Inactive Can't turn on windows firewall, firefox searches redirecting, slow boot up

[neilthrun]

I did the 8 steps, My logs are at the end of the post. Here is a brief rundown of my problems.

I just recently got an internet connection after not having one for a couple of years. While surfing in firefox, I got a notice from Window Security Essentials informing me of a threat. I thought it was somekind of hoax having never heard of Security Essentials, and was equally suspicious when I couldn't fix the problem offline and that I couldn't ctrl+alt+del or access internet browsers.

I later learned that Secuirty Essentials is a new program by windows, and that it was not a hoax (correct me if I'm wrong about security essentials). I restarted in safe mode, did system restore to the previous night. then ran my ussual AVG, Malware Bytes, Spybot scan. Only spybot encountered a problem, something called Firewall Open Ports, I corrected that problem with spybot.

My normal fixes didn't work entirely, and I've come to this board for help, I ran your 8 steps at this point. Here are my remaining symptoms.

Windows Firewall is disabled, and gives an error when I try to activate it.\
Firefox and IE wont load unless I'm connected to the internet
Sometimes after a reboot my start bar and desktop wont displaying, requiring another restart.
Slow computer speeds, slow boot ups and shutdowns.
Firefox redirects search engine links in google to other trash websites.

Any help is greatly appreciated, and I will stop attempting my own fixes now.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4728

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/1/2010 4:49:23 PM
mbam-log-2010-10-01 (16-49-23).txt

Scan type: Quick scan
Objects scanned: 148409
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-01 18:19:55
Windows 5.1.2600 Service Pack 3
Running: rkuxdn9x.exe; Driver: C:\DOCUME~1\NEILTH~1\LOCALS~1\Temp\kxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT sppf.sys ZwCreateKey [0xF74E40E0]
SSDT sppf.sys ZwEnumerateKey [0xF74FCDA4]
SSDT sppf.sys ZwEnumerateValueKey [0xF74FD132]
SSDT sppf.sys ZwOpenKey [0xF74E40C0]
SSDT sppf.sys ZwQueryKey [0xF74FD20A]
SSDT sppf.sys ZwQueryValueKey [0xF74FD08A]
SSDT sppf.sys ZwSetValueKey [0xF74FD29C]

INT 0x62 ? 89C0EBF8
INT 0x63 ? 89B9FBF8
INT 0x84 ? 89B9EBF8
INT 0x94 ? 89B9EBF8
INT 0xA4 ? 89B9EBF8
INT 0xB4 ? 89B9EBF8

---- Kernel code sections - GMER 1.0.15 ----

? sppf.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA5C38AC 5 Bytes JMP 89B9E1D8
.text a71keirc.SYS BA54F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a71keirc.SYS BA54F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a71keirc.SYS BA54F3C4 3 Bytes [00, 80, 02]
.text a71keirc.SYS BA54F3C9 1 Byte [30]
.text a71keirc.SYS BA54F3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89C112D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] sppf.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] sppf.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] sppf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] sppf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] sppf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] sppf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] sppf.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89B9E2D8
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000

 

[neilthrun]

IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a71keirc.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDB 0x80 0x36 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0x7F 0x2D 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xB7 0x86 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDB 0x80 0x36 0xEF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0x7F 0x2D 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xB7 0x86 0xDA ...

---- EOF - GMER 1.0.15 ----



================
DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Neil thrun at 18:20:00.95 on Fri 10/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1762 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Neil thrun\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\documents and settings\neil thrun\start menu\programs\startup\PdaNet Desktop.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

[neilthrun]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neilth~1\applic~1\mozilla\firefox\profiles\aixldo05.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-27 333192]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-27 28424]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-27 360584]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-27 285392]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-7-17 9472]

=============== Created Last 30 ================

2010-10-01 22:43:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-10-01 21:15:12 0 d-----w- c:\program files\CCleaner
2010-10-01 19:57:54 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-10-01 19:57:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-01 19:31:14 0 d-----w- c:\docume~1\neilth~1\applic~1\SUPERAntiSpyware.com
2010-10-01 19:31:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-01 19:31:05 0 d-----w- c:\program files\SUPERAntiSpyware
2010-10-01 19:24:31 0 d-----w- c:\docume~1\neilth~1\applic~1\Malwarebytes
2010-10-01 19:24:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 19:24:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-01 19:24:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 19:24:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 19:08:23 0 d-----w- c:\windows\system32\MpEngineStore
2010-10-01 19:07:48 0 d-----w- C:\54b37bc515ef938b8aecdf1406
2010-10-01 19:01:36 0 d-----w- c:\windows\system32\wbem\Repository
2010-10-01 01:49:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-10-01 01:48:37 0 d-----r- c:\program files\Skype
2010-10-01 01:45:45 803 ----a-w- C:\logging-macros.xml
2010-10-01 01:45:45 61 ----a-w- C:\mt-win.cfg
2010-10-01 01:45:45 4637222 ----a-w- C:\maptool-1.3.b63.jar
2010-10-01 01:45:44 4712 ----a-w- C:\README
2010-10-01 01:45:44 47 ----a-w- C:\Launch MapTool-1G-Memory.bat
2010-10-01 01:45:44 46 ----a-w- C:\Launch MapTool.bat
2010-10-01 01:45:44 46 ----a-w- C:\Launch MapTool-512M-Memory.bat
2010-10-01 01:45:44 3761 ----a-w- C:\Launch MapTool.sh
2010-10-01 01:45:44 3761 ----a-w- C:\Launch MapTool.command
2010-10-01 01:45:44 323584 ----a-w- C:\MapToolLauncher.exe
2010-10-01 01:45:44 196220 ----a-w- C:\Launch MapTool-Win-README.pdf
2010-10-01 01:45:44 0 d-----w- C:\lib
2010-09-30 08:11:14 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-09-30 05:47:25 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-30 05:46:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-30 05:45:27 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-30 01:14:08 0 d-----w- c:\program files\Yahoo!
2010-09-30 00:56:35 0 d-sh--w- c:\documents and settings\neil thrun\IECompatCache
2010-09-23 20:42:04 0 d-----w- c:\windows\system32\unknown
2010-09-05 07:17:19 0 d-----w- c:\docume~1\neilth~1\applic~1\Philipp Winterberg
2010-09-05 07:17:13 0 d-----w- c:\program files\Free RAR Extract Frog

==================== Find3M ====================

2010-09-03 22:07:01 77380 ----a-w- c:\windows\War3Unin.dat
2010-08-30 15:52:10 2829 ----a-w- c:\windows\War3Unin.pif
2010-08-30 15:52:10 139264 ----a-w- c:\windows\War3Unin.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 18:20:10.34 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2010 10:52:52 PM
System Uptime: 10/1/2010 5:14:14 PM (1 hours ago)

Motherboard: Dell Inc. | | 0GC068
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2999/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 87.948 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== Installed Programs ======================

Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Baldur's Gate(TM) II - Shadows of Amn(TM) Bonus CD
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Belkin Wireless Utility
Bonjour
Brainpipe Demo v1.0.1
Caesar 3
CCleaner
Creative MediaSource
Dell Resource CD
Diablo II
Dominions 3 (remove only)
Free RAR Extract Frog
FreeZip
GIMP 2.6.10
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
How to Draw the Marvel Way
IsoBuster 2.8
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.10)
NVIDIA Drivers
ooVoo
PdaNet for Android 2.42
PharaohDemo
PowerDVD 5.1
QuickTime
RGSS-RTP Standard
RPGXP
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sid Meier's Civilization 4
Skype Toolbars
Skype™ 5.0
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Warcraft III: All Products
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
WinZip 14.5
Yahoo! Install Manager

==== End Of File ===========

 

[Broni]

Welcome aboard

Window Security Essentials is NOT a legit program.
Microsoft Security Essentials IS a legit, free antivirus program, but it doesn't install by itself and it's not included in Windows.

Now....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[neilthrun]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 spkj.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6E000 ACPI.sys
0xB9E5D000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9E3E000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9D69000 iaStor.sys
0xB9D51000 atapi.sys
0xBA338000 cercsr6.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9D31000 fltmgr.sys
0xB9D1F000 sr.sys
0xB9D08000 KSecDD.sys
0xB9C7B000 Ntfs.sys
0xB9C4E000 NDIS.sys
0xB9C34000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA268000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9572000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB955E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9528000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9504000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA390000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB94AA000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB9486000 \SystemRoot\system32\drivers\portcls.sys
0xBA2C8000 \SystemRoot\system32\drivers\drmk.sys
0xB9463000 \SystemRoot\system32\drivers\ks.sys
0xB9437000 \SystemRoot\system32\drivers\ctoss2k.sys
0xBA5E0000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xB9BF7000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB93DC000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA350000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9BEB000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA308000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA388000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8578000 \SystemRoot\System32\Drivers\avcx6l36.SYS
0xBA724000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9BFF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8561000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8C2B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA490000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8550000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8C1B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9BEF000 \SystemRoot\system32\DRIVERS\pnetmdm.sys
0xBA4A8000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8C0B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA348000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA368000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB84F2000 \SystemRoot\system32\DRIVERS\update.sys
0xB9BDB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8BFB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB3229000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA65C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB0BC5000 \SystemRoot\system32\drivers\hap16v2k.sys
0xB0AE8000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xB0AC6000 \SystemRoot\system32\drivers\emupia2k.sys
0xB0AA6000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xB0A08000 \SystemRoot\system32\drivers\ctac32k.sys
0xB237D000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB2358000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB162F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB1B4A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB18BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB17C2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB18B9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA5C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7F2000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C4000 \SystemRoot\System32\Drivers\Beep.SYS
0xB17A2000 \SystemRoot\System32\drivers\vga.sys
0xBA5C6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB1792000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB178A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB18B1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xADF3C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xADEE3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xADEBD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB032A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB031A000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xADCE0000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA990F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA98ED000 \SystemRoot\System32\drivers\afd.sys
0xAA560000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA98CB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB2385000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA98A0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9830000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA550000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA488000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA97E0000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA1A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA970B000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9947000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3B0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAC1FF000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAC1FB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA93C6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA92A7000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9218000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xA90C3000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9190000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8DAC000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 35):
0 System Idle Process
4 System
804 C:\WINDOWS\system32\smss.exe
868 csrss.exe
892 C:\WINDOWS\system32\winlogon.exe
940 C:\WINDOWS\system32\services.exe
952 C:\WINDOWS\system32\lsass.exe
1116 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1512 svchost.exe
1588 svchost.exe
1764 C:\WINDOWS\system32\wltrysvc.exe
1792 C:\Program Files\AVG\AVG9\avgchsvx.exe
1800 C:\Program Files\AVG\AVG9\avgrsx.exe
1856 C:\WINDOWS\system32\bcmwltry.exe
1928 C:\WINDOWS\system32\spoolsv.exe
1996 C:\Program Files\AVG\AVG9\avgcsrvx.exe
572 svchost.exe
608 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
628 C:\Program Files\AVG\AVG9\avgwdsvc.exe
704 C:\Program Files\Bonjour\mDNSResponder.exe
836 C:\WINDOWS\system32\CTSVCCDA.EXE
1384 C:\Program Files\Java\jre6\bin\jqs.exe
1508 C:\WINDOWS\system32\nvsvc32.exe
1396 C:\Program Files\AVG\AVG9\avgnsx.exe
416 C:\WINDOWS\system32\svchost.exe
2196 C:\WINDOWS\explorer.exe
2612 C:\WINDOWS\system32\wltray.exe
2664 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2688 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2756 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2780 C:\WINDOWS\system32\ctfmon.exe
432 C:\WINDOWS\system32\wscntfy.exe
2932 C:\WINDOWS\system32\svchost.exe
2236 C:\Documents and Settings\Neil thrun\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.12

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[neilthrun]

ComboFix 10-10-01.01 - Neil thrun 10/01/2010 22:52:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1602 [GMT -5:00]
Running from: c:\documents and settings\Neil thrun\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\desktop
c:\windows\desktop\How to Draw the Marvel Way.lnk
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.

2010-10-02 00:14 . 2010-10-02 00:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-01 22:43 . 2010-10-01 22:43 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-10-01 21:15 . 2010-10-01 21:15 -------- d-----w- c:\program files\CCleaner
2010-10-01 19:57 . 2010-10-01 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-01 19:57 . 2010-10-01 20:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-01 19:31 . 2010-10-01 19:31 63488 ----a-w- c:\documents and settings\Neil thrun\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-01 19:31 . 2010-10-01 19:31 52224 ----a-w- c:\documents and settings\Neil thrun\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-01 19:31 . 2010-10-01 19:31 117760 ----a-w- c:\documents and settings\Neil thrun\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-01 19:31 . 2010-10-01 19:31 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\SUPERAntiSpyware.com
2010-10-01 19:31 . 2010-10-01 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-01 19:31 . 2010-10-01 19:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-01 19:24 . 2010-10-01 19:24 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\Malwarebytes
2010-10-01 19:24 . 2010-10-01 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-01 19:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 19:24 . 2010-10-01 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 19:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 19:08 . 2010-10-01 19:53 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-01 19:07 . 2010-10-01 19:09 -------- d-----w- C:\54b37bc515ef938b8aecdf1406
2010-10-01 19:01 . 2010-10-01 19:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-01 19:01 . 2010-10-01 19:01 -------- d-----w- c:\program files\NOS
2010-10-01 19:01 . 2010-10-01 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-10-01 19:00 . 2010-10-01 19:00 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-10-01 19:00 . 2010-10-01 19:01 -------- d-s---w- c:\documents and settings\Administrator
2010-10-01 19:00 . 2010-10-01 19:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-10-01 01:49 . 2010-10-01 01:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-10-01 01:49 . 2010-10-01 01:49 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\skypePM
2010-10-01 01:48 . 2010-10-01 01:48 -------- d-----w- c:\program files\Common Files\Skype
2010-10-01 01:48 . 2010-10-01 01:48 -------- d-----r- c:\program files\Skype
2010-10-01 01:48 . 2010-10-01 20:28 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\Skype
2010-10-01 01:48 . 2010-10-01 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-10-01 01:45 . 2010-10-01 01:45 -------- d-----w- C:\lib
2010-10-01 01:45 . 2009-12-17 06:47 47 ----a-w- C:\Launch MapTool-1G-Memory.bat
2010-10-01 01:45 . 2009-12-17 06:47 46 ----a-w- C:\Launch MapTool.bat
2010-10-01 01:45 . 2009-12-17 06:47 46 ----a-w- C:\Launch MapTool-512M-Memory.bat
2010-10-01 01:45 . 2009-12-17 06:47 323584 ----a-w- C:\MapToolLauncher.exe
2010-10-01 00:52 . 2010-10-01 00:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-01 00:51 . 2010-10-01 00:51 12575488 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\AdobeAIRInstaller.exe
2010-10-01 00:51 . 2010-10-01 00:51 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-09-30 08:11 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-09-30 05:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-30 05:46 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-30 05:45 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-30 01:14 . 2010-09-30 01:14 -------- d-----w- c:\program files\Yahoo!
2010-09-30 00:56 . 2010-09-30 00:56 -------- d-sh--w- c:\documents and settings\Neil thrun\IECompatCache
2010-09-30 00:37 . 2009-11-25 19:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-09-23 20:42 . 2010-09-23 20:42 -------- d-----w- c:\windows\system32\unknown
2010-09-05 07:17 . 2010-09-05 07:17 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\Philipp Winterberg
2010-09-05 07:17 . 2010-09-05 07:17 -------- d-----w- c:\program files\Free RAR Extract Frog

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 03:49 . 2010-02-27 20:28 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
2010-10-02 03:49 . 2010-02-27 20:28 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
2010-10-02 03:25 . 2010-08-22 20:24 -------- d-----w- c:\program files\Warcraft III
2010-10-02 02:06 . 2010-03-04 06:50 0 ----a-w- c:\documents and settings\Neil thrun\Local Settings\Application Data\prvlcl.dat
2010-10-02 00:55 . 2010-02-20 20:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-02 00:13 . 2010-08-30 15:44 99451 ----a-w- c:\windows\War3Unin.dat
2010-10-01 19:38 . 2010-02-20 20:49 -------- d-----w- c:\documents and settings\Neil thrun\Application Data\U3
2010-10-01 00:54 . 2010-02-24 06:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-30 00:37 . 2010-02-28 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-09-25 03:39 . 2010-06-16 23:46 -------- d-----w- c:\program files\dominions3
2010-08-30 15:52 . 2010-08-30 15:44 2829 ----a-w- c:\windows\War3Unin.pif
2010-08-30 15:52 . 2010-08-30 15:44 139264 ----a-w- c:\windows\War3Unin.exe
2010-08-22 20:29 . 2010-06-16 07:48 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-21 04:33 . 2010-02-27 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 00:40 . 2010-08-20 00:40 -------- d-----w- c:\program files\Black Isle
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 16:06 . 2010-08-05 16:06 -------- d-----w- c:\program files\Sierra On-Line
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-02-27 19:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-06-08 778318]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-02-28 2033432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

c:\documents and settings\Neil thrun\Start Menu\Programs\Startup\
PdaNet Desktop.lnk.disabled [2010-7-17 692]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-28 00:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ooVoo.exe"=c:\program files\ooVoo\oovoo.exe /minimized
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
"CTHelper"=CTHELPER.EXE
"CTSysVol"=c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"UpdReg"=c:\windows\UpdReg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\dominions3\\dom3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDPoVoo UDP port 443
"37674:TCP"= 37674:TCPoVoo TCP port 37674
"37674:UDP"= 37674:UDPoVoo UDP port 37674
"37675:UDP"= 37675:UDPoVoo UDP port 37675

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/27/2010 7:57 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/27/2010 7:57 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/27/2010 7:56 PM 285392]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/17/2010 11:33 PM 9472]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/19/2010 7:57 PM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Neil thrun\Application Data\Mozilla\Firefox\Profiles\aixldo05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\NOS\bin\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-01 22:57:59
ComboFix-quarantined-files.txt 2010-10-02 03:57

Pre-Run: 94,147,186,688 bytes free
Post-Run: 94,130,012,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 2B7DA251D8EB4503039B25C06441073E

 

[neilthrun]

Alright I ran both, there are the logs. Combofix didn't run the first time, I tried again, it had an error and it restarted my comp, and ran its stuff during the restart. It said it detected rootkit activity (although I bet thats in the report somewhere).
I turned off AVGs resident shield, but couldn't figure out how to turn it all off. Regardless, it wasn't running durring any of the scans as combo fix loaded before anything else.

 

[neilthrun]

It seems google is no longer redirecting and my windows firewall is active again. The computer is running at its usual speed.

 

[Broni]

Combofix log looks good now.

How is Windows firewall issue?

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Broni]

I didn't see this, when I posted:

It seems google is no longer redirecting and my windows firewall is active again. The computer is running at its usual speed.

Good news

 

[Broni]

Are you still out there?