Google Redirection, browsing running slowly

View previous topic View next topic Go down

Google Redirection, browsing running slowly

Post by AlexG2490 on Sun Dec 27, 2009 4:49 am

Hi all! I'm having trouble with my google results being redirected. If I get a wrong result, press the back button, and then click the link again, It works fine. I'm being redirected to ads or other pages by go.google. MBAM, SuperAntiSpyware, Spybot, Avast, and AdAware all failed to find an infection.

I updated Java and did JavaRa, and Adobe Reader is up to date. I do Windows updates twice weekly.

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:23 PM, on 12/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
E:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Electronic Arts\EADM\Core.exe
E:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WordWeb\wweb32.exe
E:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Alex\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "E:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "E:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Add to Evernote - [You must be registered and logged in to see this link.] Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - E:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - E:\Program Files\Evernote\Evernote3\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca1ebe79c66296) (gupdate1ca1ebe79c66296) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 12550 bytes

Thanks all. Happy new year.

AlexG2490
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-12-25
Gender Gender : Male
OS OS : Windows Vista Ultimate
Points Points : 25448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by Dr Jay on Sun Dec 27, 2009 10:02 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by AlexG2490 on Sun Dec 27, 2009 9:13 pm

Here's the combofix log, but I should report that though I disabled all my antispyware according to the directions, ComboFix still insisted that SpyBot was running when it started its scan. Dunno if that affects anything or not. The redirects seem to have stopped but the browser still feels sluggish.

ComboFix 09-12-26.05 - Alex 12/27/2009 13:29:55.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.767 [GMT -7]
Running from: c:\users\Alex\Desktop\commy.exe
Command switches used :: /stepdel
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alex\AppData\Roaming\inst.exe

Infected copy of c:\windows\system32\DRIVERS\nvstor32.sys was found and disinfected
Restored copy from - c:\windows\System32\drivers\nvstor32.sys
.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 04:41 . 2009-12-27 04:41 -------- d-----w- c:\program files\Java
2009-12-27 02:30 . 2009-12-27 02:30 -------- d-----w- c:\users\Alex\AppData\Local\Apple
2009-12-22 06:45 . 2009-12-22 06:45 -------- d-----w- c:\users\Alex\AppData\Local\Adobe
2009-12-22 03:58 . 2009-12-22 03:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-22 03:58 . 2009-12-22 03:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-22 03:58 . 2009-12-22 03:58 -------- d-----w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2009-12-21 19:58 . 2009-12-21 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-21 19:58 . 2009-12-21 20:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 08:03 . 2009-12-21 08:03 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2009-12-21 08:03 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 08:03 . 2009-12-21 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 08:03 . 2009-12-21 08:03 -------- d-----w- c:\programdata\Malwarebytes
2009-12-21 08:03 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 07:52 . 2009-12-21 06:54 13504544 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-20 07:43 . 2009-12-21 06:50 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-20 07:43 . 2009-12-21 06:50 -------- d-----w- c:\programdata\ParetoLogic
2009-12-20 07:39 . 2009-12-20 07:39 -------- d-----w- c:\users\Alex\AppData\Local\Downloaded Installations
2009-12-19 08:43 . 2009-12-19 09:21 -------- d-----w- C:\$AVG
2009-12-19 08:42 . 2009-12-19 08:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-19 08:42 . 2009-12-19 08:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-19 08:42 . 2009-12-19 08:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-19 08:42 . 2009-12-19 08:42 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-19 08:41 . 2009-12-27 11:14 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-19 08:41 . 2009-12-19 08:41 -------- d-----w- c:\program files\AVG
2009-12-19 08:41 . 2009-12-19 08:41 -------- d-----w- c:\programdata\avg9
2009-12-18 04:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-18 03:30 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-18 03:25 . 2009-12-18 03:25 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-18 03:25 . 2009-12-18 03:30 -------- d-----w- c:\programdata\Lavasoft
2009-12-18 03:25 . 2009-12-18 03:25 -------- d-----w- c:\program files\Lavasoft
2009-12-11 05:45 . 2009-12-11 05:45 -------- d-----w- c:\users\Alex\AppData\Roaming\Yahoo!
2009-12-11 05:45 . 2009-12-11 05:45 -------- d-----w- c:\users\Alex\AppData\Local\Yahoo
2009-12-11 05:44 . 2009-12-11 05:44 -------- d-----w- c:\programdata\Yahoo!
2009-12-11 05:43 . 2009-12-11 05:44 -------- d-----w- c:\program files\Yahoo!
2009-12-10 02:30 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:30 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 02:30 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 02:27 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 02:27 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-28 00:09 . 2009-11-28 00:09 -------- d-----w- c:\windows\system32\DefaultDirName

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 20:42 . 2009-08-16 21:54 198030 ----a-w- c:\programdata\nvModes.dat
2009-12-27 20:41 . 2009-08-16 08:31 -------- d-----w- c:\programdata\NVIDIA
2009-12-27 15:00 . 2009-08-25 03:31 -------- d-----w- c:\users\Alex\AppData\Roaming\skypePM
2009-12-27 06:03 . 2009-08-17 00:14 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc
2009-12-27 04:41 . 2009-09-28 01:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-27 04:36 . 2009-08-25 03:30 -------- d-----w- c:\users\Alex\AppData\Roaming\Skype
2009-12-26 03:31 . 2009-09-06 15:35 -------- d-----w- c:\users\Alex\AppData\Roaming\Vso
2009-12-25 00:00 . 2009-12-25 00:00 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-22 03:59 . 2009-12-22 03:59 52224 ----a-w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 03:59 . 2009-12-22 03:59 117760 ----a-w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-22 03:58 . 2009-08-16 21:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-21 06:54 . 2009-12-20 07:52 187160 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-20 07:52 . 2009-12-20 07:52 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-19 16:13 . 2009-12-19 16:13 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll
2009-12-19 15:30 . 2009-12-18 03:30 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 15:01 . 2009-08-16 22:05 -------- d-----w- c:\program files\Google
2009-12-19 08:41 . 2009-12-22 15:32 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-19 08:41 . 2009-12-22 15:32 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-19 08:41 . 2009-12-19 16:13 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-19 08:41 . 2009-12-22 15:32 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-19 08:41 . 2009-12-22 15:32 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2009-12-18 20:15 . 2009-12-18 03:30 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-18 20:15 . 2009-12-18 03:30 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-18 20:15 . 2009-12-18 03:30 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-18 20:15 . 2009-12-18 03:30 1184912 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-18 20:14 . 2009-12-18 03:30 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-18 20:14 . 2009-12-18 03:30 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-18 20:14 . 2009-12-18 03:30 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-18 20:14 . 2009-12-18 03:30 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-18 20:14 . 2009-12-18 03:30 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-18 20:14 . 2009-12-18 03:30 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-18 20:14 . 2009-12-18 03:30 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-18 20:14 . 2009-12-18 03:30 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-17 17:47 . 2009-09-03 16:37 -------- d-----w- c:\programdata\Xfire
2009-12-17 16:27 . 2009-11-16 20:00 -------- d-----w- c:\users\Alex\AppData\Roaming\dvdcss
2009-12-10 21:08 . 2009-09-03 16:36 -------- d-----w- c:\users\Alex\AppData\Roaming\Xfire
2009-12-10 20:14 . 2009-09-03 16:36 -------- d-s---w- c:\program files\Xfire
2009-12-10 20:11 . 2009-09-19 08:06 -------- d-----w- c:\users\Alex\AppData\Roaming\FileZilla
2009-12-10 10:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 10:04 . 2009-08-17 21:54 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 18:12 . 2009-09-23 05:11 -------- d-----w- c:\programdata\DVD Shrink
2009-12-07 14:10 . 2009-12-18 03:25 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-04 01:40 . 2009-11-19 05:31 -------- d-----w- c:\program files\DOSBox-0.73
2009-12-03 07:51 . 2009-08-17 20:25 214504 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-03 07:15 . 2009-08-17 20:25 138936 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-02 00:40 . 2009-08-16 21:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-27 22:13 . 2009-11-27 22:13 550815505 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2250227378 }\BF2142_Update_1.50.exe
2009-11-26 18:21 . 2009-11-26 18:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-26 18:21 . 2009-08-24 03:47 -------- d-----w- c:\programdata\Apple
2009-11-23 23:40 . 2009-11-23 23:40 -------- d-----w- c:\program files\Conduit
2009-11-23 23:40 . 2009-11-23 23:40 -------- d-----w- c:\program files\XfireXO
2009-11-23 18:14 . 2009-08-17 20:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-21 19:45 . 2009-11-21 19:45 -------- d-----w- c:\program files\Alcohol Soft
2009-11-21 06:40 . 2009-12-10 02:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 02:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 02:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:19 . 2009-11-21 06:19 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 04:59 . 2009-12-10 02:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-15 08:38 . 2009-09-27 07:50 -------- d-----w- c:\program files\Safari
2009-11-15 08:31 . 2009-11-15 08:31 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-15 08:28 . 2009-11-15 08:27 -------- d-----w- c:\program files\iTunes
2009-11-15 08:27 . 2009-11-15 08:27 -------- d-----w- c:\program files\iPod
2009-11-15 08:27 . 2009-09-24 05:10 -------- d-----w- c:\program files\Common Files\Apple
2009-11-15 08:27 . 2009-09-24 05:11 -------- d-----w- c:\programdata\Apple Computer
2009-11-15 08:13 . 2009-11-15 08:13 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-14 06:15 . 2009-11-14 06:15 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-14 05:28 . 2009-08-25 03:55 -------- d-----w- c:\users\Alex\AppData\Roaming\Hamachi
2009-11-14 05:24 . 2009-08-25 03:59 -------- d-----w- c:\users\Alex\AppData\Roaming\Quake3
2009-11-13 14:23 . 2009-08-25 18:51 -------- d-----w- c:\programdata\FLEXnet
2009-11-13 09:25 . 2009-11-23 23:40 52224 ------w- c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-11-13 09:25 . 2009-11-23 23:40 114688 ------w- c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-11-10 21:39 . 2009-12-11 05:44 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-11-09 04:22 . 2009-11-09 04:22 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-11-08 10:25 . 2009-08-16 04:54 103384 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-08 10:04 . 2009-08-17 21:57 -------- d-----w- c:\program files\Microsoft Works
2009-11-06 18:44 . 2009-11-06 18:44 -------- d-----w- c:\program files\HandBrake
2009-11-03 03:42 . 2009-10-03 07:53 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-25 10:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-15 06:28 . 2009-10-15 06:28 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-10-15 06:27 . 2009-10-15 06:27 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-10 01:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"EA Core"="e:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"Steam"="e:\program files\Steam\Steam.exe" [2009-10-26 1217808]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-11-21 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogMeIn GUI"="e:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-19 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-27 149280]

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-9-28 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/17/2009 8:30 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/19/2009 1:42 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/19/2009 1:42 AM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/19/2009 1:41 AM 285392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1181328]
R2 LMIInfo;LogMeIn Kernel Information Provider;e:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [8/18/2009 5:20 PM 47640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/21/2009 12:58 PM 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [7/14/2009 11:28 AM 239648]
R3 BLKWGDv8;Belkin Wireless G Desktop Card Service v8;c:\windows\System32\drivers\BLKWGDv8.sys [11/18/2006 12:29 PM 312832]
S2 gupdate1ca1ebe79c66296;Google Update Service (gupdate1ca1ebe79c66296);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2009 3:11 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11/20/2009 11:19 PM 716272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 23:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 16:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote - e:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - XfireXO Customized Web Search
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: e:\program files\Download Manager\npfpdlm.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\users\Alex\Desktop\HijackThis.exe
AddRemove-OEMInformation - c:\windows\oem_uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-27 13:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-770543726-423754612-1244475062-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3e,19,aa,4c,20,c7,80,58,04,f7,ee,4c,1b,a6,d7,e0,a5,e9,a5,2a,71,24,96,
2a,b7,64,44,02,66,08,c3,60,a3,d8,8e,5e,71,5c,ee,62,a4,c5,73,28,ea,e1,92,8e,\
"??"=hex:aa,d3,ad,10,3e,21,e1,5a,ee,a5,d7,2f,8a,be,03,83
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
e:\program files\LogMeIn\x86\RaMaint.exe
e:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG9\avgnsx.exe
e:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RtHDVCpl.exe
c:\program files\AVG\AVG9\avgtray.exe
e:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-27 13:51:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 20:51

Pre-Run: 67,833,532,416 bytes free
Post-Run: 67,862,183,936 bytes free

- - End Of File - - 466F4D92E09DB4662905B23C1E6E1495

Thanks all!

AlexG2490
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-12-25
Gender Gender : Male
OS OS : Windows Vista Ultimate
Points Points : 25448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by Dr Jay on Mon Dec 28, 2009 4:52 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\drivers\fidbox.dat

    Folder::
    c:\program files\Common Files\ParetoLogic
    c:\programdata\ParetoLogic

    DDS::
    FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
    FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by Alchier on Mon Dec 28, 2009 9:18 am

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. ~DragonMaster Jay

Alchier
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-28
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by AlexG2490 on Fri Jan 01, 2010 12:48 am

ComboFix 09-12-26.05 - Alex 12/31/2009 17:28:15.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.937 [GMT -7:00]
Running from: c:\users\Alex\Desktop\commy.exe
Command switches used :: c:\users\Alex\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\fidbox.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\ParetoLogic
c:\programdata\ParetoLogic
c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
c:\windows\system32\drivers\fidbox.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 00:36 . 2010-01-01 00:36 -------- d-----w- c:\users\Alex\AppData\Local\temp
2010-01-01 00:36 . 2010-01-01 00:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-01 00:36 . 2010-01-01 00:36 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-01-01 00:36 . 2010-01-01 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-31 15:42 . 2009-12-19 08:41 2033432 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2009-12-28 06:47 . 2010-01-01 00:18 -------- d-----w- c:\users\Alex\AppData\Roaming\BitTorrent
2009-12-28 06:47 . 2009-12-28 06:47 -------- d-----w- c:\program files\BitTorrent
2009-12-27 04:41 . 2009-12-27 04:41 -------- d-----w- c:\program files\Java
2009-12-27 02:30 . 2009-12-27 02:30 -------- d-----w- c:\users\Alex\AppData\Local\Apple
2009-12-25 00:00 . 2009-12-25 00:00 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-22 15:32 . 2009-12-22 15:32 4043544 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-22 15:32 . 2009-12-19 08:41 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-22 15:32 . 2009-12-22 15:32 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-22 15:32 . 2009-12-19 08:41 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2009-12-22 06:45 . 2009-12-30 05:07 -------- d-----w- c:\users\Alex\AppData\Local\Adobe
2009-12-22 03:59 . 2009-12-22 03:59 52224 ----a-w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 03:59 . 2009-12-22 03:59 117760 ----a-w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-22 03:58 . 2009-12-22 03:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-22 03:58 . 2009-12-22 03:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-22 03:58 . 2009-12-22 03:58 -------- d-----w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2009-12-21 19:58 . 2009-12-21 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-21 19:58 . 2009-12-21 20:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 08:03 . 2009-12-21 08:03 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2009-12-21 08:03 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 08:03 . 2009-12-21 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 08:03 . 2009-12-21 08:03 -------- d-----w- c:\programdata\Malwarebytes
2009-12-21 08:03 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 07:39 . 2009-12-20 07:39 -------- d-----w- c:\users\Alex\AppData\Local\Downloaded Installations
2009-12-19 16:13 . 2009-12-19 16:13 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll
2009-12-19 16:13 . 2009-12-19 08:41 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-19 08:43 . 2009-12-19 09:21 -------- d-----w- C:\$AVG
2009-12-19 08:42 . 2009-12-19 08:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-19 08:42 . 2009-12-19 08:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-19 08:42 . 2009-12-19 08:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-19 08:42 . 2009-12-19 08:42 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-19 08:41 . 2009-12-31 15:43 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-19 08:41 . 2009-12-19 08:41 -------- d-----w- c:\program files\AVG
2009-12-19 08:41 . 2009-12-19 08:41 -------- d-----w- c:\programdata\avg9
2009-12-18 04:12 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-18 03:25 . 2009-12-18 03:25 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-18 03:25 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-18 03:25 . 2009-12-18 03:30 -------- d-----w- c:\programdata\Lavasoft
2009-12-18 03:25 . 2009-12-18 03:25 -------- d-----w- c:\program files\Lavasoft
2009-12-11 05:45 . 2009-12-11 05:45 -------- d-----w- c:\users\Alex\AppData\Roaming\Yahoo!
2009-12-11 05:45 . 2009-12-11 05:45 -------- d-----w- c:\users\Alex\AppData\Local\Yahoo
2009-12-11 05:44 . 2009-12-11 05:44 -------- d-----w- c:\programdata\Yahoo!
2009-12-11 05:44 . 2009-11-10 21:39 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-12-11 05:43 . 2009-12-11 05:44 -------- d-----w- c:\program files\Yahoo!
2009-12-10 02:30 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:30 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 02:30 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 02:27 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 02:27 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 03:03 . 2009-08-17 00:14 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc
2009-12-28 06:13 . 2009-08-25 03:30 -------- d-----w- c:\users\Alex\AppData\Roaming\Skype
2009-12-28 05:26 . 2009-08-25 03:31 -------- d-----w- c:\users\Alex\AppData\Roaming\skypePM
2009-12-27 20:42 . 2009-08-16 21:54 198030 ----a-w- c:\programdata\nvModes.dat
2009-12-27 20:41 . 2009-08-16 08:31 -------- d-----w- c:\programdata\NVIDIA
2009-12-27 04:41 . 2009-09-28 01:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 03:31 . 2009-09-06 15:35 -------- d-----w- c:\users\Alex\AppData\Roaming\Vso
2009-12-22 03:58 . 2009-08-16 21:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-21 06:54 . 2009-12-20 07:52 187160 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-19 15:30 . 2009-12-18 03:30 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 15:01 . 2009-08-16 22:05 -------- d-----w- c:\program files\Google
2009-12-18 20:15 . 2009-12-18 03:30 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-18 20:15 . 2009-12-18 03:30 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-18 20:15 . 2009-12-18 03:30 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-18 20:15 . 2009-12-18 03:30 1184912 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-18 20:14 . 2009-12-18 03:30 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-18 20:14 . 2009-12-18 03:30 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-18 20:14 . 2009-12-18 03:30 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-18 20:14 . 2009-12-18 03:30 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-18 20:14 . 2009-12-18 03:30 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-18 20:14 . 2009-12-18 03:30 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-18 20:14 . 2009-12-18 03:30 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-18 20:14 . 2009-12-18 03:30 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-17 17:47 . 2009-09-03 16:37 -------- d-----w- c:\programdata\Xfire
2009-12-17 16:27 . 2009-11-16 20:00 -------- d-----w- c:\users\Alex\AppData\Roaming\dvdcss
2009-12-10 21:08 . 2009-09-03 16:36 -------- d-----w- c:\users\Alex\AppData\Roaming\Xfire
2009-12-10 20:14 . 2009-09-03 16:36 -------- d-s---w- c:\program files\Xfire
2009-12-10 20:11 . 2009-09-19 08:06 -------- d-----w- c:\users\Alex\AppData\Roaming\FileZilla
2009-12-10 10:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 10:04 . 2009-08-17 21:54 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 18:12 . 2009-09-23 05:11 -------- d-----w- c:\programdata\DVD Shrink
2009-12-04 01:40 . 2009-11-19 05:31 -------- d-----w- c:\program files\DOSBox-0.73
2009-12-03 07:51 . 2009-08-17 20:25 214504 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-03 07:15 . 2009-08-17 20:25 138936 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-02 13:19 . 2009-12-18 03:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-02 00:40 . 2009-08-16 21:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-27 22:13 . 2009-11-27 22:13 550815505 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2250227378 }\BF2142_Update_1.50.exe
2009-11-26 18:21 . 2009-11-26 18:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-26 18:21 . 2009-08-24 03:47 -------- d-----w- c:\programdata\Apple
2009-11-23 23:40 . 2009-11-23 23:40 -------- d-----w- c:\program files\Conduit
2009-11-23 23:40 . 2009-11-23 23:40 -------- d-----w- c:\program files\XfireXO
2009-11-23 18:14 . 2009-08-17 20:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-21 19:45 . 2009-11-21 19:45 -------- d-----w- c:\program files\Alcohol Soft
2009-11-21 06:40 . 2009-12-10 02:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 02:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 02:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:19 . 2009-11-21 06:19 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 04:59 . 2009-12-10 02:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-15 08:38 . 2009-09-27 07:50 -------- d-----w- c:\program files\Safari
2009-11-15 08:31 . 2009-11-15 08:31 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-15 08:28 . 2009-11-15 08:27 -------- d-----w- c:\program files\iTunes
2009-11-15 08:27 . 2009-11-15 08:27 -------- d-----w- c:\program files\iPod
2009-11-15 08:27 . 2009-09-24 05:10 -------- d-----w- c:\program files\Common Files\Apple
2009-11-15 08:27 . 2009-09-24 05:11 -------- d-----w- c:\programdata\Apple Computer
2009-11-15 08:13 . 2009-11-15 08:13 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-14 06:15 . 2009-11-14 06:15 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-14 05:28 . 2009-08-25 03:55 -------- d-----w- c:\users\Alex\AppData\Roaming\Hamachi
2009-11-14 05:24 . 2009-08-25 03:59 -------- d-----w- c:\users\Alex\AppData\Roaming\Quake3
2009-11-13 14:23 . 2009-08-25 18:51 -------- d-----w- c:\programdata\FLEXnet
2009-11-13 09:25 . 2009-11-23 23:40 52224 ------w- c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-11-13 09:25 . 2009-11-23 23:40 114688 ------w- c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-11-09 04:22 . 2009-11-09 04:22 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-11-08 10:25 . 2009-08-16 04:54 103384 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-08 10:04 . 2009-08-17 21:57 -------- d-----w- c:\program files\Microsoft Works
2009-11-06 18:44 . 2009-11-06 18:44 -------- d-----w- c:\program files\HandBrake
2009-11-03 03:42 . 2009-10-03 07:53 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-25 10:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-15 06:28 . 2009-10-15 06:28 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-10-15 06:27 . 2009-10-15 06:27 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-10 01:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"EA Core"="e:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"Steam"="e:\program files\Steam\Steam.exe" [2009-10-26 1217808]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-11-21 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-16 122368]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogMeIn GUI"="e:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-27 149280]

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-9-28 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/17/2009 8:30 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/19/2009 1:42 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/19/2009 1:42 AM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/19/2009 1:41 AM 285392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1181328]
R2 LMIInfo;LogMeIn Kernel Information Provider;e:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [8/18/2009 5:20 PM 47640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/21/2009 12:58 PM 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [7/14/2009 11:28 AM 239648]
R3 BLKWGDv8;Belkin Wireless G Desktop Card Service v8;c:\windows\System32\drivers\BLKWGDv8.sys [11/18/2006 12:29 PM 312832]
S2 gupdate1ca1ebe79c66296;Google Update Service (gupdate1ca1ebe79c66296);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2009 3:11 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11/20/2009 11:19 PM 716272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 23:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 16:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote - e:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - XfireXO Customized Web Search
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: e:\program files\Download Manager\npfpdlm.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-31 17:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-770543726-423754612-1244475062-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3e,19,aa,4c,20,c7,80,58,04,f7,ee,4c,1b,a6,d7,e0,a5,e9,a5,2a,71,24,96,
2a,b7,64,44,02,66,08,c3,60,a3,d8,8e,5e,71,5c,ee,62,a4,c5,73,28,ea,e1,92,8e,\
"??"=hex:aa,d3,ad,10,3e,21,e1,5a,ee,a5,d7,2f,8a,be,03,83
.
Completion time: 2009-12-31 17:39:13
ComboFix-quarantined-files.txt 2010-01-01 00:39
ComboFix2.txt 2009-12-27 20:51

Pre-Run: 72,097,144,832 bytes free
Post-Run: 72,082,030,592 bytes free

- - End Of File - - 6C5383A755E63CDA0BAA27F611D687DA




CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe after effects cs3\support files\presets\image - special effects\cracked tiles.ffx
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\html\keygen.html
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\php\crackf.html
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
c:\users\alex\appdata\roaming\macromedia\flash player\#sharedobjects\v6sey5lv\[You must be registered and logged in to see this link.]
c:\users\alex\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrack.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcracklightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrack.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\users\alex\favorites\download dark forces ii jedi knight + mysteries of the sith - serial keygen crack serial patch.url
scanner sequence 3.ZZ.11
----- EOF -----



Thanks all!

AlexG2490
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-12-25
Gender Gender : Male
OS OS : Windows Vista Ultimate
Points Points : 25448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by Dr Jay on Fri Jan 01, 2010 3:15 am

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

==

Please download [You must be registered and logged in to see this link.] and Save it to your desktop

  1. Double click it to start the tool.
  2. Click Scan.
  3. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by AlexG2490 on Fri Jan 01, 2010 6:38 am

What software are you finding on this machine specifically that's pirated? This is a family computer that I share with two teenage sons - 17 and 14. You're telling me that they're stealing software? Or is it me? Sometimes I purchase software online and enter the key the send me through e-mail or the customer login area on their site instead of going out to the store to get a copy on a disk. Is that a keygen?

I'll do the Rooter log tomorrow. Happy new year everyone.

AlexG2490
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-12-25
Gender Gender : Male
OS OS : Windows Vista Ultimate
Points Points : 25448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by Dr Jay on Fri Jan 01, 2010 7:01 am

This has malicious code implanted in to it: (Trj.Win32\Tibick)

c:\users\alex\favorites\download dark forces ii jedi knight + mysteries of the sith - serial keygen crack serial patch.url

==

Post the Rooter log when ready.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by AlexG2490 on Tue Jan 19, 2010 2:37 pm

Sorry for the delay on this. I started a new job and forgot about the thread for a couple weeks.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista . (6.0.6001) Service Pack 1
[32_bits] - x86 Family 15 Model 107 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Disabled !
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18865
Mozilla Firefox 3.5.3 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:149 Go - Free:62 Go )
D:\ [CD_Rom]
E:\ [Fixed-NTFS] .. ( Total:465 Go - Free:288 Go )
F:\ [Fixed-NTFS] .. ( Total:931 Go - Free:136 Go )
.
Scan : 19:33.25
Path : C:\Users\Alex\Desktop\Rooter.exe
User : Alex ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (468)
______ C:\Windows\system32\csrss.exe (544)
______ C:\Windows\system32\wininit.exe (596)
______ C:\Windows\system32\csrss.exe (608)
______ C:\Windows\system32\services.exe (640)
______ C:\Windows\system32\lsass.exe (652)
______ C:\Windows\system32\lsm.exe (660)
______ C:\Windows\system32\svchost.exe (804)
______ C:\Windows\system32\winlogon.exe (840)
______ C:\Windows\system32\nvvsvc.exe (888)
______ C:\Windows\system32\svchost.exe (916)
______ C:\Windows\System32\svchost.exe (1024)
______ C:\Windows\System32\svchost.exe (1052)
______ C:\Windows\system32\svchost.exe (1072)
Locked audiodg.exe (1168)
______ C:\Windows\system32\svchost.exe (1220)
______ C:\Windows\system32\SLsvc.exe (1280)
______ C:\Windows\system32\svchost.exe (1300)
______ C:\Windows\system32\nvvsvc.exe (1484)
______ C:\Windows\system32\svchost.exe (1644)
______ C:\Windows\System32\spoolsv.exe (1936)
______ C:\Windows\system32\taskeng.exe (1960)
______ C:\Windows\system32\svchost.exe (1972)
______ C:\Windows\system32\taskeng.exe (208)
______ C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (492)
______ C:\Windows\system32\Dwm.exe (328)
______ C:\Windows\Explorer.EXE (1752)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1412)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1820)
______ C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (1728)
______ E:\Program Files\LogMeIn\x86\RaMaint.exe (2168)
______ E:\Program Files\LogMeIn\x86\LogMeIn.exe (2240)
______ E:\Program Files\LogMeIn\x86\LMIGuardian.exe (2332)
______ C:\Windows\system32\PnkBstrA.exe (2500)
______ C:\Windows\system32\svchost.exe (2568)
______ C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (2604)
______ C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (2644)
______ C:\Windows\system32\svchost.exe (2752)
______ C:\Windows\System32\svchost.exe (2816)
______ C:\Windows\RtHDVCpl.exe (2868)
______ C:\Windows\system32\SearchIndexer.exe (2936)
______ C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (3072)
______ E:\Program Files\Winamp\winampa.exe (3080)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3128)
______ E:\Program Files\LogMeIn\x86\LogMeInSystray.exe (3240)
______ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (3264)
______ C:\Program Files\iTunes\iTunesHelper.exe (3308)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3324)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3352)
______ E:\Program Files\Electronic Arts\EADM\Core.exe (3412)
______ E:\Program Files\Steam\Steam.exe (3484)
______ C:\Windows\ehome\ehtray.exe (3516)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (3536)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (3544)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3556)
______ C:\Program Files\WordWeb\wweb32.exe (3564)
______ C:\Windows\ehome\ehmsas.exe (3724)
______ E:\Program Files\LogMeIn\x86\LMIGuardian.exe (3888)
______ C:\Program Files\AVG\AVG9\avgchsvx.exe (636)
______ C:\Program Files\AVG\AVG9\avgrsx.exe (1592)
______ C:\Program Files\AVG\AVG9\avgcsrvx.exe (2744)
______ C:\Program Files\Windows Media Player\wmpnetwk.exe (2984)
______ C:\Windows\system32\wbem\wmiprvse.exe (3880)
______ C:\Program Files\Windows Sidebar\sidebar.exe (4356)
______ C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (4392)
______ C:\Windows\system32\wbem\wmiprvse.exe (4840)
______ C:\Program Files\iPod\bin\iPodService.exe (5272)
______ C:\Windows\system32\wuauclt.exe (3864)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (2360)
______ C:\Windows\system32\wbem\unsecapp.exe (4320)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (5264)
______ C:\Program Files\AVG\AVG9\avgwdsvc.exe (1084)
______ C:\Program Files\AVG\AVG9\avgnsx.exe (2528)
______ C:\Program Files\AVG\AVG9\avgtray.exe (5712)
______ C:\Program Files\Internet Explorer\iexplore.exe (4904)
______ C:\Program Files\Internet Explorer\iexplore.exe (5164)
______ C:\Windows\system32\SearchProtocolHost.exe (5320)
______ C:\Windows\system32\SearchFilterHost.exe (5668)
______ C:\Users\Alex\Desktop\Rooter.exe (4712)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:160038912000)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Google Software Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\ParetoLogic Registration.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{D0500D9A-B244-4FCF-A56A-701030FBCBD2}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Users\Alex\Favorites\Download Dark Forces II Jedi Knight + Mysteries of the Sith - Serial keygen crack serial patch.url
C:\Users\Alex\Favorites\Download Dark Forces II Jedi Knight + Mysteries of the Sith - Serial keygen crack serial patch.url
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 19:34.10
.
C:\Rooter$\Rooter_1.txt - (18/01/2010 | 19:34.10).c

AlexG2490
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-12-25
Gender Gender : Male
OS OS : Windows Vista Ultimate
Points Points : 25448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by Dr Jay on Tue Jan 19, 2010 4:34 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by AlexG2490 on Sat Jan 30, 2010 5:49 am

Enjoy your log!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7309b0c408dd88478ac0cff5fff36509
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-30 05:43:31
# local_time=2010-01-29 10:43:31 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 2693960 2693960 0 0
# compatibility_mode=5892 16776574 100 100 2779080 101431698 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=421428
# found=0
# cleaned=0
# scan_time=6168

AlexG2490
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-12-25
Gender Gender : Male
OS OS : Windows Vista Ultimate
Points Points : 25448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirection, browsing running slowly

Post by Dr Jay on Sat Jan 30, 2010 3:42 pm

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum