[Resolved K] Welcome to NGINX

[TomG]

System is running slow and I keep getting the "Welcome To NGINX" message
Please help.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_20
Run by Tom at 16:06:55 on 2012-05-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2463 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
. .
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=80ca956900000000000048022af81d5c
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: aol.com\free
Trusted Zone: freewebs.com\link.members
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B4A938AF-44A1-4A4E-98BE-10497194940A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D0DF0C26-CFFE-435D-AE06-688B028F47DA} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64:     0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64:     HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64:     HP Smart BHO Class - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=80ca956900000000000048022af81d5c&q=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 80ca956900000000000048022af81d5c
FF - user.js: extensions.BabylonToolbar_i.hardId - 80ca956900000000000048022af81d5c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15458
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:36:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-6 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-19 689472]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 129976]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-12 19:29:17   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6395539-6BD4-4CB6-BFFE-B3E17BF91E9C}\offreg.dll
2012-05-12 19:27:57   8917360   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6395539-6BD4-4CB6-BFFE-B3E17BF91E9C}\mpengine.dll
2012-05-11 23:51:55   388096   ----a-r-   C:\Users\Tom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-11 23:51:55   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-05-11 21:37:40   --------   d-----w-   C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
2012-05-11 21:37:09   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-05-11 21:37:09   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-05-09 18:19:41   --------   d-sh--w-   C:\Windows\SysWow64\%APPDATA%
2012-05-09 11:52:49   1544704   ----a-w-   C:\Windows\System32\DWrite.dll
2012-05-09 11:52:49   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-05-09 11:52:45   5559664   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-05-09 11:52:43   3146240   ----a-w-   C:\Windows\System32\win32k.sys
2012-05-09 11:52:42   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 11:52:42   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 11:46:14   75120   ----a-w-   C:\Windows\System32\drivers\partmgr.sys
2012-05-09 11:45:25   1918320   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2012-05-09 11:45:20   1732096   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 11:45:19   936960   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 11:45:19   1367552   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 11:45:18   1402880   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 11:45:18   1393664   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-06 20:47:38   --------   d-----w-   C:\ProgramData\Spybot - Search & Destroy
2012-05-06 20:47:38   --------   d-----w-   C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-06 20:32:29   --------   d-----w-   C:\Users\Tom\AppData\Local\adaware
2012-05-06 20:32:20   94296   ----a-w-   C:\Windows\System32\drivers\sbtis.sys
2012-05-06 20:32:20   60504   ----a-w-   C:\Windows\System32\drivers\sbhips.sys
2012-05-06 20:32:13   84568   ----a-w-   C:\Windows\System32\drivers\SbFwIm.sys
2012-05-06 20:32:13   253528   ----a-w-   C:\Windows\System32\drivers\SbFw.sys
2012-05-06 20:31:55   --------   d-----w-   C:\Users\Tom\AppData\Local\adawarebp
2012-05-06 20:31:54   --------   d-----w-   C:\ProgramData\Ad-Aware Browsing Protection
2012-05-06 20:31:53   --------   d-----w-   C:\Program Files (x86)\Toolbar Cleaner
2012-05-02 19:53:38   --------   d-----w-   C:\Users\Tom\AppData\Local\ElevatedDiagnostics
2012-05-02 19:53:27   --------   d-----w-   C:\Windows\pss
2012-04-28 18:36:27   --------   d-----w-   C:\Users\Tom\AppData\Roaming\SumatraPDF
2012-04-28 18:36:05   --------   d-----w-   C:\Program Files (x86)\PDFReader
2012-04-28 18:35:58   --------   d-----w-   C:\Users\Tom\AppData\Local\Babylon
2012-04-28 18:35:58   --------   d-----w-   C:\ProgramData\Babylon
2012-04-28 18:35:57   --------   d-----w-   C:\Users\Tom\AppData\Roaming\Babylon
2012-04-14 17:19:29   8917360   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-13 02:57:08   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2012-04-13 02:57:08   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 02:57:08   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
2012-04-13 02:57:07   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2012-04-13 02:57:07   5120   ----a-w-   C:\Windows\System32\wmi.dll
2012-04-13 02:57:07   220672   ----a-w-   C:\Windows\System32\wintrust.dll
2012-04-13 02:57:07   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
.
==================== Find3M  ====================
.
2012-02-28 06:39:37   1188864   ----a-w-   C:\Windows\System32\wininet.dll
2012-02-28 05:38:52   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 16:07:25.75 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/6/2010 10:21:48 PM
System Uptime: 5/12/2012 3:18:57 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0F896N
Processor: AMD Athlon(tm) II X2 250 Processor | AM2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 166.238 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 7300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 7300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP203: 5/9/2012 2:18:40 PM - Windows Update
RP204: 5/11/2012 7:51:35 PM - Installed HiJackThis
RP205: 5/12/2012 3:27:29 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7300
7300_Help
7300Trb
Ad-Aware Browsing Protection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Aleks 3.14
ATI Catalyst Control Center
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Consumer In-Home Service Agreement
Copy
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Support Center (Support Software)
Destinations
DeviceDiscovery
DirectXInstallService
DocProc
EMC 10 Content
Fax
GPBaseService2
HiJackThis
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Java Auto Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 20
Junk Mail filter update
Logitech Vid
MarketResearch
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
O*NET Assessment Tools
PDF Reader
PokerStars.net
PowerDVD DX
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skins
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 8:30:47 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
5/7/2012 10:45:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/12/2012 3:19:49 PM, Error: NetBT [4321]  - The name "TOM-PC         :0" could not be registered on the interface with IP address 192.168.1.76. The computer with the IP address 192.168.1.147 did not allow the name to be claimed by this computer.
5/12/2012 3:19:26 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter SBRE
5/12/2012 3:19:22 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{B4A938AF-44A1-4A4E-98BE-10497194940A} because another computer on the network has the same name.  The server could not start.
5/12/2012 3:19:22 PM, Error: NetBT [4321]  - The name "TOM-PC         :20" could not be registered on the interface with IP address 192.168.1.76. The computer with the IP address 192.168.1.147 did not allow the name to be claimed by this computer.
5/12/2012 3:19:16 PM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
5/11/2012 8:09:03 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
5/11/2012 8:01:05 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter
5/10/2012 4:09:35 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

[kevinf80]

Hello TomG and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

Download aswMBR from Here
If it asks to update during the process please allow this to happen.

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

   

• Once the scan finishes click Save log to save the log to your Desktop.

   

• Copy and paste the contents of aswMBR.txt back here for review

You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Step 2

Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3

• Double click on the icon to run it, Vista  or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
     
• When the window appears, underneath Output at the top, make sure Standard output is selected.
     
• Select Scan all users
     
• Under the Extra Registry section, check Use SafeList
     
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
     
• Under the Custom Scan box paste this in:

Code: [Select]

netsvcs
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
msconfig
%SYSTEMDRIVE%\*.exe
%LOCALAPPDATA%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
     
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Post those logs in reply, OTL logs may exceed forum character limit, if that happens zip them up and attach to reply..

Kevin

[kevinf80]

Are you stil with us TomG...

[TomG]

Hi Kevin,

I will try to get you the info today.  I am sorry for the delay................... I thought I would get an e-mail telling me I had a response.

Tom

[kevinf80]

Hiya Tom,

Select the "Notify" tab at the top of your thread, select OK at the next prompt. You should receive notifications to replies after that....

Kevin

[TomG]

Step 1



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-15 15:30:14
-----------------------------
15:30:14.006    OS Version: Windows x64 6.1.7601 Service Pack 1
15:30:14.006    Number of processors: 2 586 0x602
15:30:14.006    ComputerName: TOM-PC  UserName: Tom
15:30:14.833    Initialize success
15:30:44.194    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:30:44.194    Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
15:30:44.210    Disk 0 MBR read successfully
15:30:44.210    Disk 0 MBR scan
15:30:44.225    Disk 0 Windows VISTA default MBR code
15:30:44.225    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:30:44.241    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
15:30:44.257    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290204 MB offset 30801920
15:30:44.272    Disk 0 scanning C:\Windows\system32\drivers
15:30:49.295    Service scanning
15:31:00.652    Modules scanning
15:31:00.668    Disk 0 trace - called modules:
15:31:00.699    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
15:31:00.699    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f9790]
15:31:00.715    3 CLASSPNP.SYS[fffff8800198043f] -> nt!IofCallDriver -> [0xfffffa8003fd7d20]
15:31:00.730    5 ACPI.sys[fffff88000ed87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004416060]
15:31:00.730    Scan finished successfully
15:31:52.086    Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
15:31:52.101    The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"

[TomG]

Step 2

[kevinf80]

Thanks for the logs, OK do the following:

Re-Run   by double left click, Vista and Widows 7 users right click and select Run as Administrator.

• Under the box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
IE - HKU\S-1-5-21-3592377932-3001643496-2930144275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
= http://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=80ca956900000000000048022af81d5c
IE - HKU\S-1-5-21-3592377932-3001643496-2930144275-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL"
= http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=80ca956900000000000048022af81d5c
IE - HKU\S-1-5-21-3592377932-3001643496-2930144275-1001\..\SearchScopes\{8260C2B8-E0D1-448a-B062-33D12D468BF0}: "URL"
= http://search.alot.com/web?pr=prov&client_id=4ABA39A001C81047018A160C&src_id=11002&tb_version=1.0.1.0&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=80ca956900000000000048022af81d5c&q="
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
[2012/04/28 14:36:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com
[2012/04/28 14:36:08 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3592377932-3001643496-2930144275-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068}
- No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{4c5cde8a-9718-11df-8496-002564d38657}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5cde8a-9718-11df-8496-002564d38657}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
MsConfig:64bit - StartUpReg: [b]DW6[/b] - hkey= - key= -  File not found
:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Toolbar Cleaner
C:\Users\Tom\AppData\Local\Babylon
C:\ProgramData\Babylon
C:\Users\Tom\AppData\Roaming\Babylon
:commands
[emptytemp]
[CREATERESTOREPOINT]


• Then click button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories >
Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me see that log in next reply, also give an update on current issues...

Kevin

[TomG]

All processes killed
========== OTL ==========
HKU\S-1-5-21-3592377932-3001643496-2930144275-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3592377932-3001643496-2930144275-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3592377932-3001643496-2930144275-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8260C2B8-E0D1-448a-B062-33D12D468BF0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8260C2B8-E0D1-448a-B062-33D12D468BF0}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems
Prefs.js: "http://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=80ca956900000000000048022af81d5c&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3592377932-3001643496-2930144275-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5cde8a-9718-11df-8496-002564d38657}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5cde8a-9718-11df-8496-002564d38657}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5cde8a-9718-11df-8496-002564d38657}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5cde8a-9718-11df-8496-002564d38657}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DW6\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tom\Desktop\cmd.bat deleted successfully.
C:\Users\Tom\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\Toolbar Cleaner folder moved successfully.
C:\Users\Tom\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Tom\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Tom\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Tom\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 8743925 bytes
->Temporary Internet Files folder emptied: 96758983 bytes
->Java cache emptied: 17356695 bytes
->FireFox cache emptied: 64711034 bytes
->Flash cache emptied: 241438 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56469669 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 242758897 bytes
 
Total Files Cleaned = 465.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.43.0 log created on 05152012_204131

Files\Folders moved on Reboot...
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

All processes killed
========== OTL ==========
HKU\S-1-5-21-3592377932-3001643496-2930144275-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3592377932-3001643496-2930144275-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3592377932-3001643496-2930144275-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8260C2B8-E0D1-448a-B062-33D12D468BF0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8260C2B8-E0D1-448a-B062-33D12D468BF0}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems
Prefs.js: "http://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=80ca956900000000000048022af81d5c&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\spjqucz8.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3592377932-3001643496-2930144275-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5cde8a-9718-11df-8496-002564d38657}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5cde8a-9718-11df-8496-002564d38657}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5cde8a-9718-11df-8496-002564d38657}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5cde8a-9718-11df-8496-002564d38657}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DW6\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tom\Desktop\cmd.bat deleted successfully.
C:\Users\Tom\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\Toolbar Cleaner folder moved successfully.
C:\Users\Tom\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Tom\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Tom\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Tom\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 8743925 bytes
->Temporary Internet Files folder emptied: 96758983 bytes
->Java cache emptied: 17356695 bytes
->FireFox cache emptied: 64711034 bytes
->Flash cache emptied: 241438 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56469669 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 242758897 bytes
 
Total Files Cleaned = 465.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.43.0 log created on 05152012_204131

Files\Folders moved on Reboot...
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[kevinf80]

Hiya Tom,

unfortunately I missed a point from your intial DDS log, your Hosts file is corrupt. We need to reset that before we go any further, SpyBot S & D will have to be UNinstalled first.

Do the following:

Step 1

Select Start > Controm Panel > Uninstall a Program > From the list UNinstall the following:

SpyBot S & D

Re-Boot your PC.

Step 2

Re-Run   by double left click, Vista and Widows 7 users right click and select Run as Administrator.

• Under the box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
:commands
[resethosts]
[ClearAllRestorePoints]
[EmptyTemp]


• Then click button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me see that log in your reply, also give an update on current issues.

Thanks,

Kevin

[TomG]

The PC is still "slow" at times and sometime it still does not find the site and I get an "Ad Aware" message.

I have not seen the Welcome to NGINX message in a while.


All processes killed
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 23276346 bytes
->Temporary Internet Files folder emptied: 28444350 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33709229 bytes
->Flash cache emptied: 1473 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 295636 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 82.00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05162012_082812

Files\Folders moved on Reboot...
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


All processes killed
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 23276346 bytes
->Temporary Internet Files folder emptied: 28444350 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33709229 bytes
->Flash cache emptied: 1473 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 295636 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 82.00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05162012_082812

Files\Folders moved on Reboot...
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[kevinf80]

Hiya Tom,

Thanks for the update, do the following:

Step 1

Go start > control panel > Uninstall a Program, UNinstall the following:

Java(TM) 6 Update 17
Java(TM) 6 Update 20
Adobe Reader 9.4.6

Step 2

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 32.

• Go to Sun Java
  
• Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
  
• Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
• Reboot your computer

Step 3

Your Adobe Acrobat Reader was out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) Not required

Step 4

I do not see an Anti-Virus Program installed, if that is true do the following:

To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application.
Microsoft Security Essentials covers all of those bases, but better still it is free.
Go Here and hit the "Download free" tab, follow the prompts.
Once installed it will want to update and carry out a quick scan, allow that to happen.

Let me know if MSE finds anything, there will not be a log as such but you can look under the History tab from the main interface after the scan...

Can you expand on this :-

The PC is still "slow" at times and sometime it still does not find the site and I get an "Ad Aware" message.

Can you post a screen shot of that message?

Kevin

[TomG]

I had to go out of town for a day.  I will report back on Thursday or Friday.

Thanks

Tom

[kevinf80]

Thanks for the update, just reply when you`re ready...

[TomG]

Hi Kevin,

I am not getting any messages.  The Internet still seems to be a bit slower than other machines in the house.  Any additional ideas?

Thanks

Tom