Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox browser hijacked and computer running slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox browser hijacked and computer running slow

Unread postby paul98 » October 29th, 2011, 11:36 am

Hi,

My computer is running slow and my firefox browser is redirecting to search.searchcompletion.com when i try to search for stuff. This happened after i installed some software so i could watch an online stream. it was obviously malware. i have learned my lesson! any help appreciated


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Carl at 16:30:05 on 2011-10-29
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.892.229 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\GetRight\GetRight.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
BHO: AutorunsDisabled - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Save YouTube Video as MP3
IE: Semagic - c:\program files\semagic\link.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{A051663B-F789-401B-9233-9C0CFBD8340C} : DhcpNameServer = 89.101.160.4 89.101.160.5
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\carl\appdata\roaming\mozilla\firefox\profiles\no7badff.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=67 ... dae0ab7&q=
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\users\carl\appdata\roaming\mozilla\firefox\profiles\no7badff.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPGetRt.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-3 66616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-9 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-9 39984]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2011-10-29 15:19:54 -------- d-----w- c:\program files\vShare.tv plugin
2011-10-28 09:20:07 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{958c8662-4bbd-4ca0-b8f0-82898c069f5b}\offreg.dll
2011-10-28 09:20:01 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{958c8662-4bbd-4ca0-b8f0-82898c069f5b}\mpengine.dll
2011-10-19 03:02:17 -------- d-----w- c:\users\carl\appdata\local\Eraser 6
2011-10-16 01:23:43 -------- d-----w- c:\program files\Eraser
2011-10-13 14:41:56 -------- d-----w- c:\programdata\GetRight
2011-10-13 14:41:24 108544 ----a-w- c:\program files\mozilla firefox\plugins\NPGetRt.dll
2011-10-13 14:37:07 -------- d-----w- c:\program files\GetRight
2011-10-10 15:45:34 -------- d-sh--w- C:\found.003
2011-10-09 00:03:55 -------- d-----w- c:\users\carl\appdata\roaming\Individual Software
2011-10-09 00:00:02 -------- d-----w- c:\programdata\Individual Software
2011-10-08 23:57:47 -------- d-----w- c:\program files\ResumeMaker
2011-10-03 14:58:48 -------- d-----r- c:\program files\Skype
2011-10-03 09:14:54 83456 ----a-w- c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
2011-09-30 01:19:57 -------- d-----w- c:\program files\Ask.com
2011-09-30 01:18:02 -------- d-----w- c:\program files\GRETECH
.
==================== Find3M ====================
.
2011-09-16 21:54:29 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
============= FINISH: 16:33:08.79 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 09/01/2009 17:26:06
System Uptime: 29/10/2011 06:45:01 (10 hours ago)
.
Motherboard: DIXONSXP | | N/A
Processor: Genuine Intel(R) CPU T1500 @ 1.86GHz | uPGA 479M | 933/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 101 GiB total, 4.44 GiB free.
E: is CDROM ()
S: is FIXED (NTFS) - 1 GiB total, 1.026 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
==== System Restore Points ===================
.
RP1514: 28/10/2011 10:18:02 - Windows Update
RP1515: 29/10/2011 03:00:24 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AAC Decoder
Abdio Free ASF Player (Free)
Actual Spy 3.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
ASIO4ALL
Ask Toolbar
µTorrent
Audacity 1.2.6
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Eraser 6.0.8.2273
ESET Online Scanner v3
FL Studio 9
FLV Player 2.0 (build 25)
Free CD to MP3 Converter
GetRight
GoldWave v5.25
GOM Player
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
Hardcore
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IL Download Manager
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 26
K-Lite Codec Pack 3.2.5 Standard
Launch
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mIRC
MKV Player 2.0
MKV Splitter
Mozilla Firefox 7.0.1 (x86 en-GB)
MP4 Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
Orbit Downloader
PhotoScape
PoiZone
Power2Go
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ResumeMaker Professional
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Semagic (remove only)
SiS VGA Utilities
Skype Click to Call
Skype™ 5.5
SopCast 3.3.2
Spare Messaging
Switch Sound File Converter
Synaptics Pointing Device Driver
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.18
VLC media player 1.1.10
vShare.tv plugin 1.3
WAV to MP3 Encoder
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
29/10/2011 06:45:26, Error: EventLog [6008] - The previous system shutdown at 04:41:14 on 29/10/2011 was unexpected.
29/10/2011 03:34:30, Error: EventLog [6008] - The previous system shutdown at 03:13:32 on 29/10/2011 was unexpected.
28/10/2011 20:52:49, Error: EventLog [6008] - The previous system shutdown at 20:42:30 on 28/10/2011 was unexpected.
28/10/2011 19:18:07, Error: EventLog [6008] - The previous system shutdown at 19:12:25 on 28/10/2011 was unexpected.
28/10/2011 00:35:05, Error: EventLog [6008] - The previous system shutdown at 21:20:31 on 27/10/2011 was unexpected.
26/10/2011 06:25:06, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
26/10/2011 01:49:50, Error: EventLog [6008] - The previous system shutdown at 01:44:17 on 26/10/2011 was unexpected.
25/10/2011 23:03:29, Error: EventLog [6008] - The previous system shutdown at 23:01:41 on 25/10/2011 was unexpected.
25/10/2011 13:05:24, Error: EventLog [6008] - The previous system shutdown at 07:27:58 on 25/10/2011 was unexpected.
25/10/2011 04:17:44, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
25/10/2011 04:11:12, Error: EventLog [6008] - The previous system shutdown at 02:44:39 on 25/10/2011 was unexpected.
24/10/2011 19:40:49, Error: EventLog [6008] - The previous system shutdown at 19:30:07 on 24/10/2011 was unexpected.
24/10/2011 14:08:44, Error: EventLog [6008] - The previous system shutdown at 07:12:28 on 24/10/2011 was unexpected.
23/10/2011 03:50:45, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
23/10/2011 03:50:33, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
23/10/2011 03:49:14, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
22/10/2011 05:56:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows Vista (KB970430).
22/10/2011 05:43:50, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22/10/2011 05:42:06, Error: EventLog [6008] - The previous system shutdown at 22:00:41 on 21/10/2011 was unexpected.
22/10/2011 05:41:52, Error: Microsoft-Windows-Kernel-Processor-Power [2] - Performance power management features on processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
22/10/2011 05:41:52, Error: Microsoft-Windows-Kernel-Processor-Power [2] - Performance power management features on processor 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
.
==== End Of File ===========================
paul98
Active Member
 
Posts: 6
Joined: October 29th, 2011, 11:27 am
Advertisement
Register to Remove

Re: Firefox browser hijacked and computer running slow

Unread postby Gary R » November 1st, 2011, 2:35 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox browser hijacked and computer running slow

Unread postby Gary R » November 1st, 2011, 2:40 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi paul98

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's a few things showing in your DDS logs that need attention, but in order to attend to them I need you first to run some further scans for me.

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox browser hijacked and computer running slow

Unread postby paul98 » November 1st, 2011, 8:08 pm

00:06:10.0316 2428 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
00:06:10.0971 2428 ============================================================
00:06:10.0971 2428 Current date / time: 2011/11/02 00:06:10.0971
00:06:10.0971 2428 SystemInfo:
00:06:10.0971 2428
00:06:10.0972 2428 OS Version: 6.0.6001 ServicePack: 1.0
00:06:10.0972 2428 Product type: Workstation
00:06:10.0972 2428 ComputerName: CARL-PC
00:06:10.0973 2428 UserName: Carl
00:06:10.0973 2428 Windows directory: C:\Windows
00:06:10.0973 2428 System windows directory: C:\Windows
00:06:10.0974 2428 Processor architecture: Intel x86
00:06:10.0974 2428 Number of processors: 2
00:06:10.0974 2428 Page size: 0x1000
00:06:10.0974 2428 Boot type: Normal boot
00:06:10.0974 2428 ============================================================
00:06:14.0123 2428 Initialize success
00:06:20.0924 2308 ============================================================
00:06:20.0924 2308 Scan started
00:06:20.0924 2308 Mode: Manual;
00:06:20.0924 2308 ============================================================
00:06:25.0420 2308 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
00:06:25.0487 2308 ACPI - ok
00:06:25.0603 2308 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:06:25.0759 2308 adp94xx - ok
00:06:25.0863 2308 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:06:25.0997 2308 adpahci - ok
00:06:26.0063 2308 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:06:26.0140 2308 adpu160m - ok
00:06:26.0257 2308 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:06:26.0325 2308 adpu320 - ok
00:06:26.0522 2308 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
00:06:26.0604 2308 AFD - ok
00:06:26.0680 2308 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:06:26.0751 2308 aic78xx - ok
00:06:26.0866 2308 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:06:26.0914 2308 aliide - ok
00:06:26.0982 2308 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:06:27.0030 2308 amdagp - ok
00:06:27.0082 2308 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:06:27.0127 2308 amdide - ok
00:06:27.0288 2308 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:06:27.0333 2308 AmdK7 - ok
00:06:27.0399 2308 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:06:27.0501 2308 AmdK8 - ok
00:06:27.0667 2308 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:06:27.0763 2308 arc - ok
00:06:27.0881 2308 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:06:27.0936 2308 arcsas - ok
00:06:28.0115 2308 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:06:28.0169 2308 AsyncMac - ok
00:06:28.0217 2308 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
00:06:28.0219 2308 atapi - ok
00:06:28.0380 2308 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
00:06:28.0449 2308 avgntflt - ok
00:06:28.0535 2308 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
00:06:28.0590 2308 avipbb - ok
00:06:28.0765 2308 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:06:28.0811 2308 Beep - ok
00:06:28.0904 2308 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:06:28.0961 2308 blbdrive - ok
00:06:29.0083 2308 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
00:06:29.0129 2308 bowser - ok
00:06:29.0212 2308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:06:29.0256 2308 BrFiltLo - ok
00:06:29.0305 2308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:06:29.0341 2308 BrFiltUp - ok
00:06:29.0458 2308 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:06:29.0525 2308 Brserid - ok
00:06:29.0601 2308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:06:29.0640 2308 BrSerWdm - ok
00:06:29.0681 2308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:06:29.0724 2308 BrUsbMdm - ok
00:06:29.0787 2308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:06:29.0805 2308 BrUsbSer - ok
00:06:29.0858 2308 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:06:29.0898 2308 BTHMODEM - ok
00:06:30.0021 2308 catchme - ok
00:06:30.0103 2308 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:06:30.0150 2308 cdfs - ok
00:06:30.0251 2308 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
00:06:30.0300 2308 cdrom - ok
00:06:30.0362 2308 CEBFilter - ok
00:06:30.0387 2308 CEIO - ok
00:06:30.0461 2308 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:06:30.0516 2308 circlass - ok
00:06:30.0555 2308 cKBFilter - ok
00:06:30.0798 2308 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
00:06:30.0871 2308 CLFS - ok
00:06:31.0002 2308 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:06:31.0056 2308 CmBatt - ok
00:06:31.0119 2308 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:06:31.0160 2308 cmdide - ok
00:06:31.0215 2308 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:06:31.0261 2308 Compbatt - ok
00:06:31.0345 2308 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:06:31.0382 2308 crcdisk - ok
00:06:31.0453 2308 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:06:31.0519 2308 Crusoe - ok
00:06:31.0678 2308 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
00:06:31.0728 2308 DfsC - ok
00:06:31.0911 2308 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
00:06:31.0966 2308 disk - ok
00:06:32.0061 2308 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:06:32.0143 2308 drmkaud - ok
00:06:32.0247 2308 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
00:06:32.0287 2308 DXGKrnl - ok
00:06:32.0346 2308 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:06:32.0394 2308 E1G60 - ok
00:06:32.0474 2308 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
00:06:32.0545 2308 Ecache - ok
00:06:32.0680 2308 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:06:32.0775 2308 elxstor - ok
00:06:32.0879 2308 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:06:32.0919 2308 ErrDev - ok
00:06:33.0042 2308 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
00:06:33.0108 2308 exfat - ok
00:06:33.0213 2308 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
00:06:33.0265 2308 fastfat - ok
00:06:33.0375 2308 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:06:33.0413 2308 fdc - ok
00:06:33.0495 2308 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:06:33.0556 2308 FileInfo - ok
00:06:33.0630 2308 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:06:33.0683 2308 Filetrace - ok
00:06:33.0737 2308 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:06:33.0801 2308 flpydisk - ok
00:06:33.0875 2308 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
00:06:33.0936 2308 FltMgr - ok
00:06:33.0992 2308 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:06:34.0020 2308 Fs_Rec - ok
00:06:34.0065 2308 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:06:34.0120 2308 gagp30kx - ok
00:06:34.0221 2308 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
00:06:34.0290 2308 giveio - ok
00:06:34.0450 2308 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:06:34.0512 2308 HdAudAddService - ok
00:06:34.0564 2308 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:06:34.0571 2308 HDAudBus - ok
00:06:34.0649 2308 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:06:34.0691 2308 HidBth - ok
00:06:34.0762 2308 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:06:34.0815 2308 HidIr - ok
00:06:34.0912 2308 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
00:06:34.0964 2308 HidUsb - ok
00:06:35.0036 2308 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:06:35.0103 2308 HpCISSs - ok
00:06:35.0187 2308 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
00:06:35.0249 2308 HTTP - ok
00:06:35.0346 2308 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:06:35.0411 2308 i2omp - ok
00:06:35.0486 2308 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:06:35.0559 2308 i8042prt - ok
00:06:35.0997 2308 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:06:36.0166 2308 ialm - ok
00:06:36.0230 2308 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:06:36.0292 2308 iaStorV - ok
00:06:36.0375 2308 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:06:36.0455 2308 iirsp - ok
00:06:36.0666 2308 IntcAzAudAddService (98fb74ec7f46e25ec082f1925eef39cd) C:\Windows\system32\drivers\RTKVHDA.sys
00:06:36.0988 2308 IntcAzAudAddService - ok
00:06:37.0033 2308 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:06:37.0080 2308 intelide - ok
00:06:37.0151 2308 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:06:37.0159 2308 intelppm - ok
00:06:37.0225 2308 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:06:37.0253 2308 IpFilterDriver - ok
00:06:37.0300 2308 IpInIp - ok
00:06:37.0362 2308 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:06:37.0427 2308 IPMIDRV - ok
00:06:37.0469 2308 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:06:37.0517 2308 IPNAT - ok
00:06:37.0626 2308 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
00:06:37.0704 2308 irda - ok
00:06:37.0753 2308 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:06:37.0806 2308 IRENUM - ok
00:06:37.0862 2308 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
00:06:37.0924 2308 irsir - ok
00:06:37.0984 2308 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:06:38.0035 2308 isapnp - ok
00:06:38.0091 2308 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
00:06:38.0102 2308 iScsiPrt - ok
00:06:38.0236 2308 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:06:38.0276 2308 iteatapi - ok
00:06:38.0348 2308 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:06:38.0393 2308 iteraid - ok
00:06:38.0451 2308 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:06:38.0497 2308 kbdclass - ok
00:06:38.0601 2308 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
00:06:38.0648 2308 kbdhid - ok
00:06:38.0760 2308 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
00:06:38.0849 2308 KSecDD - ok
00:06:39.0000 2308 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:06:39.0061 2308 lltdio - ok
00:06:39.0150 2308 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:06:39.0214 2308 LSI_FC - ok
00:06:39.0290 2308 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:06:39.0348 2308 LSI_SAS - ok
00:06:39.0410 2308 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:06:39.0464 2308 LSI_SCSI - ok
00:06:39.0516 2308 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:06:39.0569 2308 luafv - ok
00:06:39.0662 2308 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
00:06:39.0721 2308 MBAMProtector - ok
00:06:39.0854 2308 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
00:06:39.0903 2308 MBAMSwissArmy - ok
00:06:40.0024 2308 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:06:40.0070 2308 megasas - ok
00:06:40.0171 2308 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:06:40.0254 2308 MegaSR - ok
00:06:40.0352 2308 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:06:40.0393 2308 Modem - ok
00:06:40.0486 2308 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:06:40.0492 2308 monitor - ok
00:06:40.0543 2308 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:06:40.0593 2308 mouclass - ok
00:06:40.0651 2308 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:06:40.0688 2308 mouhid - ok
00:06:40.0740 2308 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:06:40.0765 2308 MountMgr - ok
00:06:40.0844 2308 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
00:06:40.0893 2308 MpFilter - ok
00:06:40.0945 2308 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:06:41.0039 2308 mpio - ok
00:06:41.0139 2308 MpKsl043931fe - ok
00:06:41.0179 2308 MpKsl05486dce - ok
00:06:41.0206 2308 MpKsl087a8610 - ok
00:06:41.0260 2308 MpKsl116acfbe - ok
00:06:41.0284 2308 MpKsl1e9872b0 - ok
00:06:41.0316 2308 MpKsl1fe1034e - ok
00:06:41.0353 2308 MpKsl232af958 - ok
00:06:41.0386 2308 MpKsl2630b016 - ok
00:06:41.0423 2308 MpKsl2cdcd736 - ok
00:06:41.0472 2308 MpKsl2d2d137d - ok
00:06:41.0509 2308 MpKsl2e4f2bad - ok
00:06:41.0576 2308 MpKsl31f93767 - ok
00:06:41.0607 2308 MpKsl387f365a - ok
00:06:41.0644 2308 MpKsl3d26ea74 - ok
00:06:41.0675 2308 MpKsl47fb5354 - ok
00:06:41.0706 2308 MpKsl4f398684 - ok
00:06:41.0740 2308 MpKsl5f56ec47 - ok
00:06:41.0775 2308 MpKsl62c2b9f4 - ok
00:06:41.0806 2308 MpKsl74ef32c8 - ok
00:06:41.0827 2308 MpKsl797dbb70 - ok
00:06:41.0861 2308 MpKsl85775efb - ok
00:06:41.0888 2308 MpKsl910e235a - ok
00:06:41.0919 2308 MpKsl91d5f318 - ok
00:06:41.0950 2308 MpKsl92fd6e49 - ok
00:06:41.0983 2308 MpKsl9469d47c - ok
00:06:42.0017 2308 MpKsla317d795 - ok
00:06:42.0051 2308 MpKslc40f8d23 - ok
00:06:42.0080 2308 MpKslc79eec1d - ok
00:06:42.0115 2308 MpKslc9b60dc3 - ok
00:06:42.0150 2308 MpKsld507f2a2 - ok
00:06:42.0181 2308 MpKsld6967b9f - ok
00:06:42.0211 2308 MpKsle6275802 - ok
00:06:42.0242 2308 MpKsledf75447 - ok
00:06:42.0310 2308 MpKslf881d9c6 - ok
00:06:42.0339 2308 MpKslfa308138 - ok
00:06:42.0526 2308 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:06:42.0576 2308 MpNWMon - ok
00:06:42.0674 2308 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:06:42.0721 2308 mpsdrv - ok
00:06:42.0813 2308 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:06:42.0861 2308 Mraid35x - ok
00:06:42.0912 2308 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
00:06:42.0971 2308 MRxDAV - ok
00:06:43.0048 2308 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:06:43.0090 2308 mrxsmb - ok
00:06:43.0167 2308 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:06:43.0228 2308 mrxsmb10 - ok
00:06:43.0288 2308 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:06:43.0327 2308 mrxsmb20 - ok
00:06:43.0403 2308 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
00:06:43.0449 2308 msahci - ok
00:06:43.0602 2308 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:06:43.0660 2308 msdsm - ok
00:06:43.0779 2308 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:06:43.0865 2308 Msfs - ok
00:06:43.0927 2308 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:06:43.0972 2308 msisadrv - ok
00:06:44.0213 2308 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:06:44.0265 2308 MSKSSRV - ok
00:06:44.0419 2308 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:06:44.0471 2308 MSPCLOCK - ok
00:06:44.0681 2308 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:06:44.0698 2308 MSPQM - ok
00:06:44.0761 2308 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
00:06:44.0819 2308 MsRPC - ok
00:06:44.0893 2308 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:06:44.0899 2308 mssmbios - ok
00:06:44.0945 2308 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:06:44.0966 2308 MSTEE - ok
00:06:45.0002 2308 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
00:06:45.0007 2308 Mup - ok
00:06:45.0125 2308 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
00:06:45.0189 2308 NativeWifiP - ok
00:06:45.0305 2308 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
00:06:45.0346 2308 NDIS - ok
00:06:45.0396 2308 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:06:45.0444 2308 NdisTapi - ok
00:06:45.0497 2308 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:06:45.0555 2308 Ndisuio - ok
00:06:45.0624 2308 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
00:06:45.0687 2308 NdisWan - ok
00:06:45.0854 2308 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:06:45.0952 2308 NDProxy - ok
00:06:46.0585 2308 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:06:46.0738 2308 NetBIOS - ok
00:06:46.0909 2308 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
00:06:46.0990 2308 netbt - ok
00:06:47.0109 2308 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:06:47.0179 2308 nfrd960 - ok
00:06:47.0220 2308 Normandy - ok
00:06:47.0285 2308 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
00:06:47.0324 2308 Npfs - ok
00:06:47.0382 2308 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:06:47.0397 2308 nsiproxy - ok
00:06:47.0523 2308 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
00:06:47.0731 2308 Ntfs - ok
00:06:47.0825 2308 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:06:47.0886 2308 ntrigdigi - ok
00:06:47.0968 2308 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:06:48.0012 2308 Null - ok
00:06:48.0069 2308 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:06:48.0100 2308 nvraid - ok
00:06:48.0146 2308 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:06:48.0195 2308 nvstor - ok
00:06:48.0241 2308 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:06:48.0293 2308 nv_agp - ok
00:06:48.0321 2308 NwlnkFlt - ok
00:06:48.0378 2308 NwlnkFwd - ok
00:06:48.0480 2308 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
00:06:48.0542 2308 ohci1394 - ok
00:06:48.0701 2308 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
00:06:48.0782 2308 Parport - ok
00:06:48.0843 2308 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
00:06:48.0892 2308 partmgr - ok
00:06:48.0941 2308 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
00:06:48.0990 2308 Parvdm - ok
00:06:49.0066 2308 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
00:06:49.0138 2308 pci - ok
00:06:49.0182 2308 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
00:06:49.0223 2308 pciide - ok
00:06:49.0307 2308 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:06:49.0368 2308 pcmcia - ok
00:06:49.0492 2308 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:06:49.0725 2308 PEAUTH - ok
00:06:49.0985 2308 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:06:50.0036 2308 PptpMiniport - ok
00:06:50.0148 2308 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:06:50.0199 2308 Processor - ok
00:06:50.0302 2308 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
00:06:50.0311 2308 PSched - ok
00:06:50.0453 2308 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:06:50.0606 2308 ql2300 - ok
00:06:50.0673 2308 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:06:50.0710 2308 ql40xx - ok
00:06:50.0801 2308 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:06:50.0842 2308 QWAVEdrv - ok
00:06:50.0906 2308 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:06:50.0963 2308 RasAcd - ok
00:06:51.0047 2308 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:06:51.0078 2308 Rasl2tp - ok
00:06:51.0114 2308 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
00:06:51.0171 2308 RasPppoe - ok
00:06:51.0215 2308 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
00:06:51.0268 2308 RasSstp - ok
00:06:51.0335 2308 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
00:06:51.0396 2308 rdbss - ok
00:06:51.0461 2308 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:06:51.0498 2308 RDPCDD - ok
00:06:51.0576 2308 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:06:51.0673 2308 rdpdr - ok
00:06:51.0746 2308 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:06:51.0773 2308 RDPENCDD - ok
00:06:52.0014 2308 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
00:06:52.0148 2308 RDPWD - ok
00:06:52.0346 2308 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:06:52.0396 2308 rspndr - ok
00:06:52.0476 2308 RTL8187B (2a1b48904504830f3f7bae5fd59cd370) C:\Windows\system32\DRIVERS\RTL8187B.sys
00:06:52.0577 2308 RTL8187B - ok
00:06:52.0654 2308 RTSTOR (5717e47c952382e7166448517f030787) C:\Windows\system32\drivers\RTSTOR.SYS
00:06:52.0710 2308 RTSTOR - ok
00:06:52.0811 2308 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:06:52.0856 2308 sbp2port - ok
00:06:52.0944 2308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:06:53.0014 2308 secdrv - ok
00:06:53.0134 2308 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
00:06:53.0179 2308 Serenum - ok
00:06:53.0280 2308 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
00:06:53.0369 2308 Serial - ok
00:06:53.0474 2308 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:06:53.0532 2308 sermouse - ok
00:06:53.0636 2308 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:06:53.0686 2308 sffdisk - ok
00:06:53.0745 2308 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:06:53.0772 2308 sffp_mmc - ok
00:06:53.0825 2308 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:06:53.0864 2308 sffp_sd - ok
00:06:53.0916 2308 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:06:53.0933 2308 sfloppy - ok
00:06:54.0029 2308 SiS6350 (3e692d2f6b285adbcb91032363f87f64) C:\Windows\system32\DRIVERS\SISGRKMD.sys
00:06:54.0085 2308 SiS6350 - ok
00:06:54.0143 2308 SISAGP (c735cbbbc26c1d33c6d7aeb2aa65a52a) C:\Windows\system32\DRIVERS\SISAGPX.sys
00:06:54.0201 2308 SISAGP - ok
00:06:54.0276 2308 SiSGbeLH (73838461f11fc7daee7922c945b2d74f) C:\Windows\system32\DRIVERS\SiSGB6.sys
00:06:54.0334 2308 SiSGbeLH - ok
00:06:54.0405 2308 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:06:54.0451 2308 SiSRaid2 - ok
00:06:54.0516 2308 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:06:54.0601 2308 SiSRaid4 - ok
00:06:54.0691 2308 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
00:06:54.0740 2308 Smb - ok
00:06:54.0856 2308 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:06:54.0901 2308 spldr - ok
00:06:55.0020 2308 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
00:06:55.0108 2308 srv - ok
00:06:55.0183 2308 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
00:06:55.0240 2308 srv2 - ok
00:06:55.0315 2308 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
00:06:55.0362 2308 srvnet - ok
00:06:55.0439 2308 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:06:55.0462 2308 ssmdrv - ok
00:06:55.0571 2308 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:06:55.0629 2308 swenum - ok
00:06:55.0707 2308 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:06:55.0748 2308 Symc8xx - ok
00:06:55.0816 2308 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:06:55.0839 2308 Sym_hi - ok
00:06:55.0890 2308 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:06:55.0930 2308 Sym_u3 - ok
00:06:56.0014 2308 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
00:06:56.0076 2308 SynTP - ok
00:06:56.0324 2308 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
00:06:56.0466 2308 Tcpip - ok
00:06:56.0528 2308 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
00:06:56.0554 2308 Tcpip6 - ok
00:06:56.0623 2308 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
00:06:56.0671 2308 tcpipreg - ok
00:06:56.0717 2308 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:06:56.0757 2308 TDPIPE - ok
00:06:56.0813 2308 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:06:56.0855 2308 TDTCP - ok
00:06:56.0923 2308 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
00:06:56.0975 2308 tdx - ok
00:06:57.0041 2308 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
00:06:57.0066 2308 TermDD - ok
00:06:57.0204 2308 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:06:57.0268 2308 tssecsrv - ok
00:06:57.0504 2308 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:06:57.0602 2308 tunmp - ok
00:06:57.0688 2308 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
00:06:57.0724 2308 tunnel - ok
00:06:57.0779 2308 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
00:06:57.0834 2308 uagp35 - ok
00:06:57.0914 2308 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
00:06:57.0976 2308 udfs - ok
00:06:58.0077 2308 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:06:58.0109 2308 uliagpkx - ok
00:06:58.0179 2308 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:06:58.0218 2308 uliahci - ok
00:06:58.0269 2308 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:06:58.0319 2308 UlSata - ok
00:06:58.0379 2308 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:06:58.0450 2308 ulsata2 - ok
00:06:58.0521 2308 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:06:58.0573 2308 umbus - ok
00:06:58.0673 2308 usbbus - ok
00:06:58.0779 2308 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:06:58.0834 2308 usbccgp - ok
00:06:58.0901 2308 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:06:58.0959 2308 usbcir - ok
00:06:59.0016 2308 UsbDiag - ok
00:06:59.0103 2308 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
00:06:59.0153 2308 usbehci - ok
00:06:59.0217 2308 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
00:06:59.0278 2308 usbhub - ok
00:06:59.0378 2308 USBModem - ok
00:06:59.0418 2308 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
00:06:59.0482 2308 usbohci - ok
00:06:59.0530 2308 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
00:06:59.0567 2308 usbprint - ok
00:06:59.0629 2308 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:06:59.0655 2308 USBSTOR - ok
00:06:59.0691 2308 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:06:59.0714 2308 usbuhci - ok
00:06:59.0806 2308 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:06:59.0877 2308 vga - ok
00:06:59.0932 2308 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:06:59.0981 2308 VgaSave - ok
00:07:00.0034 2308 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:07:00.0095 2308 viaagp - ok
00:07:00.0145 2308 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:07:00.0175 2308 ViaC7 - ok
00:07:00.0233 2308 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:07:00.0269 2308 viaide - ok
00:07:00.0321 2308 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:07:00.0374 2308 volmgr - ok
00:07:00.0439 2308 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
00:07:00.0519 2308 volmgrx - ok
00:07:00.0553 2308 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
00:07:00.0621 2308 volsnap - ok
00:07:00.0673 2308 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:07:00.0731 2308 vsmraid - ok
00:07:00.0818 2308 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:07:00.0879 2308 WacomPen - ok
00:07:00.0927 2308 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:07:00.0998 2308 Wanarp - ok
00:07:01.0018 2308 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:07:01.0033 2308 Wanarpv6 - ok
00:07:01.0118 2308 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:07:01.0143 2308 Wd - ok
00:07:01.0204 2308 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:07:01.0269 2308 Wdf01000 - ok
00:07:01.0563 2308 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
00:07:01.0575 2308 WmiAcpi - ok
00:07:01.0760 2308 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
00:07:01.0831 2308 WpdUsb - ok
00:07:01.0909 2308 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:07:01.0930 2308 ws2ifsl - ok
00:07:02.0113 2308 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:07:02.0142 2308 WUDFRd - ok
00:07:02.0274 2308 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:07:02.0312 2308 \Device\Harddisk0\DR0 - ok
00:07:02.0325 2308 Boot (0x1200) (f88038e5775bbfe0e7a4d4e5c0553fb0) \Device\Harddisk0\DR0\Partition0
00:07:02.0329 2308 \Device\Harddisk0\DR0\Partition0 - ok
00:07:02.0369 2308 Boot (0x1200) (1f7e99b6831455fbef0a9cc3bb487a7b) \Device\Harddisk0\DR0\Partition1
00:07:02.0371 2308 \Device\Harddisk0\DR0\Partition1 - ok
00:07:02.0373 2308 ============================================================
00:07:02.0373 2308 Scan finished
00:07:02.0373 2308 ============================================================
00:07:02.0433 3972 Detected object count: 0
00:07:02.0433 3972 Actual detected object count: 0
paul98
Active Member
 
Posts: 6
Joined: October 29th, 2011, 11:27 am

Re: Firefox browser hijacked and computer running slow

Unread postby paul98 » November 1st, 2011, 8:10 pm

OTL logfile created on: 01/11/2011 10:47:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Carl\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

892.46 Mb Total Physical Memory | 152.43 Mb Available Physical Memory | 17.08% Memory free
2.00 Gb Paging File | 0.94 Gb Available in Paging File | 46.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.05 Gb Total Space | 2.98 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.03 Gb Free Space | 70.02% Space Free | Partition Type: NTFS

Computer Name: CARL-PC | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 10:45:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
PRC - [2011/10/04 00:09:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/16 21:54:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/17 12:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/04 08:10:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/04 21:09:22 | 000,980,368 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/06 17:23:16 | 000,772,096 | ---- | M] () -- C:\Program Files\MP4 Player\Mp4Player.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/28 15:06:02 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/04 00:09:20 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/01 08:32:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/07/01 08:31:54 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/07/01 08:31:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/07/01 08:30:24 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll
MOD - [2011/07/01 08:28:49 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/07/01 08:28:29 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/06/14 00:36:41 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008/11/06 17:23:16 | 000,772,096 | ---- | M] () -- C:\Program Files\MP4 Player\Mp4Player.exe
MOD - [2008/07/27 18:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008/07/27 18:03:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/16 21:54:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/29 08:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/04 08:10:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/16 21:54:30 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/16 21:54:29 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/29 08:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 08:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/05/23 14:54:06 | 000,458,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2008/04/23 10:21:08 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2008/01/21 02:32:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/11/15 20:09:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007/08/07 21:39:00 | 000,283,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-124230192-1773570001-2454789739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKU\S-1-5-21-124230192-1773570001-2454789739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-124230192-1773570001-2454789739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie
IE - HKU\S-1-5-21-124230192-1773570001-2454789739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 87 88 58 92 8E CC 01 [binary data]
IE - HKU\S-1-5-21-124230192-1773570001-2454789739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-124230192-1773570001-2454789739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.6
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=67e7f6d4-0241-11e1-9fa8-00030dae0ab7&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 00:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 15:19:57 | 000,000,000 | ---D | M]

[2009/01/09 18:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carl\AppData\Roaming\Mozilla\Extensions
[2011/10/13 11:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions
[2009/08/08 17:12:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/12 12:13:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/09/22 10:24:13 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/11 19:04:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/06/15 01:01:12 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com
[2011/10/11 19:05:05 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com
[2011/07/11 18:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\searchplugins\startsear.xml
[2011/10/03 15:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/03 15:02:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/25 03:11:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/18 18:08:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\CARL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NO7BADFF.DEFAULT\EXTENSIONS\FIREFOX@RED-COG.COM.XPI
[2011/10/04 00:09:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/06/06 16:44:12 | 000,108,544 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPGetRt.dll
[2011/10/03 09:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/09/17 12:00:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/17 12:00:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/17 12:00:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/17 12:00:50 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/17 12:00:50 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/06/10 10:25:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-124230192-1773570001-2454789739-1000..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-124230192-1773570001-2454789739-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-124230192-1773570001-2454789739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A051663B-F789-401B-9233-9C0CFBD8340C}: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Carl\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Carl\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 10:45:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2011/10/29 15:28:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Carl\Desktop\dds.scr
[2011/10/29 15:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011/10/19 03:02:17 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Local\Eraser 6
[2011/10/16 01:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2011/10/13 14:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GetRight
[2011/10/13 14:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetRight
[2011/10/13 14:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\GetRight
[2011/10/10 15:45:34 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/10/09 00:03:55 | 000,000,000 | ---D | C] -- C:\Users\Carl\Documents\Documents\ResumeMaker
[2011/10/09 00:03:55 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\Individual Software
[2011/10/09 00:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ResumeMaker Professional
[2011/10/09 00:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Individual Software
[2011/10/08 23:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\ResumeMaker
[2011/10/06 00:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011/10/03 15:00:47 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\Skype
[2011/10/03 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/03 14:58:48 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/10/03 14:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/10/02 20:25:12 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\SS and NLP

========== Files - Modified Within 30 Days ==========

[2011/11/01 11:05:36 | 000,222,208 | ---- | M] () -- C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/01 10:45:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2011/11/01 10:28:48 | 004,401,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/01 10:28:48 | 002,067,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/01 10:21:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/01 10:21:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/01 10:20:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/01 10:20:37 | 936,558,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 00:43:48 | 000,003,713 | ---- | M] () -- C:\Users\Carl\Desktop\jaykezman_35649689.jpg
[2011/10/29 15:28:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Carl\Desktop\dds.scr
[2011/10/23 02:20:29 | 000,018,284 | ---- | M] () -- C:\Users\Carl\Desktop\KatieSt.Ives_xvid.avi.torrent
[2011/10/19 14:10:28 | 000,010,504 | ---- | M] () -- C:\Users\Carl\Desktop\CV.pdf
[2011/10/09 08:13:54 | 000,318,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/09 00:01:24 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\ResumeMaker Professional.lnk
[2011/10/08 21:19:27 | 000,000,882 | ---- | M] () -- C:\Users\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/10/06 03:55:45 | 000,000,401 | ---- | M] () -- C:\Users\Carl\Desktop\session 01-what is the most important thing.mp3

========== Files Created - No Company Name ==========

[2011/11/01 00:43:28 | 000,003,713 | ---- | C] () -- C:\Users\Carl\Desktop\jaykezman_35649689.jpg
[2011/10/23 02:20:28 | 000,018,284 | ---- | C] () -- C:\Users\Carl\Desktop\KatieSt.Ives_xvid.avi.torrent
[2011/10/19 14:10:12 | 000,010,504 | ---- | C] () -- C:\Users\Carl\Desktop\CV.pdf
[2011/10/16 01:24:06 | 000,001,675 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2011/10/09 00:01:24 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\ResumeMaker Professional.lnk
[2011/10/08 21:19:27 | 000,000,882 | ---- | C] () -- C:\Users\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/10/06 19:32:44 | 023,592,667 | ---- | C] () -- C:\Users\Carl\Desktop\03-soundlift-horizonte__andy_blueman_intro_mix.mp3
[2011/10/06 03:55:30 | 000,000,401 | ---- | C] () -- C:\Users\Carl\Desktop\session 01-what is the most important thing.mp3
[2011/08/01 10:28:00 | 000,000,036 | -H-- | C] () -- C:\Users\Carl\AppData\Roaming\swk.ini
[2011/06/26 17:31:50 | 000,000,680 | ---- | C] () -- C:\Users\Carl\AppData\Local\d3d9caps.dat
[2010/11/24 17:05:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/24 17:05:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/24 17:05:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/24 17:05:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/24 17:05:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/14 05:54:33 | 000,000,287 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/13 00:32:55 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/13 00:30:37 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2009/01/10 15:28:26 | 000,222,208 | ---- | C] () -- C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 16:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/02 16:41:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/08/18 07:27:38 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/18 07:27:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:44:53 | 000,318,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:33:01 | 004,401,110 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 002,067,336 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/05/20 13:57:49 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Betting Assistant
[2009/02/22 13:11:56 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\DMCache
[2009/01/12 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Foxit
[2011/05/25 03:19:08 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\FrostWire
[2011/10/13 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\GetRight
[2009/04/10 14:14:12 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\GrabPro
[2009/02/22 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\IDM
[2011/10/09 00:03:55 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Individual Software
[2009/04/05 21:59:13 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\IrfanView
[2010/11/09 18:14:16 | 000,000,000 | -HSD | M] -- C:\Users\Carl\AppData\Roaming\lowsec
[2009/02/26 10:18:24 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\NCH Swift Sound
[2011/07/03 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Orbit
[2011/05/02 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\ProgSense
[2009/01/09 18:35:50 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\The TechGuys
[2011/11/01 02:22:44 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\uTorrent
[2009/04/01 04:26:29 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\X-Chat 2
[2011/10/25 22:00:45 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >
paul98
Active Member
 
Posts: 6
Joined: October 29th, 2011, 11:27 am

Re: Firefox browser hijacked and computer running slow

Unread postby paul98 » November 1st, 2011, 8:11 pm

OTL Extras logfile created on: 01/11/2011 10:47:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Carl\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

892.46 Mb Total Physical Memory | 152.43 Mb Available Physical Memory | 17.08% Memory free
2.00 Gb Paging File | 0.94 Gb Available in Paging File | 46.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.05 Gb Total Space | 2.98 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.03 Gb Free Space | 70.02% Space Free | Partition Type: NTFS

Computer Name: CARL-PC | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-124230192-1773570001-2454789739-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1641B33B-A10B-4772-86BA-B3E5065C9F52}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |
"{55725240-88A7-46B7-B382-5F68A584D82F}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{73E41900-966D-430F-A32E-0320E00A47FC}" = lport=49625 | protocol=6 | dir=in | name=akamai netsession interface |
"{9856A626-2731-4E70-8030-B4CD91060D48}" = lport=51289 | protocol=6 | dir=in | name=akamai netsession interface |
"{98D6FD57-DDDC-42B9-A848-5FC014AD8D9B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D29E484E-7271-4B59-B999-150152A362B5}" = lport=49414 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BF32D89-1A70-4349-9791-248950FA3345}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{299F2FAA-8F35-4E59-AFE3-1CA17B7CE108}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DC3B181-B81D-46B0-856C-3D1BC0D1D06E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7D0EB1BF-2E10-4C62-AB7A-C64097D721C9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8E8D220B-48AA-4399-9384-854ED14F32B2}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{B869A05B-6596-4AD5-92AA-CC1EA1F24F98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EBB64FEA-3019-4754-AAC4-CF9E85E0E4B1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0A616528-30CD-41C0-9F37-3BEAD026AB47}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe |
"TCP Query User{2940A7DD-5340-4474-8F34-F13AE84D5E1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{34AB3EAD-F803-4C84-9F98-8F98D9AA1370}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{4072F635-D5C8-45F8-81B0-E5997BDE673E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{4A796212-F768-4983-A1B6-B379E7E8A3E0}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{59F16D2E-92C6-4C53-9B84-F2F3A1E1C6F9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{62CDC3A7-4E42-49F0-A6AE-89513C540A60}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{65242944-6B3E-43FB-AE48-FAE5E6FF6469}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{652AAC25-60B8-4A78-9EA9-EB1B1431C96E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{70119CFA-B780-465A-8677-E779A856F13E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{73C687B4-C0FA-44FE-8D1A-648A5CB376CE}C:\users\carl\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\carl\downloads\utorrent.exe |
"TCP Query User{901D98BE-D064-40E7-9CED-DC96020EACD3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{93AF1B6F-019F-4A76-B9EE-CEEDA9A1A1A1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{976970E2-4CD7-428C-98D7-39C5786DE52E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A0FD2A58-92E8-4F41-B71B-CEBDEC251995}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{AA6093A5-819E-480F-867A-FCC4B0AAAF87}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AF7F784E-AE04-4FC5-A1CA-018AABA920C7}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"TCP Query User{CBA3D559-48C0-4402-B87D-F833C230EE2A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F4293B8D-44F6-465F-98B4-205A5539511F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{01D5389E-C9A0-488D-93BD-872FC3AA5D44}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{05C4A473-4BDB-44E2-8A7F-8646B99B5BC9}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{36B3DDE1-8C8E-4C18-B911-4B82E653523C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{3A0B9390-AA0F-42D4-B246-386192C49927}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{422736EE-71F4-453E-94F2-A16C1FDD5895}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{430F9098-8875-4D67-8C6F-36A916E83C3B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{572C16C0-7612-4F06-AC2E-3665DD391DD7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6BFD7B08-671D-40F3-BFA9-A513E205AB55}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{7D563657-93E2-44F9-9EF2-3B9581C0772D}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{83E78903-EE0C-4B80-A6C6-86CD30938992}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{849BE8FB-7847-463A-9BDF-B60694614669}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{92EE6858-88F1-4FB8-825E-F096E6F4A128}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe |
"UDP Query User{ABF9E288-29D3-47E2-B64A-E389C93FDF79}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{B04AE4B3-5C84-4C4F-A776-3F066E72FDD0}C:\users\carl\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\carl\downloads\utorrent.exe |
"UDP Query User{C1DD49DA-336E-4143-BC3A-9CDCDFDDA0CC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C9A52BD6-CFC2-4D25-91D3-B64E8131AC88}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{DD94CC7C-FD6D-4C6B-9BAC-7069F229F0AC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FCA28FC5-35CE-4AE1-9BFF-EC782CFC242B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FDD2A8A7-96AB-4C33-8AEA-CA3D0DF7A6AD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0CBBB2C-57FE-40BF-8816-44E3AC6BD2D6}" = ResumeMaker Professional
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Abdio Free ASF Player (Free)" = Abdio Free ASF Player (Free)
"Actual Spy_is1" = Actual Spy 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 9" = FL Studio 9
"FLV Player" = FLV Player 2.0 (build 25)
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"GetRight_is1" = GetRight
"GoldWave v5.25" = GoldWave v5.25
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"MKV Player_is1" = MKV Player 2.0
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"MP4 Player" = MP4 Player
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"PoiZone" = PoiZone
"RealPlayer 6.0" = RealPlayer
"Sawer" = Sawer
"Semagic" = Semagic (remove only)
"SiS VGA Utilities" = SiS VGA Utilities
"SopCast" = SopCast 3.3.2
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.10
"vShare.tv plugin" = vShare.tv plugin 1.3
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/11/2011 06:26:28 | Computer Name = Carl-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/11/2011 06:26:28 | Computer Name = Carl-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/11/2011 06:26:29 | Computer Name = Carl-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/11/2011 06:26:29 | Computer Name = Carl-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/11/2011 06:28:42 | Computer Name = Carl-PC | Source = LoadPerf | ID = 3012
Description =

Error - 01/11/2011 06:28:42 | Computer Name = Carl-PC | Source = LoadPerf | ID = 3011
Description =

Error - 01/11/2011 06:46:14 | Computer Name = Carl-PC | Source = profsvc | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - Error performing
inpage operation. for C:\Users\Carl\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 01/11/2011 06:46:14 | Computer Name = Carl-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - Error performing
inpage operation.

Error - 01/11/2011 06:46:29 | Computer Name = Carl-PC | Source = profsvc | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - Error performing
inpage operation. for C:\Users\Carl\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 01/11/2011 06:46:29 | Computer Name = Carl-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - Error performing
inpage operation.

[ OSession Events ]
Error - 28/11/2010 20:54:58 | Computer Name = Carl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13345
seconds with 840 seconds of active time. This session ended with a crash.

Error - 18/04/2011 08:43:31 | Computer Name = Carl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24354
seconds with 19140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 01/11/2011 06:25:02 | Computer Name = Carl-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 01/11/2011 06:25:06 | Computer Name = Carl-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 01/11/2011 06:25:46 | Computer Name = Carl-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 01/11/2011 06:36:42 | Computer Name = Carl-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 01/11/2011 06:46:04 | Computer Name = Carl-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 01/11/2011 06:46:09 | Computer Name = Carl-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 01/11/2011 06:46:13 | Computer Name = Carl-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 01/11/2011 06:46:19 | Computer Name = Carl-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 01/11/2011 06:46:25 | Computer Name = Carl-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 01/11/2011 06:46:29 | Computer Name = Carl-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >
paul98
Active Member
 
Posts: 6
Joined: October 29th, 2011, 11:27 am

Re: Firefox browser hijacked and computer running slow

Unread postby Gary R » November 2nd, 2011, 2:45 am

You are running Vista with an out of date Service Pack (SP1) you need to update to Service Pack 2 as soon as we finish cleaning your computer, otherwise it's only going to be a matter of time before you get infected again.

DO NOT ATTEMPT TO UPDATE TO SP2 UNTIL I TELL YOU IT'S OK TO DO SO attempting to update an infected machine is a recipe for disaster.

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Ask Toolbar
µTorrent
Java(TM) 6 Update 26


Ask toolbar is a worthless piece of junk that comes bundled with many programs and is usually pre-selected for install. It serves no useful purpose and tracks your browsing habits.

uTorrent is a P2P program. Use of P2P is the quickest way to an infection that I know of, this forum insists on their removal.

Old versions of Java can be exploited.

Next

Your C:\ drive is over full, and it is this more than any infection that is probably causing your computer to run slowly. You have only 2.95% free space ....

Drive C: | 101.05 Gb Total Space | 2.98 Gb Free Space | 2.95% Space Free | Partition Type: NTFS


.... Windows needs an overhead of at least 15-20% if it is to run properly, otherwise your processor will have to constantly "page out".

We'll try to free up some space in the process of removing your infection, but you're probably going to have to transfer some files and folders to another drive if you want your computer to speed up.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.6
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=67e7f6d4-0241-11e1-9fa8-00030dae0ab7&q="
[2011/09/22 10:24:13 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/06/15 01:01:12 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com
[2011/10/11 19:05:05 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com
[2011/07/11 18:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\searchplugins\startsear.xml
O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)

:Files
C:\Program Files\Ask.com
C:\Users\Carl\Desktop\KatieSt.Ives_xvid.avi.torrent
C:\Users\Carl\AppData\Roaming\FrostWire
C:\Users\Carl\AppData\Roaming\uTorrent
C:\program files\frostwire
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D0EB1BF-2E10-4C62-AB7A-C64097D721C9}"=-
"{EBB64FEA-3019-4754-AAC4-CF9E85E0E4B1}"=-
"TCP Query User{62CDC3A7-4E42-49F0-A6AE-89513C540A60}C:\program files\frostwire\frostwire.exe"=-
"TCP Query User{73C687B4-C0FA-44FE-8D1A-648A5CB376CE}C:\users\carl\downloads\utorrent.exe"=-
"TCP Query User{976970E2-4CD7-428C-98D7-39C5786DE52E}C:\program files\utorrent\utorrent.exe"=-
"UDP Query User{36B3DDE1-8C8E-4C18-B911-4B82E653523C}C:\program files\utorrent\utorrent.exe"=-
"UDP Query User{B04AE4B3-5C84-4C4F-A776-3F066E72FDD0}C:\users\carl\downloads\utorrent.exe"=-
"UDP Query User{C9A52BD6-CFC2-4D25-91D3-B64E8131AC88}C:\program files\frostwire\frostwire.exe"=-

:Commands
[emptytemp]
[resethosts]
[reboot]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

I see you have Malwarebytes Anti-malware installed ....

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Summary of the logs I need from you in your next post:
  • OTL log
  • MBAM log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox browser hijacked and computer running slow

Unread postby paul98 » November 2nd, 2011, 10:49 am

I had a few problems.

1. I couldn't find the ask toolbar or utorrent in my uninstall list so couldn't do that step.

2. I ran Malware Bytes and it found two infections. I got a log but had to reboot and now cannot find the log anywhere. can you tell me where the log could be so i can post it?

here is OTL log



All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://startsear.ch/?aff=1" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: firefox@red-cog.com:2.8 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 removed from extensions.enabledItems
Prefs.js: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.6 removed from extensions.enabledItems
Prefs.js: "http://startsear.ch/?aff=1&src=sp&cf=67e7f6d4-0241-11e1-9fa8-00030dae0ab7&q=" removed from keyword.URL
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-11-Oct-2011-19-05-07-GMT folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\searchplugins\startsear.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Users\Carl\Desktop\KatieSt.Ives_xvid.avi.torrent moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\overlays folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\image_cache folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\azureus\net folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\azureus\active folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\azureus folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\Carl\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\Carl\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Carl\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Carl\AppData\Roaming\uTorrent folder moved successfully.
File\Folder C:\program files\frostwire not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Carl\Desktop\cmd.bat deleted successfully.
C:\Users\Carl\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D0EB1BF-2E10-4C62-AB7A-C64097D721C9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D0EB1BF-2E10-4C62-AB7A-C64097D721C9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBB64FEA-3019-4754-AAC4-CF9E85E0E4B1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBB64FEA-3019-4754-AAC4-CF9E85E0E4B1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{62CDC3A7-4E42-49F0-A6AE-89513C540A60}C:\program files\frostwire\frostwire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{73C687B4-C0FA-44FE-8D1A-648A5CB376CE}C:\users\carl\downloads\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{976970E2-4CD7-428C-98D7-39C5786DE52E}C:\program files\utorrent\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{36B3DDE1-8C8E-4C18-B911-4B82E653523C}C:\program files\utorrent\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B04AE4B3-5C84-4C4F-A776-3F066E72FDD0}C:\users\carl\downloads\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9A52BD6-CFC2-4D25-91D3-B64E8131AC88}C:\program files\frostwire\frostwire.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Carl
->Temp folder emptied: 346083500 bytes
->Temporary Internet Files folder emptied: 552300069 bytes
->Java cache emptied: 234608 bytes
->FireFox cache emptied: 45891710 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 35757 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12396527 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 913.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_133451

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
paul98
Active Member
 
Posts: 6
Joined: October 29th, 2011, 11:27 am

Re: Firefox browser hijacked and computer running slow

Unread postby Gary R » November 2nd, 2011, 11:15 am

To view the MBAM log please do the following.

  • Start MBAM.
  • Click on the Logs tab.
  • You should find a list of logs named .... mbam-log-yyyy-mm-dd (hh-mm_ss) (where ymdhms are replaced by numbers representing the date and time the fix was run)
  • Double click the latest dated file to open it in Notepad (usually the last one listed).
  • Please post it back here.

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox browser hijacked and computer running slow

Unread postby paul98 » November 2nd, 2011, 7:46 pm

here is the mbam log.

my computer sems fine now. firefox does not have that start up page or search engine hijack and the computer seems to be running ok


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8068

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

02/11/2011 14:29:42
mbam-log-2011-11-02 (14-29-42).txt

Scan type: Quick scan
Objects scanned: 162363
Time elapsed: 12 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
paul98
Active Member
 
Posts: 6
Joined: October 29th, 2011, 11:27 am

Re: Firefox browser hijacked and computer running slow

Unread postby Gary R » November 2nd, 2011, 8:33 pm

I'd like you to run one more scan for me, so we can make sure all traces of your infection have been removed ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

We'll try and free up some disk space for you after I've had a look at the E-Set log, with a bit more free space on your hard drive your computer's speed should improve.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Firefox browser hijacked and computer running slow

Unread postby Gary R » November 6th, 2011, 3:07 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 119 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware