16:11:06 | 000,010,722 | -HS- | M] () -- C:\Users\Adam\AppData\Local\354348l3b418t214o036d7iou8v8
[2011/12/17 20:27:58 | 000,009,254 | -HS- | M] () -- C:\ProgramData\xhjvql3i4yxp4ume2wny4f745o4j
[2011/12/17 20:27:58 | 000,009,254 | -HS- | M] () -- C:\Users\Adam\AppData\Local\xhjvql3i4yxp4ume2wny4f745o4j
[2011/12/18 16:11:06 | 000,010,722 | -HS- | M] () -- C:\ProgramData\354348l3b418t214o036d7iou8v8
[2011/12/08 18:40:31 | 000,024,064 | ---- | M] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 14:40:03 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/05 14:40:02 | 000,000,312 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/04 22:29:48 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/11/04 16:57:51 | 000,000,200 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/04 16:57:50 | 000,000,296 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/04 16:57:46 | 000,000,448 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/07/06 23:35:17 | 000,011,298 | -HS- | C] () -- C:\Users\Adam\AppData\Local\5m3e31t8ygo2173
[2011/07/06 23:35:17 | 000,011,298 | -HS- | C] () -- C:\ProgramData\5m3e31t8ygo2173
[2011/06/05 16:44:17 | 000,008,786 | -HS- | C] () -- C:\Users\Adam\AppData\Local\8f2gvu11wnj076224dw377dm
[2011/06/05 16:44:17 | 000,008,786 | -HS- | C] () -- C:\ProgramData\8f2gvu11wnj076224dw377dm
[2011/12/21 01:47:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\BitTorrent
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

:FILES

:Commands
 [REBOOT]



3.  Click on the Run Fix button.  The fix log is saved on your C: drive under OTL\Moved Files as date-some number.log.  Reboot you PC.

4.  Now click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.  When the scan completes, it will open a notepad window,  OTL.Txt.  this is saved in the same location as OTL.

5. Run MBAM again.  Be sure to update the program and run a full system scan.  And be sure to fix all problems found.

6.  Run ESET Online Scanner  again.

7.  Be sure that ONLY the following items are checked:
   Remove found threats
   Scan for potentially unwanted applications
   Enable Anti-Stealth technology

Click Start.

It may take some time for the virus definitions to download and the scan to finish.  Do not click on the interface, download or install anything until the scan completes.  When the scan completes click Finish.

8.  Navigate to the following file path, C:\Program Files\ESET\ESET Online Scanner and Double-click on the log file.  Click File/Save As and name the file ESETLog.txt and save it to your desktop.


As always please check to be sure Word Wrap is NOT turned on in any Notepad files you post and please be sure to check that all the data you entered was posted.  If not, use multiple posts.

Now please post the following to me as a reply to this post:
OTL Fix Log
OTL.txt
mbam-log-latest date
EsetLog.txt
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well


Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline adammedonca

  • Bronze Member
  • Posts: 51
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #17 on: December 24, 2011, 12:39:28 AM »
I ran otl. then malwarebytes. malwarebytes found said it found no malicious threats. but i am now getting pop-ups from windows vista antispyware 2012. firefox is blocked from going to anywebsite because of vista antispyware 2012

here is the otl log



OTL logfile created on: 12/23/2011 8:39:25 PM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Adam\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 57.33% Memory free
5.70 Gb Paging File | 4.55 Gb Available in Paging File | 79.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.88 Gb Total Space | 108.15 Gb Free Space | 49.19% Space Free | Partition Type: NTFS
 
Computer Name: ADAM-LAPTOP | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/23 04:35:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\google.exe
PRC - [2011/12/23 04:03:57 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Adam\AppData\Local\temp\RtkBtMnt.exe
PRC - [2011/11/11 18:54:50 | 013,222,400 | ---- | M] (Google Inc.) -- C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 00:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 13:07:08 | 000,686,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
PRC - [2009/02/06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
PRC - [2009/01/17 01:50:58 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/11 18:45:00 | 000,344,064 | ---- | M] () -- C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2011/11/11 18:44:50 | 000,346,624 | ---- | M] () -- C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2011/11/11 18:44:08 | 000,363,520 | ---- | M] () -- C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2011/11/11 18:44:08 | 000,198,656 | ---- | M] () -- C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2010/02/10 23:30:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2003/06/06 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/26 00:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011/03/18 07:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/15 08:39:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/07/27 12:48:16 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2011/05/05 10:18:11 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 08:38:46 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 11:22:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/11 01:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/10/07 02:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009/10/07 02:47:55 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 21:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/01/14 21:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/01/03 18:42:00 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/11/03 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 07:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/11/05 15:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/11/05 15:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 22:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/24 18:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/05 15:22:00 | 000,000,000 | ---D | M]
 
[2009/07/02 13:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2011/12/03 19:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\extensions
[2011/12/21 01:47:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/21 01:47:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/18 02:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 15:21:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 22:03:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/24 18:02:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/21 19:34:13 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/24 18:02:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2011/12/23 03:59:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2101CE1F-0A44-4E44-8EFD-28571E6AB6DF}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A10656B4-E2CC-4A15-8CD9-91DF8C2437F2}: DhcpNameServer = 10.12.1.5
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O24 - Desktop WallPaper: C:\Users\Adam\Desktop\Pictures\2009-07-02 alaska\alaska 176.JPG
O24 - Desktop BackupWallPaper: C:\Users\Adam\Desktop\Pictures\2009-07-02 alaska\alaska 176.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/23 20:32:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/23 04:38:53 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
[2011/12/23 04:35:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\google.exe
[2011/12/23 04:02:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/23 03:58:58 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\temp
[2011/12/23 03:58:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/23 02:51:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/23 02:51:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/23 02:51:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/23 02:50:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/23 02:50:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/23 02:49:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/23 02:46:31 | 004,348,814 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
[2011/12/23 02:08:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\stop.scr
[2011/12/23 02:00:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\dds.scr
[2011/12/23 01:06:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Adam\Desktop\HijackThis.exe
[2011/12/22 02:53:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/21 23:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/21 21:58:08 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\secretthing.com
[2011/12/21 01:17:14 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Subscriptions
[2011/12/18 22:02:12 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Shared Music
[2011/12/18 02:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/18 02:44:47 | 000,000,000 | ---D | C] -- C:\Users\Adam\Tracing
[2011/12/17 01:53:57 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\xmvb x
[2011/12/03 19:08:18 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/03 18:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/03 18:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/03 18:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/03 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/12/03 18:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/03 18:01:08 | 000,000,000 | ---D | C] -- C:\ATI
[2011/11/26 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\doubleTwist Corporation
[2011/11/26 19:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist
[2011/11/26 19:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\doubleTwist
[2011/11/26 19:32:25 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2011/11/26 19:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2011/11/26 19:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0
[2011/11/24 17:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/24 17:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/24 16:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/24 16:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/23 20:41:24 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/23 20:41:24 | 000,109,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/23 20:35:40 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 20:34:44 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 20:34:44 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 20:34:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 20:34:23 | 2950,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 20:30:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 20:30:30 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1000265405-3506121479-2019536667-1000UA.job
[2011/12/23 04:50:38 | 000,002,039 | ---- | M] () -- C:\Users\Adam\Desktop\Google Chrome.lnk
[2011/12/23 04:38:59 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
[2011/12/23 04:35:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\google.exe
[2011/12/23 04:01:30 | 280,858,724 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/23 03:59:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/23 02:46:37 | 004,348,814 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
[2011/12/23 02:08:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\stop.scr
[2011/12/23 02:00:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\dds.scr
[2011/12/23 01:06:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Adam\Desktop\HijackThis.exe
[2011/12/23 01:06:34 | 001,402,880 | ---- | M] () -- C:\Users\Adam\Desktop\HiJackThis.msi
[2011/12/21 21:58:51 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\secretthing.com
[2011/12/20 18:16:34 | 001,008,141 | ---- | M] () -- C:\Users\Adam\Desktop\iExplore.exe
[2011/12/20 17:48:59 | 002,349,842 | ---- | M] () -- C:\Users\Adam\Desktop\Video 17.wmv
[2011/12/17 20:16:29 | 000,001,356 | ---- | M] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2011/12/17 02:01:53 | 001,557,791 | ---- | M] () -- C:\Users\Adam\Desktop\tdsskiller.zip
[2011/12/15 22:36:21 | 014,054,394 | ---- | M] () -- C:\Users\Adam\Desktop\Video 7.wmv
[2011/12/15 22:32:09 | 009,790,148 | ---- | M] () -- C:\Users\Adam\Desktop\Video 6.wmv
[2011/12/09 20:48:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1000265405-3506121479-2019536667-1000Core.job
[2011/12/05 19:45:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/12/04 19:11:42 | 000,002,609 | ---- | M] () -- C:\Users\Adam\Desktop\Microsoft Office Word 2003.lnk
[2011/12/04 18:51:52 | 000,350,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/26 19:32:31 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2011/11/24 17:09:58 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2011/12/23 03:16:57 | 2950,787,072 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/23 02:51:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/23 02:51:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/23 02:51:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/23 02:51:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/23 02:51:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/23 01:06:33 | 001,402,880 | ---- | C] () -- C:\Users\Adam\Desktop\HiJackThis.msi
[2011/12/21 01:53:17 | 001,008,141 | ---- | C] () -- C:\Users\Adam\Desktop\iExplore.exe
[2011/12/20 17:47:29 | 002,349,842 | ---- | C] () -- C:\Users\Adam\Desktop\Video 17.wmv
[2011/12/17 01:53:00 | 001,557,791 | ---- | C] () -- C:\Users\Adam\Desktop\tdsskiller.zip
[2011/12/15 22:33:32 | 014,054,394 | ---- | C] () -- C:\Users\Adam\Desktop\Video 7.wmv
[2011/12/15 22:30:03 | 009,790,148 | ---- | C] () -- C:\Users\Adam\Desktop\Video 6.wmv
[2011/12/03 19:08:23 | 000,002,039 | ---- | C] () -- C:\Users\Adam\Desktop\Google Chrome.lnk
[2011/11/26 19:32:31 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2011/11/26 19:32:26 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/11/24 17:09:58 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/16 11:36:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/08 19:36:58 | 000,004,096 | ---- | C] () -- C:\Users\Adam\AppData\Local\keyfile3.drm
[2010/04/06 19:31:49 | 000,153,316 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/03/30 21:48:33 | 000,001,356 | ---- | C] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2010/02/10 23:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/10 20:59:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/19 15:32:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/19 15:32:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/11 10:17:20 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\prvlcl.dat
[2009/08/08 17:10:21 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/02 17:40:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/02 13:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/07 23:02:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/23 16:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/03/10 15:36:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/03/10 15:36:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/03/10 15:36:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/03/10 15:36:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/03/10 14:26:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 000,350,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,109,616 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2010/06/27 17:22:51 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\acccore
[2010/08/30 08:10:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Advanced Chemistry Development
[2010/06/27 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Amazon
[2011/12/21 01:47:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Azureus
[2011/11/05 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Canon
[2011/12/21 01:47:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0
[2010/10/24 13:18:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\InterVideo
[2011/05/29 10:56:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/08/08 17:10:05 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ScanSoft
[2011/12/23 20:33:18 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Offline adammedonca

  • Bronze Member
  • Posts: 51
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #18 on: December 24, 2011, 01:09:04 AM »
also, i said that i had disabled my anti virus programs when i ran combofix. but, i see windows defender in the log i posted. i do not believe i turned that off when i ran combofix.

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2829
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #19 on: December 24, 2011, 02:26:02 AM »
Hi Adam

I need the OTLFix log, the MBAM log and the ESET log.  To disable Windows Defender:

Launch Windows Defender and go to Tools/Options.  Launch Windows Defender and go to Tools/Options.  Deselect the Use Windows Defender box and press the Save button.  Click OK and Close as needed.

Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline adammedonca

  • Bronze Member
  • Posts: 51
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #20 on: December 24, 2011, 03:26:24 PM »
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cf5c08fe584fd54c9ac55285a6cab8e5
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 08:39:58
# local_time=2011-12-22 02:39:58 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 63926025 63926025 0 0
# compatibility_mode=5892 16776573 100 100 0 161140329 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66629
# found=10
# cleaned=10
# scan_time=10442
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-26af3eba   probably a variant of Java/Exploit.CVE-2010-4452.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\399851cf-2705469f   probably a variant of Win32/Agent.FQRCZBA trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\38566918-3c8eac4c   a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-531aa7a9   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\61a815d-2ed1cc87   probably a variant of Java/Agent.BR trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3ce71243-3a325278   Java/Exploit.CVE-2011-3544.D trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-66fa5940   probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-73eb0d36   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-11e9f313   a variant of Java/Exploit.CVE-2010-4452.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\729a4e73-6e6e9e93   a variant of Java/TrojanDownloader.OpenStream.NBG trojan (deleted - quarantined)   00000000000000000000000000000000   C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cf5c08fe584fd54c9ac55285a6cab8e5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-24 08:23:23
# local_time=2011-12-24 02:23:23 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 64103109 64103109 0 0
# compatibility_mode=5892 16776574 66 100 0 161317413 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=158781
# found=7
# cleaned=7
# scan_time=5162
C:\ProgramData\graffast.exe   a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\Local\dplaysvr.exe   a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\Local\dplayx.dll   a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\Local\temp\enrollmsi.exe   a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\Local\temp\jyhgje.exe   a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\Local\temp\ywerrtyerw.exe   a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\Adam\AppData\Roaming\machst.exe   a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

Offline adammedonca

  • Bronze Member
  • Posts: 51
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #21 on: December 24, 2011, 03:28:51 PM »
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122103

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/23/2011 11:52:41 PM
mbam-log-2011-12-23 (23-52-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 311984
Time elapsed: 2 hour(s), 44 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Where do I find the otl fix log? is this it:



OTL Extras logfile created on: 12/23/2011 4:37:54 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Adam\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 62.87% Memory free
5.71 Gb Paging File | 4.71 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.88 Gb Total Space | 106.12 Gb Free Space | 48.26% Space Free | Partition Type: NTFS
 
Computer Name: ADAM-LAPTOP | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0030BD4E-5770-4133-8C9C-5600C7BB1709}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{191B61B3-EB46-4B00-A9CD-C50001554691}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D23C717-2BD3-4C22-80FB-3795BAB16D58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FA93BF5-084B-49AE-A83C-6BD6F0431B15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E553270-9D8F-45FA-9FDB-711FF74AEB59}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3D589A50-D690-46A2-9095-AC32994CBC02}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C9D3CE7-AE95-4669-BEF0-D08AF430F60E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60E24793-8AEB-41C6-8E6B-DB4034F0846E}" = rport=137 | protocol=17 | dir=out | app=system |
"{6E875D1D-6883-458A-B807-A516C17D5C65}" = rport=445 | protocol=6 | dir=out | app=system |
"{710AC3C0-C5D3-443D-99C3-C2C34E1CC1A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{928A7B03-F05F-4660-BBC3-BDC235C19521}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94352A8B-DD0C-4BEE-B5BD-F07D4B5A2FFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A27682C9-827C-4479-9E3A-3213C672C553}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7E302B9-1C84-4229-8C68-FA0E47CD304A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B97D0758-F807-44A7-A35A-197630EE5C0C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4B5978E-6592-4F40-B01E-7C5C5FD88303}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4BEDB01-9F55-4A35-9789-2043C8AD7B87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CC679489-586B-4904-AD67-DE4B800FBB0A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7F42EB4-E90F-4D5A-A816-70BCFC594C58}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EAD9A8DE-A5FB-47C1-973E-E9B184643638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB5DC992-A09E-4AAD-BAB3-167A726976CD}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CA042A-CFC8-4725-A895-9AC93FA4AFAF}" = protocol=6 | dir=out | app=system |
"{02FA2E2C-0CDB-4CE1-BBEF-47004A230AD2}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{037CCFF0-885B-4502-9CE5-E42AE70EC9AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03FAF552-E6E8-4FDC-AF19-EE165F4C243D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05461B83-1507-4F8B-A135-275E54A406C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{058EE441-548C-4449-A380-75823141154C}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{098D0297-7C83-4AA8-ACD7-54F483DBF5A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A010995-45D2-4A11-A683-010EFD5AB6CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B5C4252-DC4F-413B-B1EF-2C251E3FBC41}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{109F2576-6F3B-4EFC-8F75-BEF10D9B2AB2}" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{19AB15F1-0B2E-4731-B849-367C73A7D8DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24084618-AE15-4719-82B7-CC17C717EA4D}" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{243308FA-B98B-4C7A-9AD1-10006ED3F21C}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{25BEB134-3C8F-4126-B444-50B2B2FEB6BB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4DFE59FA-0A08-48B3-B7D8-D4C7BDE9502A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4F57C44B-F6D6-4ACB-B2AD-EBE2996B2FA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5402F0C6-3D6A-4C12-902A-7F09A1028A11}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{60FD1820-DC0E-41AC-9F59-0D911ACA587E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E0C9373-E6AB-4C61-9259-BFD00D9F1922}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{70A0CA11-8AE3-4958-BEFC-C90533E4C031}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7249FB22-8CAD-4D92-A751-2198B9875FA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7271DF04-34C5-4028-8E15-08B4753433B7}" = protocol=6 | dir=in | app=c:\program files\aspmonitor\asmonitor.exe |
"{77A993F5-9101-49B0-96FF-93A2AA446399}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79205262-FF3C-46BE-80CF-6B0668459604}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80BCE2F0-84C0-42A6-9B64-19E40C6C3B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8139713D-DD73-454B-863C-2A82274329B2}" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{885B629F-E239-4486-885A-57B5C8D1F21E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8DCBDB91-5385-43EA-80D3-CCA19D4F8131}" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9A02062A-58D9-4FA5-BD3F-F8E8BDE77B56}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A7282EFA-EE27-47D8-AE52-C9CA8D664FA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A847A802-AC5C-4322-B458-77DF42BF2C07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3051700-B3EB-4FE5-B062-009888BDBAD0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6C7AF82-3A0C-4824-8DDB-3D3DAF51EFAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAECA4E5-8745-4AF6-8EEE-197F9FE82CEF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{CD046ADD-5DFC-4931-921C-C98AF49191C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD69561F-2A78-4F44-9D59-85DA06F70E05}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{CF67CF98-C018-468E-9A8C-0687B7F9C535}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DA4E93FB-798B-41F2-AD2B-3C09A836DC97}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DC2D7E2D-154C-4587-A905-7029C1C00B8A}" = protocol=17 | dir=in | app=c:\program files\aspmonitor\asmonitor.exe |
"{EBDCF5FC-02FD-44CE-B85B-2F0A3F2CCB1B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8CC7771-4B04-4BD9-BA64-02A002074B07}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F93C1656-9B39-407D-B77F-581282F3AF17}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{DA73036A-25F1-43E0-88ED-FE9625A3014B}C:\program files\wyzo\wyzo.exe" = protocol=6 | dir=in | app=c:\program files\wyzo\wyzo.exe |
"UDP Query User{74E8990E-8EC0-4389-A0D3-CF8A138EC66A}C:\program files\wyzo\wyzo.exe" = protocol=17 | dir=in | app=c:\program files\wyzo\wyzo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6E434AAA-24B3-8550-5EAB-4D7BF4AC5563}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AVG9Uninstall" = AVG Free 9.0
"Canon MP160 User Registration" = Canon MP160 User Registration
"CanonMyPrinter" = Canon My Printer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"doubleTwist" = doubleTwist
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"eMachines Screensaver" = eMachines ScreenSaver
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.10
"WildTangent emachines Master Uninstall" = eMachines Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Amazon Kindle For PC" = Amazon Kindle For PC
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/4/2011 4:02:30 PM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/4/2011 4:02:31 PM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/4/2011 4:03:23 PM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/4/2011 4:04:34 PM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/5/2011 1:55:50 AM | Computer Name = Adam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 8/5/2011 1:58:52 AM | Computer Name = Adam-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/5/2011 1:58:52 AM | Computer Name = Adam-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/5/2011 1:58:52 AM | Computer Name = Adam-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/5/2011 1:58:52 AM | Computer Name = Adam-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/5/2011 3:00:10 AM | Computer Name = Adam-Laptop | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 12/23/2011 5:41:19 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7030
Description =
 
Error - 12/23/2011 6:02:26 AM | Computer Name = Adam-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:00:08 AM on 12/23/2011 was unexpected.
 
Error - 12/23/2011 6:02:59 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12/23/2011 6:02:59 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7024
Description =
 
Error - 12/23/2011 6:02:59 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12/23/2011 6:03:24 AM | Computer Name = Adam-Laptop | Source = WMPNetworkSvc | ID = 866312
Description =
 
Error - 12/23/2011 6:03:24 AM | Computer Name = Adam-Laptop | Source = WMPNetworkSvc | ID = 866312
Description =
 
Error - 12/23/2011 6:28:31 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7034
Description =
 
Error - 12/23/2011 6:31:22 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7034
Description =
 
Error - 12/23/2011 6:34:12 AM | Computer Name = Adam-Laptop | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2829
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #22 on: December 24, 2011, 04:55:45 PM »
Hi Adam

The fix log is saved on your C: drive under OTL\Moved Files as date-some number.log.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2829
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #23 on: December 24, 2011, 05:04:14 PM »
Hi Adam

Now that we have cleaned some of the malware, let's try running ComboFix again, but we will uninstall it and install a clean copy first.

1.  Uninstall ComboFix as follows:  Copy the code in the code box below.

Code: [Select]

combofix /uninstall


Now click on start/run and paste the copied code into the input box.
Click OK.  Reboot your PC.


Please read carefully and follow these steps:

2.  Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: Combofix use

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

Close all open browsers.

3.  Disable all of your Anti-Virus, Anti-Spyware programs.  If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.  Don't forget Windows Defender.

3.  Double click combofix.exe.  For XP, if ComboFix offers to install a Recovery Console, you must permit it to do so. It is very dangerous to permit ComboFix to run unless the Recovery Console is installed.

When finished, it will produce a report for you at C:\ComboFix.txt.

As always please be sure Word Wrap is disabled in Notepad.  Also be sure to check that the data you posted was not cut off by the sites posting size limits.

Now please post the following to me as a reply to this post:
ComboFix.txt
Let me know how your computer is operating
If you have any questions or problems, let me know that as well

Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline adammedonca

  • Bronze Member
  • Posts: 51
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #24 on: December 24, 2011, 06:17:13 PM »
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2 removed from extensions.enabledItems
C:\f148fa03e70fcc8ffc56 folder moved successfully.
C:\Users\Adam\AppData\Local\BitTorrent\Cache folder moved successfully.
C:\Users\Adam\AppData\Local\BitTorrent folder moved successfully.
C:\Users\Adam\AppData\Local\882146l3n571m668j688e0tvj7p3 moved successfully.
C:\ProgramData\882146l3n571m668j688e0tvj7p3 moved successfully.
C:\Users\Adam\AppData\Local\354348l3b418t214o036d7iou8v8 moved successfully.
C:\ProgramData\xhjvql3i4yxp4ume2wny4f745o4j moved successfully.
C:\Users\Adam\AppData\Local\xhjvql3i4yxp4ume2wny4f745o4j moved successfully.
C:\ProgramData\354348l3b418t214o036d7iou8v8 moved successfully.
C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzPr moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\1kAlMiG2Kb7FzP moved successfully.
C:\Users\Adam\AppData\Local\5m3e31t8ygo2173 moved successfully.
C:\ProgramData\5m3e31t8ygo2173 moved successfully.
C:\Users\Adam\AppData\Local\8f2gvu11wnj076224dw377dm moved successfully.
C:\ProgramData\8f2gvu11wnj076224dw377dm moved successfully.
C:\Users\Adam\AppData\Roaming\BitTorrent\ie folder moved successfully.
C:\Users\Adam\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
C:\Users\Adam\AppData\Roaming\BitTorrent\apps folder moved successfully.
C:\Users\Adam\AppData\Roaming\BitTorrent folder moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== FILES ==========
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.31.0 log created on 12232011_203255

Offline adammedonca

  • Bronze Member
  • Posts: 51
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #25 on: December 24, 2011, 07:31:42 PM »
ComboFix 11-12-24.10 - Adam 12/24/2011  18:39:32.3.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2813.1884 [GMT -6:00]
Running from: c:\users\Adam\Desktop\ComboFix2.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam\AppData\Local\hti.exe
c:\users\Adam\AppData\Local\rwa.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-25 to 2011-12-25  )))))))))))))))))))))))))))))))
.
.
2011-12-25 01:11 . 2011-12-25 01:13   --------   d-----w-   c:\users\Adam\AppData\Local\temp
2011-12-25 01:11 . 2011-12-25 01:11   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-12-24 08:54 . 2011-12-25 00:21   --------   d-----w-   C:\ComboFix
2011-12-24 06:31 . 2011-12-24 06:31   --------   d-----w-   c:\programdata\WSTB
2011-12-24 06:21 . 2011-12-24 06:22   --------   d-----w-   c:\users\Adam\AppData\Roaming\Qeen
2011-12-24 06:21 . 2011-12-24 06:21   --------   d-----w-   c:\users\Adam\AppData\Roaming\Bux
2011-12-24 02:46 . 2011-11-21 10:47   6823496   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{38694C1F-7DA6-442D-B4BD-0CE03300DB04}\mpengine.dll
2011-12-24 02:32 . 2011-12-24 02:32   --------   d-----w-   C:\_OTL
2011-12-22 05:35 . 2011-12-22 05:35   --------   d-----w-   c:\program files\ESET
2011-12-18 08:59 . 2011-12-19 07:54   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-18 08:44 . 2011-12-19 05:31   --------   d-----w-   c:\users\Adam\Tracing
2011-12-04 00:53 . 2011-12-04 00:53   --------   d-----w-   c:\program files\Microsoft Silverlight
2011-12-04 00:41 . 2011-12-04 00:41   --------   d-----w-   c:\programdata\ATI
2011-12-04 00:05 . 2011-12-04 00:36   --------   d-----w-   c:\program files\ATI Technologies
2011-12-04 00:01 . 2010-02-11 03:20   212992   ----a-w-   c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-12-04 00:01 . 2011-12-04 00:01   --------   d-----w-   C:\ATI
2011-11-27 01:32 . 2011-11-27 01:32   --------   d-----w-   c:\users\Adam\AppData\Local\doubleTwist Corporation
2011-11-27 01:32 . 2011-11-27 01:32   --------   d-----w-   c:\program files\Common Files\doubleTwist
2011-11-27 01:32 . 2008-12-18 01:22   57344   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-11-27 01:32 . 2008-12-11 19:26   60273   ----a-w-   c:\windows\system32\pthreadGC2.dll
2011-11-27 01:32 . 2011-11-27 01:32   --------   d-----w-   c:\program files\ffdshow
2011-11-27 01:29 . 2011-11-27 01:32   --------   d-----w-   c:\program files\doubleTwist 2.0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 01:15 . 2011-06-15 14:00   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 20:29 . 2009-10-05 15:13   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-09-30 23:06 . 2011-10-13 22:46   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-13 22:46   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 22:46   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 22:46   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-13 22:46   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-13 22:46   385024   ----a-w-   c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-13 22:46   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 22:46   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-11-25 00:02 . 2011-11-05 23:14   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-12-24_09.35.36   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 01:58 . 2011-12-24 08:31   66502              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 01:58 . 2011-12-25 00:13   66502              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2011-12-25 00:13   85966              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-02 20:26 . 2011-12-25 00:13   19694              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1000265405-3506121479-2019536667-1000_UserData.bin
- 2010-01-07 22:04 . 2011-12-24 08:47   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-07 22:04 . 2011-12-25 00:26   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-07 22:04 . 2011-12-24 08:47   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-07 22:04 . 2011-12-25 00:26   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-07 22:04 . 2011-12-24 08:47   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-07 22:04 . 2011-12-25 00:26   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-24 08:46 . 2011-12-24 08:46   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-24 23:49 . 2011-12-25 00:26   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-24 23:49 . 2011-12-25 00:26   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-24 08:46 . 2011-12-24 08:46   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-02 20:08 . 2011-12-24 23:45   288428              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2011-12-24 08:53   606420              c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2011-12-25 00:33   606420              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2011-12-24 08:53   109032              c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2011-12-25 00:33   109032              c:\windows\System32\perfc009.dat
- 2009-07-02 20:28 . 2011-12-24 08:29   147456              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-02 20:28 . 2011-12-25 00:12   147456              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-02 20:28 . 2011-12-24 08:29   442368              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-02 20:28 . 2011-12-25 00:12   442368              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-12 06:35 . 2011-12-24 23:48   337404              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-12 06:35 . 2011-12-24 08:45   337404              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-02 20:28 . 2011-12-24 08:29   1933312              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-02 20:28 . 2011-12-25 00:12   1933312              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-07 06:59 . 2011-12-24 08:45   1686684              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1000265405-3506121479-2019536667-1000-12288.dat
+ 2011-07-07 06:59 . 2011-12-24 23:48   1686684              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1000265405-3506121479-2019536667-1000-12288.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 13:11   2471240   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MusicManager"="c:\users\Adam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-11-12 13222400]
"{B1C7904F-E9CF-2B27-6D36-253D706D39C3}"="c:\users\Adam\AppData\Roaming\Bux\ulfusa.exe" [2010-04-25 188928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-02-06 686624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-17 862728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59   937920   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02   37296   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2011-03-14 19:12   2071904   ----a-w-   c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30   1191936   ----a-w-   c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-08 03:28   136176   ----atw-   c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 06:24   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36   2793304   ----a-w-   c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 19:19   69632   ----a-w-   c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-27 02:50   15147400   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 06:14   155648   ----a-r-   c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 05:32   61440   ----a-w-   c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
R1 SASDIFSV;SASDIFSV;c:\users\Adam\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS

R1 SASKUTIL;SASKUTIL;c:\users\Adam\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-02-06 653856]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 6656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 23:13]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 23:13]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000265405-3506121479-2019536667-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 03:28]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000265405-3506121479-2019536667-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 03:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-24 19:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-24  19:28:46
ComboFix-quarantined-files.txt  2011-12-25 01:28
ComboFix2.txt  2011-12-24 09:52
.
Pre-Run: 117,023,784,960 bytes free
Post-Run: 117,006,528,512 bytes free
.
- - End Of File - - 1D32DCFF017E64658CE5972B7DC07C27

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2829
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #26 on: December 24, 2011, 09:19:49 PM »
Hi Adam

Great.  Now we're making progress.

1.  Disable all Anti-virus, Anti-spyware programs as instructed earlier.  Do not forget to re-enable them before you reply to this post.

2.  I'd like you to run ComboFix again with some changes.  Open Notepad, click on Format and be sure Word Wrap is NOT checked.  Then copy the text in the code box below and paste it into the Notepad window.  Now name this file CFScript.txt and save it to your Desktop.

Code: [Select]

KILLALL::

ClearJavaCache::

RegLock::

File::

Folder::

Registry::

Driver::

Firefox::
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

dirlook::
c:\programdata\WSTB

FCopy::

DDS::


2. Close all open browsers.



3. Referring to the picture above, drag CFScript.txt onto the ComboFix.exe icon.  ComboFix will run and produce a report.  This report will be saved at C:\ComboFix.txt.
Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.  Reboot your computer.

4.  Run aswMBR again.  Double click the aswMBR.exe.  It will open a command window and run.

5.  Click Scan.  When finished click save log.  Save it to your desktop as aswMBR.txt.


Remember to be sure Word Wrap is NOT turned on in any Notepad files you post and to be sure and check that all the data you entered was posted. 

Now please post the following to me as a reply to this post:
ComboFix.txt
aswMBR.txt
Let me know how your computer and both browsers are operating
If you have any other questions or problems, let me know that as well

Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline adammedonca

  • Bronze Member
  • Posts: 51
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #27 on: December 25, 2011, 06:59:19 PM »
ComboFix 11-12-24.10 - Adam 12/25/2011  17:05:19.4.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2813.1574 [GMT -6:00]
Running from: c:\users\Adam\Desktop\ComboFix2.exe
Command switches used :: c:\users\Adam\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-26 to 2011-12-26  )))))))))))))))))))))))))))))))
.
.
2011-12-26 00:00 . 2011-12-26 00:07   --------   d-----w-   c:\users\Adam\AppData\Local\temp
2011-12-26 00:00 . 2011-12-26 00:00   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-12-24 08:54 . 2011-12-25 00:21   --------   d-----w-   C:\ComboFix
2011-12-24 06:31 . 2011-12-24 06:31   --------   d-----w-   c:\programdata\WSTB
2011-12-24 06:21 . 2011-12-24 06:22   --------   d-----w-   c:\users\Adam\AppData\Roaming\Qeen
2011-12-24 06:21 . 2011-12-24 06:21   --------   d-----w-   c:\users\Adam\AppData\Roaming\Bux
2011-12-24 02:46 . 2011-11-21 10:47   6823496   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{38694C1F-7DA6-442D-B4BD-0CE03300DB04}\mpengine.dll
2011-12-24 02:32 . 2011-12-24 02:32   --------   d-----w-   C:\_OTL
2011-12-22 05:35 . 2011-12-22 05:35   --------   d-----w-   c:\program files\ESET
2011-12-18 08:59 . 2011-12-19 07:54   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-18 08:44 . 2011-12-19 05:31   --------   d-----w-   c:\users\Adam\Tracing
2011-12-04 00:53 . 2011-12-04 00:53   --------   d-----w-   c:\program files\Microsoft Silverlight
2011-12-04 00:41 . 2011-12-04 00:41   --------   d-----w-   c:\programdata\ATI
2011-12-04 00:05 . 2011-12-04 00:36   --------   d-----w-   c:\program files\ATI Technologies
2011-12-04 00:01 . 2010-02-11 03:20   212992   ----a-w-   c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-12-04 00:01 . 2011-12-04 00:01   --------   d-----w-   C:\ATI
2011-11-27 01:32 . 2011-11-27 01:32   --------   d-----w-   c:\users\Adam\AppData\Local\doubleTwist Corporation
2011-11-27 01:32 . 2011-11-27 01:32   --------   d-----w-   c:\program files\Common Files\doubleTwist
2011-11-27 01:32 . 2008-12-18 01:22   57344   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-11-27 01:32 . 2008-12-11 19:26   60273   ----a-w-   c:\windows\system32\pthreadGC2.dll
2011-11-27 01:32 . 2011-11-27 01:32   --------   d-----w-   c:\program files\ffdshow
2011-11-27 01:29 . 2011-11-27 01:32   --------   d-----w-   c:\program files\doubleTwist 2.0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 01:15 . 2011-06-15 14:00   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 20:29 . 2009-10-05 15:13   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-09-30 23:06 . 2011-10-13 22:46   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-13 22:46   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 22:46   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 22:46   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-13 22:46   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-13 22:46   385024   ----a-w-   c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-13 22:46   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 22:46   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-11-25 00:02 . 2011-11-05 23:14   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\WSTB ----
.
2011-12-19 15:25 . 2011-12-19 15:25   322941   ----a-w-   c:\programdata\WSTB\verosupd.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 13:11   2471240   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MusicManager"="c:\users\Adam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-11-12 13222400]
"{B1C7904F-E9CF-2B27-6D36-253D706D39C3}"="c:\users\Adam\AppData\Roaming\Bux\ulfusa.exe" [2010-04-25 188928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-02-06 686624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-17 862728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59   937920   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02   37296   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2011-03-14 19:12   2071904   ----a-w-   c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30   1191936   ----a-w-   c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-08 03:28   136176   ----atw-   c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 06:24   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36   2793304   ----a-w-   c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 19:19   69632   ----a-w-   c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-27 02:50   15147400   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 06:14   155648   ----a-r-   c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 05:32   61440   ----a-w-   c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 SASDIFSV;SASDIFSV;c:\users\Adam\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS

R1 SASKUTIL;SASKUTIL;c:\users\Adam\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-02-06 653856]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 6656]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 23:13]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 23:13]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000265405-3506121479-2019536667-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 03:28]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000265405-3506121479-2019536667-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 03:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 18:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3380)
c:\program files\eMachines\eMachines Power Management\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2011-12-25  18:40:37 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-26 00:39
ComboFix2.txt  2011-12-25 01:29
ComboFix3.txt  2011-12-24 09:52
.
Pre-Run: 113,865,797,632 bytes free
Post-Run: 113,918,308,352 bytes free
.
- - End Of File - - AFAA0572E0F95261B310DEDCB468958A



aswMBR still wont run

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2829
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #28 on: December 25, 2011, 07:15:34 PM »
Hi Adam
Have you tried right clicking on aswMBR and running as adminstrator?  Also how are your browsers and computer working?
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2829
Re: [In Progress] Redirected Searches, Delays in typing, System Slowed
« Reply #29 on: December 25, 2011, 07:42:00 PM »
Hi Adam

CF showed one very suspicious file I'd like you to check out.

1.  Please right click on the start menu and choose Open Windows Explorer.   Go to tools/folder options/view and click on Show Hidden Files .  Then uncheck Hide Protected Operating System Files and click OK.

Next go to JOTTI and click on Browse.  Then scroll down until you see Local Disk (C:) in the left pane and left click on it.  Click on programdata in the right pane and then click on WSTB and scroll down to verosupd.exe and click on it.  Next click submit file and record the "status."

2.  Now go to Virus Total, again click Browse and find the same.  Click Send File and click on View Last Report if it exists, else click on Analyse.   Record "Result"

Please read carefully and follow these steps:

3.  Download TDSSKiller and save it to your Desktop.  Be sure to disable all AV programs.   

4.  Doubleclick on TDSSKiller.exe to run the application. Now click Start Scan.

5.  Click on Change parameters and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click .

6.  If an infected file is detected, the default action will be Cure, click on Continue.  If a suspicious file is detected, the default action will be Skip, click on Continue.

Click on Reboot Now if you are asked to reboot the computer.

7.  If reboot is NOT required, click on Report.   Please copy that file.  If a reboot IS required, the report can also be found in your root directory (usually C:\ folder).   It's file name will take the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt]". Please copy that file.

Remember to be sure Word Wrap is NOT turned on in any Notepad files you post and to be sure and check that all the data you entered was posted. 

Now please post the following to me as a reply to this post:
Jotti Status
Virus Total Resut
TDSSKiller log
Let me know how your computer and both browsers are operating
If you have any other questions or problems, let me know that as well




Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte