Author Topic: [Resolved] Redirected Searches, Delays in typing, System Slowed (Read 4092 times)

adammedonca · « **on:** December 23, 2011, 01:12:32 AM »

My google searches are being redirected. The system seems to be running slower in general. I am running windows vista 32. I tried scanning with malware bytes and anti-spyware they find infections but after trying to remove them, the problem still persists. Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:08:56 AM, on 12/23/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Adam\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9101 bytes

Bear · « **Reply #1 on:** December 23, 2011, 01:18:28 AM »

Hello, welcome to SpywareHammer.

I go by Bear, and I will be helping you with your problem. I understand that having malware on your system is disruptive, annoying and can even be frightening. I also understand the urgency of getting your computer functioning again. Working as a team, you and I will be able to confront this problem and hopefully bring it to a successful conclusion. But you need to do a few things to help me understand your situation.

First, tell me everything and anything that you have already tried to fix this problem.

Second, tell me the symptoms that of infection that you are seeing in your computer and when you first notice them. If the symptoms were progressive, let me know that.

Third, please only use one forum to help resolve your problem. Posting on more than one forum or trying other things in between our procedures will confuse and lengthen the process and may even make a positive solution impossible.

Fourth, please follow my instructions exactly. If you cannot follow them or don't understand something, let me know immediately and do NOTHING until you hear from me. If for any reason you have deviated from my instructions, PLEASE let me know at once.

Fifth, Understand that malware gets into your computer system very easily but can be very, very difficult to remove. It could take a while and we may have to try several processes to fix the problem. So please "keep the faith". I will do all I can to get your computer operating properly, and if I can't fix it we have many very bright individuals here at SpywareHammer who will help us.

Sixth, do not send anything to me as an attachment unless I specifically ask for it. Please copy and paste all of your responses to me by replying to my post on this forum. If the response is too long (the forum has size limits), please send it in portions, sequentially.

Seventh let me know of any software you have running that encrypts your hard drive, such as Windows BitLocker or any others.

Eighth If your PC is set to automatically update, DISABLE, this function and do not update until we have disinfected your PC.

And lastly, before we do anything else, please back up you data, if possible on an external media such as DVD's, CD's, memory sticks or external hard drives.

I will analyze your data and post instructions back to you.

Bear · « **Reply #2 on:** December 23, 2011, 01:22:22 AM »

Hi Ad

If you have the Malwarbytes' or AV logs, please post them.

adammedonca · « **Reply #3 on:** December 23, 2011, 01:35:46 AM »

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122103

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19154

12/21/2011 3:10:04 AM
mbam-log-2011-12-21 (03-10-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 309892
Time elapsed: 1 hour(s), 11 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Adam\AppData\LocalLow\Sun\Java\deployment\cache\6.0\20\50890194-186e723d (Trojan.FakeAlert) -> Quarantined and deleted successfully.

SUPERANTISPYWARE:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/20/2011 at 10:07 PM

Application Version : 5.0.1142

Core Rules Database Version : 8064
Trace Rules Database Version: 5876

Scan type : Complete Scan
Total Scan Time : 01:06:58

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 315
Memory threats detected : 0
Registry items scanned : 36836
Registry threats detected : 0
File items scanned : 43197
File threats detected : 22

Adware.Tracking Cookie
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\N372FN4F.txt [ /at.atwola.com ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\2GTK9I0S.txt [ /pro-market.net ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\OUT5C9AX.txt [ /imrworldwide.com ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\MO79QRPM.txt [ /legolas-media.com ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\1B5YSABZ.txt [ /adbrite.com ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\JCE0JPIQ.txt [ /r1-ads.ace.advertising.com ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\CXY230BO.txt [ /yieldmanager.net ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\W9F647VG.txt [ /atdmt.com ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\A4RDMHDU.txt [ /casalemedia.com ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\Z5TESMAO.txt [ /lucidmedia.com ]
   C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Cookies\A4M0LO0Q.txt [ /invitemedia.com ]
   C:\USERS\ADAM\Cookies\N372FN4F.txt [ Cookie:adam@at.atwola.com/ ]
   C:\USERS\ADAM\Cookies\2GTK9I0S.txt [ Cookie:adam@pro-market.net/ ]
   C:\USERS\ADAM\Cookies\OUT5C9AX.txt [ Cookie:adam@imrworldwide.com/cgi-bin ]
   C:\USERS\ADAM\Cookies\1B5YSABZ.txt [ Cookie:adam@adbrite.com/ ]
   C:\USERS\ADAM\Cookies\JCE0JPIQ.txt [ Cookie:adam@r1-ads.ace.advertising.com/ ]
   C:\USERS\ADAM\Cookies\CXY230BO.txt [ Cookie:adam@yieldmanager.net/ ]
   C:\USERS\ADAM\Cookies\W9F647VG.txt [ Cookie:adam@atdmt.com/ ]
   C:\USERS\ADAM\Cookies\A4RDMHDU.txt [ Cookie:adam@casalemedia.com/ ]
   C:\USERS\ADAM\Cookies\Z5TESMAO.txt [ Cookie:adam@lucidmedia.com/ ]
   C:\USERS\ADAM\Cookies\A4M0LO0Q.txt [ Cookie:adam@invitemedia.com/ ]
   cdn.tremormedia.com [ C:\USERS\ADAM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UL84VLHB ]

Bear · « **Reply #4 on:** December 23, 2011, 01:56:49 AM »

Hi Adam

You definitely have some malware but it is well hidden from HJT. MBAM found something but it wasn't the root cause of the problem. SAS found only some tracking cookies. Let's take a look at data from DDS before we go to more intrusive programs.

Download DDS by sUBs here DDS and save it to your desktop. If for any reason your PC will not allow you to save the file as DDS, rename it to Stop.scr.

Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running.

Notepad will open with the results, there will be two files, be patient.

Please always check to be sure Word Wrap is NOT turned on in any Notepad files you post. This is done by opening the Notepad file and clicking on Format to be sure Word Wrap is not checked.

Note: This site has size limits on posts. Please be sure to check that all the data you entered was posted. If not, use multiple posts.

Now please post the following to me as a reply to this post:
DDS.txt
Attach.txt
If you have any questions or problems, let me know that as well

adammedonca · « **Reply #5 on:** December 23, 2011, 02:17:08 AM »

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_22
Run by Adam at 2:00:09 on 2011-12-23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.2157 [GMT -6:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MusicManager] "c:\users\adam\appdata\local\programs\google\musicmanager\MusicManager.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Acer ePower Management] c:\program files\emachines\emachines power management\ePowerTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{2101CE1F-0A44-4E44-8EFD-28571E6AB6DF} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A10656B4-E2CC-4A15-8CD9-91DF8C2437F2} : DhcpNameServer = 10.12.1.5
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL, avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\jjlrltwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\adam\appdata\roaming\mozilla\firefox\profiles\jjlrltwk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\adam\appdata\roaming\mozilla\firefox\profiles\jjlrltwk.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\adam\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\adam\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\adam\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-2 243152]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-3-10 49664]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-2 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-2 29584]
S1 SASDIFSV;SASDIFSV;c:\users\adam\appdata\local\temp\sas_selfextract\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\users\adam\appdata\local\temp\sas_selfextract\saskutil.sys [2011-7-12 67664]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ePowerSvc;Acer ePower Service;c:\program files\emachines\emachines power management\ePowerSvc.exe [2009-3-10 653856]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-2 136176]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-17 94880]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 947528]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-2 136176]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-23 06:56:24   56200   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{e721f809-73e4-412c-af8a-69f57e0ae156}\offreg.dll
2011-12-22 05:35:09   --------   d-----w-   c:\program files\ESET
2011-12-22 05:33:11   6823496   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{e721f809-73e4-412c-af8a-69f57e0ae156}\mpengine.dll
2011-12-20 23:46:56   --------   d-----w-   C:\f148fa03e70fcc8ffc56
2011-12-18 08:59:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-18 08:44:47   --------   d-----w-   c:\users\adam\Tracing
2011-12-04 00:05:56   --------   d-----w-   c:\program files\ATI Technologies
2011-12-04 00:01:36   212992   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-12-04 00:01:08   --------   d-----w-   C:\ATI
2011-11-27 01:32:49   --------   d-----w-   c:\users\adam\appdata\local\doubleTwist Corporation
2011-11-27 01:32:31   --------   d-----w-   c:\program files\common files\doubleTwist
2011-11-27 01:32:26   57344   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-11-27 01:32:25   60273   ----a-w-   c:\windows\system32\pthreadGC2.dll
2011-11-27 01:32:23   --------   d-----w-   c:\program files\ffdshow
2011-11-27 01:29:18   --------   d-----w-   c:\program files\doubleTwist 2.0
2011-11-26 22:30:38   --------   d-----w-   c:\users\adam\appdata\local\BitTorrent
2011-11-24 23:08:03   --------   d-----w-   c:\program files\iPod
2011-11-24 22:59:44   --------   d-----w-   c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-12-04 01:15:49   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 20:29:56   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-09-30 23:06:24   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-09-30 23:02:06   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-09-30 23:01:34   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25   385024   ----a-w-   c:\windows\system32\html.iec
2011-09-30 21:29:54   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
.
============= FINISH: 2:08:12.21 ===============

adammedonca · « **Reply #6 on:** December 23, 2011, 02:25:10 AM »

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 5/8/2009 12:01:35 AM
System Uptime: 12/23/2011 12:54:55 AM (2 hours ago)
.
Motherboard: eMachines | | HM50-YK
Processor: AMD Athlon(tm) Processor TF-20 | Socket M2/S1G1 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 108.797 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ACD/Labs Software in C:\Program Files\ACDFREE12\
Acrobat.com
Adobe AIR
Adobe Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.5
Amazon Kindle For PC
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI - Software Uninstall Utility
ATI Catalyst Install Manager
AVG Free 9.0
Bonjour
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Compatibility Pack for the 2007 Office system
doubleTwist
Download Updater (AOL LLC)
Easy-WebPrint
eMachines Games
eMachines Power Management
eMachines Recovery Management
eMachines ScreenSaver
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19]
GIMP 2.6.11
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InterVideo WinDVD 8
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Launch Manager
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SiteAdvisor
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skins
Skype Toolbars
Skype™ 5.3
Synaptics Pointing Device Driver
The Sims 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.10
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
12/23/2011 2:08:00 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/23/2011 12:57:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ahcix86s AvgLdx86 AvgMfx86 SASDIFSV SASKUTIL spldr Wanarpv6
12/23/2011 12:57:14 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/23/2011 12:57:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/23/2011 12:56:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/23/2011 12:56:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/23/2011 12:51:40 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/23/2011 12:49:08 AM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866~31bf3856ad364e35~x86~~6.0.53.0 () into Installed(Installed) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866_client~31bf3856ad364e35~x86~~6.0.54.0 () into Resolved(Resolved) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866_client~31bf3856ad364e35~x86~~6.0.53.0 () into Installed(Installed) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866_client_2~31bf3856ad364e35~x86~~6.0.54.0 () into Resolved(Resolved) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866_client_2~31bf3856ad364e35~x86~~6.0.53.0 () into Installed(Installed) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2639417_client~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2639417_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633952_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633952_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633171_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633171_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2620712_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2620712_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2619339_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2619339_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2618444_ie8~31bf3856ad364e35~x86~~8.0.1.2 () into Staged(Staged) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2618444_ie8_0~31bf3856ad364e35~x86~~8.0.1.2 () into Staged(Staged) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_9_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2570791~31bf3856ad364e35~x86~~6.0.1.1 () into Installed(Installed) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Installed(Installed) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Installed(Installed) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_42_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_41_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633171~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_39_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_38_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_36_for_KB2570791~31bf3856ad364e35~x86~~6.0.1.1 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2633171~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2556532~31bf3856ad364e35~x86~~6.0.1.2 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_188_for_KB981793~31bf3856ad364e35~x86~~6.0.1.1 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_188_for_KB979306~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_188_for_KB976098~31bf3856ad364e35~x86~~6.0.1.1 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_188_for_KB970653~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_188_for_KB2443685~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_188_for_KB2158563~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_159_for_KB981793~31bf3856ad364e35~x86~~6.0.1.1 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_159_for_KB979306~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_159_for_KB976098~31bf3856ad364e35~x86~~6.0.1.1 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_159_for_KB970653~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_159_for_KB2443685~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_159_for_KB2158563~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.54.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.53.0 () into Installed(Installed) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2639417~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2633171~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2620712~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2619339~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2618444~31bf3856ad364e35~x86~~8.0.1.2 () into Staged(Staged) state
12/23/2011 12:48:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2556532~31bf3856ad364e35~x86~~6.0.1.2 () into Installed(Installed) state
12/23/2011 12:48:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2619339~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2639417~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
12/23/2011 12:48:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB905866~31bf3856ad364e35~x86~~6.0.54.0 () into Resolved(Resolved) state
12/23/2011 12:48:15 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2620712~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633952~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
12/23/2011 12:48:12 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2618444~31bf3856ad364e35~x86~~8.0.1.2 () into Staged(Staged) state
12/23/2011 12:46:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ahcix86s
12/23/2011 12:46:21 AM, Error: Service Control Manager [7024] - The AVG Free WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
12/23/2011 12:46:21 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/23/2011 1:05:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/23/2011 1:02:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
12/21/2011 9:55:10 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
12/21/2011 10:02:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ahcix86s AvgLdx86 AvgMfx86 spldr Wanarpv6
12/21/2011 10:02:03 PM, Error: EventLog [6008] - The previous system shutdown at 9:59:36 PM on 12/21/2011 was unexpected.
12/21/2011 1:50:56 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.    Signatures Attempted: Current    Error Code: 0x8050a001    Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.     Signatures loading: Backup    Loading signature version: 1.117.692.0    Loading engine version: 1.1.7903.0
12/21/2011 1:12:28 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
12/21/2011 1:11:14 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/21/2011 1:11:14 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/21/2011 1:11:14 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/21/2011 1:10:20 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MP160 Printer with shared resource name Canon MP160 Printer. Error 1753. The printer cannot be used by others on the network.
12/21/2011 1:02:06 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
12/20/2011 8:56:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:54:35 PM on 12/20/2011 was unexpected.
12/20/2011 6:22:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 6:13:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/20/2011 6:13:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/20/2011 6:12:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ahcix86s AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 6:12:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 6:11:31 PM, Error: EventLog [6008] - The previous system shutdown at 6:08:03 PM on 12/20/2011 was unexpected.
12/20/2011 6:06:59 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/20/2011 6:05:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/20/2011 6:05:03 PM, Error: EventLog [6008] - The previous system shutdown at 5:58:20 PM on 12/20/2011 was unexpected.
12/20/2011 2:25:53 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 2:25:01 AM, Error: EventLog [6008] - The previous system shutdown at 2:21:47 AM on 12/20/2011 was unexpected.
12/20/2011 2:14:47 AM, Error: EventLog [6008] - The previous system shutdown at 3:11:28 AM on 12/19/2011 was unexpected.
12/19/2011 12:53:08 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 00242C7C69EC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/19/2011 12:25:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows Mail Junk E-mail Filter [December 2011] (KB905866).
12/19/2011 12:25:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2639417).
12/19/2011 12:25:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2633171).
12/19/2011 12:25:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2619339).
12/19/2011 12:13:04 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.    Signatures Attempted: Current    Error Code: 0x8050a001    Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.     Signatures loading: Backup    Loading signature version: 1.117.692.0    Loading engine version: 1.1.7903.0
12/19/2011 12:09:02 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2633171 (Security Update) into Staging(Staging) state
12/19/2011 12:09:02 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2633171 (Security Update) into Resolved(Resolved) state
12/19/2011 12:08:58 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-6_neutral_GDR from package KB2633171(Security Update) into Staging(Staging) state
12/19/2011 12:08:58 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-5_neutral_LDR from package KB2633171(Security Update) into Staging(Staging) state
12/19/2011 12:08:58 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-4_neutral_LDR from package KB2633171(Security Update) into Staging(Staging) state
12/19/2011 12:08:58 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-3_neutral_GDR from package KB2633171(Security Update) into Staging(Staging) state
12/19/2011 12:08:58 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-2_neutral_LDR from package KB2633171(Security Update) into Staging(Staging) state
12/19/2011 12:08:58 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-1_neutral_LDR from package KB2633171(Security Update) into Staging(Staging) state
12/19/2011 12:08:44 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2619339 (Security Update) into Staging(Staging) state
12/19/2011 12:08:44 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2619339 (Security Update) into Resolved(Resolved) state
12/19/2011 12:08:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2619339-2_neutral_GDR from package KB2619339(Security Update) into Staging(Staging) state
12/19/2011 12:08:39 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2619339-1_neutral_LDR from package KB2619339(Security Update) into Staging(Staging) state
12/19/2011 12:08:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2639417 (Security Update) into Staging(Staging) state
12/19/2011 12:08:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2639417 (Security Update) into Resolved(Resolved) state
12/19/2011 12:08:24 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2639417-2_neutral_GDR from package KB2639417(Security Update) into Staging(Staging) state
12/19/2011 12:08:24 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2639417-1_neutral_LDR from package KB2639417(Security Update) into Staging(Staging) state
12/19/2011 12:08:07 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Staging(Staging) state
12/19/2011 12:08:07 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Resolved(Resolved) state
12/19/2011 12:08:07 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Installed(Installed) state
12/19/2011 12:07:56 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 905866-2_neutral_GDR from package KB905866(Update) into Staging(Staging) state
12/19/2011 12:07:56 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 905866-1_neutral_LDR from package KB905866(Update) into Staging(Staging) state
12/19/2011 1:14:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 00242C7C69EC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/18/2011 4:13:49 PM, Error: EventLog [6008] - The previous system shutdown at 4:12:19 PM on 12/18/2011 was unexpected.
12/18/2011 4:10:18 PM, Error: EventLog [6008] - The previous system shutdown at 4:08:24 PM on 12/18/2011 was unexpected.
12/18/2011 3:59:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 00242C7C69EC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/18/2011 3:59:17 PM, Error: EventLog [6008] - The previous system shutdown at 3:22:55 AM on 12/18/2011 was unexpected.
12/18/2011 3:58:22 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
12/18/2011 2:58:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ahcix86s AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
12/18/2011 2:26:04 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/18/2011 2:09:26 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/18/2011 2:09:26 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
12/18/2011 2:08:40 AM, Error: EventLog [6008] - The previous system shutdown at 2:06:43 AM on 12/18/2011 was unexpected.
12/18/2011 11:27:46 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/17/2011 8:27:08 PM, Error: EventLog [6008] - The previous system shutdown at 8:26:00 PM on 12/17/2011 was unexpected.
12/17/2011 8:02:59 PM, Error: EventLog [6008] - The previous system shutdown at 8:00:59 PM on 12/17/2011 was unexpected.
12/17/2011 7:46:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows Mail Junk E-mail Filter [December 2011] (KB905866).
12/17/2011 7:46:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2639417).
12/17/2011 7:46:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2633171).
12/17/2011 7:46:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2620712).
12/17/2011 7:46:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2619339).
12/17/2011 7:33:51 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2620712_client~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
12/17/2011 7:33:51 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2620712_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
12/17/2011 7:33:51 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2620712~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
12/17/2011 7:33:43 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2620712~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
12/17/2011 2:48:34 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
12/17/2011 12:08:42 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAPHNE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2101CE1F-0A44-4E44-8EFD-28571E6A. The master browser is stopping or an election is being forced.
12/16/2011 6:43:57 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.    Signatures Attempted: Current    Error Code: 0x8050a001    Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.     Signatures loading: Backup    Loading signature version: 1.117.692.0    Loading engine version: 1.1.7903.0
12/16/2011 6:25:27 PM, Error: EventLog [6008] - The previous system shutdown at 6:22:13 PM on 12/16/2011 was unexpected.
.
==== End Of File ===========================

Bear · « **Reply #7 on:** December 23, 2011, 02:34:33 AM »

Hi Adam

It looks like you tried to update Windows and it failed. Be sure to disable auto update and do not try to update Windows until we get your PC clean again.

OK now for some more powerful tools.

Please read carefully and follow these steps:

1. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: Combofix use

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

Close all open browsers.

2. Disable all of your Anti-Virus, Anti-Spyware programs. If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

3. Double click combofix.exe. For XP, if ComboFix offers to install a Recovery Console, you must permit it to do so. It is very dangerous to permit ComboFix to run unless the Recovery Console is installed.

When finished, it will produce a report for you at C:\ComboFix.txt.

As always please be sure Word Wrap is disabled in Notepad. Also be sure to check that the data you posted was not cut off by the sites posting size limits.

Now please post the following to me as a reply to this post:
ComboFix.txt
Let me know how your computer is operating
If you have any questions or problems, let me know that as well

adammedonca · « **Reply #8 on:** December 23, 2011, 04:08:15 AM »

combofix said it detected a rootkit and needed to reboot the computer. I let it do so. It went through 50 or so stages, and then said it was creating a log file. But, I then got a blue screen saying an error occured and something about kernal memory dump. the computer restarted. I selected start windows normally. I dont see a log file, if there is one. The redirects are still happening

Bear · « **Reply #9 on:** December 23, 2011, 04:13:14 AM »

Hi Adam

Do you have a C:\ComboFix.txt file?

adammedonca · « **Reply #10 on:** December 23, 2011, 04:18:06 AM »

Yes. Here is its contents:

ComboFix 11-12-22.04 - Adam 12/23/2011 3:23:04.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1761 [GMT -6:00]
Running from: C:\Users\Adam\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

also, i just noticed another internet explorer icon has appeared on my desktop. i didn't put it there.

Bear · « **Reply #11 on:** December 23, 2011, 04:26:24 AM »

Hi Adam

Are you sure all your anti-virus and anti-spyware programs were disabled?

adammedonca · « **Reply #12 on:** December 23, 2011, 04:29:10 AM »

i thought so... I didnt see them running.

Bear · « **Reply #13 on:** December 23, 2011, 04:31:55 AM »

Hi Adam

If you are sure they were disable then it does not look like CF ran and it does look like you have a rootkit. I am on pacific time and it is 2:30 AM now, so going to bed. Will continue tomorrow.

1. Download OTL from any of the following links and save to your Desktop.
OTL1
OTL2
OTL3

Rename the program google.exe.

2. Disable all of your Anti-Virus, Anti-Spyware programs. If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

3. Double click on the google.exe icon to run it (Vista and Windows 7 users right click and select Run as Administrator). Make sure all other windows are closed and to let it run uninterrupted.

4. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked. Copy the code in the code box below and paste it into the Custom Scan box .

Code: [Select]

 netsvcs
drivers32
CREATERESTOREPOINT

5. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

6. Download aswMBR and save it to your desktop. Double click the aswMBR.exe. It will open a command window and run.

7. Click Scan. When finished click save log. Save it to your desktop as aswMBR.txt.

As always please check to be sure Word Wrap is NOT turned on in any Notepad files you post and please be sure to check that all the data you entered was posted. If not, use multiple posts.

Now please post the following to me as a reply to this post:
OTL.txt
Extras.txt
aswMBR.txt
Let me know how your computer and browser are operating
If you have any other questions or problems, let me know that as well

adammedonca · « **Reply #14 on:** December 23, 2011, 04:50:56 AM »

OTL logfile created on: 12/23/2011 4:37:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 62.87% Memory free
5.71 Gb Paging File | 4.71 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.88 Gb Total Space | 106.12 Gb Free Space | 48.26% Space Free | Partition Type: NTFS

Computer Name: ADAM-LAPTOP | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 04:35:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\google.exe
PRC - [2011/12/23 04:03:57 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Adam\AppData\Local\temp\RtkBtMnt.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 13:07:08 | 000,686,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
PRC - [2009/02/06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
PRC - [2009/01/17 01:50:58 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2010/02/10 23:30:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2003/06/06 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/26 00:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011/03/18 07:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/15 08:39:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/07/27 12:48:16 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2011/05/05 10:18:11 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 08:38:46 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 11:22:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/11 01:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/10/07 02:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009/10/07 02:47:55 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 21:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/01/14 21:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/01/03 18:42:00 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/11/03 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 07:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0509&m=e625

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/11/05 15:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/11/05 15:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 22:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/24 18:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/05 15:22:00 | 000,000,000 | ---D | M]

[2009/07/02 13:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2011/12/03 19:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\extensions
[2011/12/21 01:47:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/21 01:47:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jjlrltwk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/18 02:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 15:21:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 22:03:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/24 18:02:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/21 19:34:13 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/24 18:02:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/23 03:59:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2101CE1F-0A44-4E44-8EFD-28571E6AB6DF}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A10656B4-E2CC-4A15-8CD9-91DF8C2437F2}: DhcpNameServer = 10.12.1.5
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Adam\Desktop\Pictures\2009-07-02 alaska\alaska 176.JPG
O24 - Desktop BackupWallPaper: C:\Users\Adam\Desktop\Pictures\2009-07-02 alaska\alaska 176.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 04:38:53 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
[2011/12/23 04:35:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\google.exe
[2011/12/23 04:02:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/23 03:58:58 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\temp
[2011/12/23 03:58:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/23 02:51:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/23 02:51:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/23 02:51:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/23 02:50:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/23 02:50:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/23 02:49:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/23 02:46:31 | 004,348,814 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
[2011/12/23 02:08:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\stop.scr
[2011/12/23 02:00:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\dds.scr
[2011/12/23 01:06:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Adam\Desktop\HijackThis.exe
[2011/12/22 02:53:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/21 23:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/21 21:58:08 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\secretthing.com
[2011/12/21 01:17:14 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\Subscriptions
[2011/12/20 17:46:56 | 000,000,000 | ---D | C] -- C:\f148fa03e70fcc8ffc56
[2011/12/18 22:02:12 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Shared Music
[2011/12/18 02:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/18 02:44:47 | 000,000,000 | ---D | C] -- C:\Users\Adam\Tracing
[2011/12/17 01:53:57 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\xmvb x
[2011/12/03 19:08:18 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/03 18:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/03 18:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/03 18:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/03 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/12/03 18:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/03 18:01:08 | 000,000,000 | ---D | C] -- C:\ATI
[2011/11/26 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\doubleTwist Corporation
[2011/11/26 19:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist
[2011/11/26 19:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\doubleTwist
[2011/11/26 19:32:25 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2011/11/26 19:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2011/11/26 19:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0
[2011/11/26 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\BitTorrent
[2011/11/24 17:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/24 17:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/24 16:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/24 16:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

========== Files - Modified Within 30 Days ==========

[2011/12/23 04:38:59 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
[2011/12/23 04:35:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\google.exe
[2011/12/23 04:28:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 04:09:10 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/23 04:09:10 | 000,109,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/23 04:02:59 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 04:02:56 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 04:02:43 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 04:02:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 04:01:32 | 2950,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 04:01:30 | 280,858,724 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/23 03:59:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/23 03:48:21 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1000265405-3506121479-2019536667-1000UA.job
[2011/12/23 02:46:37 | 004,348,814 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
[2011/12/23 02:08:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\stop.scr
[2011/12/23 02:00:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\dds.scr
[2011/12/23 01:06:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Adam\Desktop\HijackThis.exe
[2011/12/23 01:06:34 | 001,402,880 | ---- | M] () -- C:\Users\Adam\Desktop\HiJackThis.msi
[2011/12/21 21:58:51 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\secretthing.com
[2011/12/20 18:16:34 | 001,008,141 | ---- | M] () -- C:\Users\Adam\Desktop\iExplore.exe
[2011/12/20 18:13:49 | 000,010,460 | -HS- | M] () -- C:\Users\Adam\AppData\Local\882146l3n571m668j688e0tvj7p3
[2011/12/20 18:13:49 | 000,010,460 | -HS- | M] () -- C:\ProgramData\882146l3n571m668j688e0tvj7p3
[2011/12/20 17:48:59 | 002,349,842 | ---- | M] () -- C:\Users\Adam\Desktop\Video 17.wmv
[2011/12/18 16:11:06 | 000,010,722 | -HS- | M] () -- C:\Users\Adam\AppData\Local\354348l3b418t214o036d7iou8v8
[2011/12/18 16:11:06 | 000,010,722 | -HS- | M] () -- C:\ProgramData\354348l3b418t214o036d7iou8v8
[2011/12/17 20:27:58 | 000,009,254 | -HS- | M] () -- C:\Users\Adam\AppData\Local\xhjvql3i4yxp4ume2wny4f745o4j
[2011/12/17 20:27:58 | 000,009,254 | -HS- | M] () -- C:\ProgramData\xhjvql3i4yxp4ume2wny4f745o4j
[2011/12/17 20:16:29 | 000,001,356 | ---- | M] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2011/12/17 02:01:53 | 001,557,791 | ---- | M] () -- C:\Users\Adam\Desktop\tdsskiller.zip
[2011/12/15 22:36:21 | 014,054,394 | ---- | M] () -- C:\Users\Adam\Desktop\Video 7.wmv
[2011/12/15 22:32:09 | 009,790,148 | ---- | M] () -- C:\Users\Adam\Desktop\Video 6.wmv
[2011/12/09 20:48:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1000265405-3506121479-2019536667-1000Core.job
[2011/12/08 18:40:31 | 000,024,064 | ---- | M] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 19:45:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/12/04 19:11:42 | 000,002,609 | ---- | M] () -- C:\Users\Adam\Desktop\Microsoft Office Word 2003.lnk
[2011/12/04 18:51:52 | 000,350,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/03 19:08:23 | 000,002,039 | ---- | M] () -- C:\Users\Adam\Desktop\Google Chrome.lnk
[2011/11/26 19:32:31 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2011/11/24 17:09:58 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/12/23 03:16:57 | 2950,787,072 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/23 02:51:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/23 02:51:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/23 02:51:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/23 02:51:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/23 02:51:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/23 01:06:33 | 001,402,880 | ---- | C] () -- C:\Users\Adam\Desktop\HiJackThis.msi
[2011/12/21 01:53:17 | 001,008,141 | ---- | C] () -- C:\Users\Adam\Desktop\iExplore.exe
[2011/12/20 17:54:51 | 000,010,460 | -HS- | C] () -- C:\Users\Adam\AppData\Local\882146l3n571m668j688e0tvj7p3
[2011/12/20 17:54:51 | 000,010,460 | -HS- | C] () -- C:\ProgramData\882146l3n571m668j688e0tvj7p3
[2011/12/20 17:47:29 | 002,349,842 | ---- | C] () -- C:\Users\Adam\Desktop\Video 17.wmv
[2011/12/18 03:18:39 | 000,010,722 | -HS- | C] () -- C:\ProgramData\354348l3b418t214o036d7iou8v8
[2011/12/18 03:18:38 | 000,010,722 | -HS- | C] () -- C:\Users\Adam\AppData\Local\354348l3b418t214o036d7iou8v8
[2011/12/17 20:16:47 | 000,009,254 | -HS- | C] () -- C:\Users\Adam\AppData\Local\xhjvql3i4yxp4ume2wny4f745o4j
[2011/12/17 20:16:47 | 000,009,254 | -HS- | C] () -- C:\ProgramData\xhjvql3i4yxp4ume2wny4f745o4j
[2011/12/17 01:53:00 | 001,557,791 | ---- | C] () -- C:\Users\Adam\Desktop\tdsskiller.zip
[2011/12/15 22:33:32 | 014,054,394 | ---- | C] () -- C:\Users\Adam\Desktop\Video 7.wmv
[2011/12/15 22:30:03 | 009,790,148 | ---- | C] () -- C:\Users\Adam\Desktop\Video 6.wmv
[2011/12/03 19:08:23 | 000,002,039 | ---- | C] () -- C:\Users\Adam\Desktop\Google Chrome.lnk
[2011/11/26 19:32:31 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2011/11/26 19:32:26 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/11/24 17:09:58 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/05 14:40:03 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/05 14:40:02 | 000,000,312 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/04 22:29:48 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/11/04 16:57:51 | 000,000,200 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/11/04 16:57:50 | 000,000,296 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/11/04 16:57:46 | 000,000,448 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/07/06 23:35:17 | 000,011,298 | -HS- | C] () -- C:\Users\Adam\AppData\Local\5m3e31t8ygo2173
[2011/07/06 23:35:17 | 000,011,298 | -HS- | C] () -- C:\ProgramData\5m3e31t8ygo2173
[2011/06/16 11:36:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/05 16:44:17 | 000,008,786 | -HS- | C] () -- C:\Users\Adam\AppData\Local\8f2gvu11wnj076224dw377dm
[2011/06/05 16:44:17 | 000,008,786 | -HS- | C] () -- C:\ProgramData\8f2gvu11wnj076224dw377dm
[2011/05/08 19:36:58 | 000,004,096 | ---- | C] () -- C:\Users\Adam\AppData\Local\keyfile3.drm
[2010/04/06 19:31:49 | 000,153,316 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/03/30 21:48:33 | 000,001,356 | ---- | C] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2010/02/10 23:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/10 20:59:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/19 15:32:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/19 15:32:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/11 10:17:20 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\prvlcl.dat
[2009/08/08 17:10:21 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/02 18:52:41 | 000,024,064 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 17:40:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/02 13:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/07 23:02:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/23 16:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/03/10 15:36:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/03/10 15:36:37 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/03/10 15:36:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/03/10 15:36:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/03/10 14:26:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 000,350,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,109,616 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== LOP Check ==========

[2010/06/27 17:22:51 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\acccore
[2010/08/30 08:10:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Advanced Chemistry Development
[2010/06/27 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Amazon
[2011/12/21 01:47:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Azureus
[2011/12/21 01:47:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\BitTorrent
[2011/11/05 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Canon
[2011/12/21 01:47:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0
[2010/10/24 13:18:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\InterVideo
[2011/05/29 10:56:22 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/08/08 17:10:05 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ScanSoft
[2011/12/23 00:52:48 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

News:

Author Topic: [Resolved] Redirected Searches, Delays in typing, System Slowed (Read 4092 times)

adammedonca

[Resolved] Redirected Searches, Delays in typing, System Slowed

Bear

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

Bear

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

adammedonca

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

Bear

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

adammedonca

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

adammedonca

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

Bear

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

adammedonca

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

Bear

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

adammedonca

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

Bear

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

adammedonca

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

Bear

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed

adammedonca

Re: [In Progress] Redirected Searches, Delays in typing, System Slowed