Inactive Win7 search problems

[inekam]

I have a win 7 laptop with all the updates. I am having issue with using the internet. I am able to get to any website other then a search engine. If i use an ip i can get to google but not if i enter the name. Malwarebites found problems and removed them. All new scans come back clean but the issue is still there.

________________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-19 16:14:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006d ST912082 rev.7.24
Running: GMER.exe; Driver: C:\Users\Vova\AppData\Local\Temp\kxldypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:384] 85BBA39F
Thread System [4:668] 865B30F4

---- EOF - GMER 1.0.15 ----
____________________________________________________________


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Vova at 16:14:37 on 2012-02-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1983.1296 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0AMQA2ADEANAA0ADAAMgAzADUALQBGAFAAOQArADYALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: citibank.com\online
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{15C2F28A-AE97-4600-A149-B9678E645DC8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9} : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9}\249676D41676E6F6C69616D27657563747 : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9}\C4167737F6E62373 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{741ED365-3B74-4C1F-96C3-0DA644DAF69A}\14E495 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{741ED365-3B74-4C1F-96C3-0DA644DAF69A}\249676D41676E6F6C69616 : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100486&babsrc=adbartrp&mntrId=1c4c8b0800000000000000212f38acb7&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko10.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko11.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko9.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 1c4c8b0800000000000000212f38acb7
FF - user.js: extensions.BabylonToolbar_i.hardId - 1c4c8b0800000000000000212f38acb7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15378
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:18:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl457ad428;MpKsl457ad428;c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\MpKsl457ad428.sys [2012-2-19 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 RtlService;RtlService;c:\program files\airlink101\airlink101 wlan monitor\RtlService.exe [2011-7-30 36864]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-24 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192cu.sys [2011-7-30 630304]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-24 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-24 52224]
.
=============== Created Last 30 ================
.
2012-02-19 20:57:16 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\MpKsl457ad428.sys
2012-02-19 20:07:42 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1358c11a-42c0-4847-ac09-4cae6faa59bc}\gapaengine.dll
2012-02-19 20:07:34 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\mpengine.dll
2012-02-19 20:05:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-19 20:00:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-19 20:00:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-19 20:00:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-19 20:00:43 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-19 20:00:43 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-19 20:00:43 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-19 20:00:43 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-19 20:00:43 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-19 20:00:43 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-19 20:00:43 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-19 20:00:43 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-19 20:00:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-19 19:57:47 -------- d-----w- c:\windows\system32\appmgmt
2012-02-19 19:56:37 -------- d-----w- c:\windows\Profiles
2012-02-19 19:46:15 -------- d-----w- c:\users\vova\appdata\local\Secunia PSI
2012-02-19 16:40:44 -------- d-----w- c:\users\vova\appdata\roaming\SUPERAntiSpyware.com
2012-02-19 16:40:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 16:40:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 16:40:19 -------- d-----w- c:\program files\Secunia
2012-02-19 16:40:07 -------- d-----w- c:\users\vova\appdata\roaming\Malwarebytes
2012-02-19 16:39:57 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 16:39:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 16:39:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 15:41:45 -------- d-sh--w- c:\users\vova\appdata\roaming\AV Security Essentials
2012-02-19 15:41:44 -------- d-sh--w- c:\programdata\AVDUSQOBSSE
2012-02-19 15:41:31 -------- d-sh--w- c:\programdata\fca178
2012-02-17 11:03:07 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a4a67422-bd9d-403c-b652-abd9b41b5358}\mpengine.dll
2012-02-15 05:29:32 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:29:27 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:29:22 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:28:18 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-08 23:18:54 -------- d-----w- c:\users\vova\appdata\local\Google
2012-02-08 23:18:36 -------- d-----w- c:\users\vova\appdata\local\Babylon
2012-02-08 23:18:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-02-08 23:18:30 -------- d-----w- c:\users\vova\appdata\roaming\Babylon
2012-02-08 23:18:30 -------- d-----w- c:\programdata\Babylon
2012-02-08 23:18:29 -------- d-----w- c:\program files\FoxTabPDFConverter
.
==================== Find3M ====================
.
2012-02-19 20:47:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:15:26.34 ===============

________________________________________________________________


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.02

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Vova :: VOVA-PC [administrator]

2/19/2012 11:58:34 AM
mbam-log-2012-02-19 (11-58-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168929
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8042&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\fca178\AVfca_8042.exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully.
C:\Users\Vova\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)
_________________________________________________________________


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2010 8:19:57 PM
System Uptime: 2/19/2012 3:52:45 PM (1 hours ago)
.
Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 105 GiB total, 24.055 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.618 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30B7103C&REV_01\4&3A3249AB&0&2A80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30B7103C&REV_01\4&3A3249AB&0&2A80
Service:
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3\3&13C0B0C5&0&53
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3\3&13C0B0C5&0&53
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30B7103C&REV_0A\4&3A3249AB&0&2B80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30B7103C&REV_0A\4&3A3249AB&0&2B80
Service:
.
==== System Restore Points ===================
.
RP160: 2/19/2012 12:55:44 AM - Scheduled Checkpoint
RP162: 2/19/2012 11:01:22 AM - Before uninstalling CCleaner
RP165: 2/19/2012 2:57:06 PM - Removed Chanalyzer 3.4
RP166: 2/19/2012 3:06:06 PM - Windows Update
RP168: 2/19/2012 3:54:41 PM - CA Internet Security Suite
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Airlink101 WLAN Monitor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Conexant HD Audio
FoxTab PDF Creator
HDAUDIO Soft Data Fax Modem with SmartCP
HP Product Detection
inSSIDer
iTunes
K-Lite Codec Pack 5.7.0 (Standard)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office ??????????? 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help Îáíîâëåíèå (KB963678)
Microsoft Office Excel MUI (Russian) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2007 Help Îáíîâëåíèå (KB963677)
Microsoft Office Outlook MUI (Russian) 2007
Microsoft Office Powerpoint 2007 Help Îáíîâëåíèå (KB963669)
Microsoft Office PowerPoint MUI (Russian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proofing (Russian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Russian) 2007
Microsoft Office Standard 2007
Microsoft Office Word 2007 Help Îáíîâëåíèå (KB963665)
Microsoft Office Word MUI (Russian) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickTime
Secunia PSI (2.0.0.4003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Windows Live ID Sign-in Assistant
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/19/2012 12:37:47 PM, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
2/19/2012 12:04:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/19/2012 12:04:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/19/2012 12:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/19/2012 12:04:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/19/2012 12:04:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent SASDIFSV SASKUTIL spldr Wanarpv6
2/19/2012 11:35:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent spldr Wanarpv6
2/19/2012 10:46:59 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{15C2F28A-AE97-4600-A149-B9678E645DC8} because another computer on the network has the same name. The server could not start.
2/19/2012 10:46:59 AM, Error: NetBT [4321] - The name "VOVA-PC :20" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
2/19/2012 10:46:54 AM, Error: NetBT [4321] - The name "VOVA-PC :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
2/19/2012 10:43:30 AM, Error: Service Control Manager [7000] - The 8042 service failed to start due to the following error: The system cannot find the file specified.
2/18/2012 4:48:17 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
.
==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot! I'll help with the search problem.

First, I see you have 2 antivirus programs:
Microsoft Security Essentials
RP168: 2/19/2012 3:54:41 PM - CA Internet Security Suite (restore point)
Decide which one you want to keep and remove the other.
Please reboot the system after doing that.
==================================
Do you have a language other than English on the system? Although there are Office products in a multitude of different languages installed, what are these:

Microsoft Office ??????????? 2007
Microsoft Office Outlook 2007 Help Îáíîâëåíèå (KB963677)
Microsoft Office Powerpoint 2007 Help Îáíîâëåíèå (KB963669)
Microsoft Office Word 2007 Help Îáíîâëåíèå (KB963665)

============================================
I'd like to clarify this please:

I am able to get to any website other then a search engine. If i use an ip i can get to google but not if i enter the name.

1. What browser are you using?
2. Does it have a search box in it? If so, if you type in a search word, what happens? Do you get a message? What is it?
3. If you click on one of your Favorites or Bookmarks, what happens? Does it open the web page?
4. If you type a URL in the Address Bar, what happens?
5. You have access to the internet, correct?
6. You know the difference between an IP and a URL, correct?
Note: In the above, I am referring to two different locations: the Search box and the Address Bar.
=============================================
I'd like you to run Combofix- but it won't run with CA Security Suite. You will need to temporarily uninstall CA if this is the AV you kept. If it is not, please skip down to the Combofix download.

Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AV program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Do not put another AV on the system if you removed the CA Suite and kept MSE Although you will need t disable the AV temporarily for the scan, you should still have one 1 current AV on the system.
Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
========================================
You have a rogue security program on the system. To be on the safe side, Do not remove the temporary internet files or use a cleaning tool like CCleaner.[/b]
========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

Please leave the 2 logs and answers to my questions in your next reply.

 

[Bobbye]

Note: https://www.techspot.com/vb/topic177748.html as been deleted. Please keep all questions, etc. about this problem on this thread.

 

[inekam]

Hi Bobbye, thank you for trying to help me out.

The other thread that you mentioned was not mine.

I have uninstalled CA Internet Security Suite before installing MSE so that maybe the restore point from the uninstall.

This system has russian language set so the office maybe displaying the encoding wrong because of that.

To clarify the problems i am seeing. If i try to open a website like cnn, or techspot i am able to do it with out an issue. If i try to open bing or google i get page cannot be displayed. If i do nslookup on google and then enter the ip i am able to browse to the google website then.

1. What browser are you using?

I have both IE9 and FireFox10.2

2. Does it have a search box in it? If so, if you type in a search word, what happens? Do you get a message? What is it?

In firefox if i use a search box using google/yahoo/bing i get page cannot be displayed.
If i use amazon as the search provider i am able to search with out an issue.

3. If you click on one of your Favorites or Bookmarks, what happens? Does it open the web page?

Yes that works with out a problem

4. If you type a URL in the Address Bar, what happens?

Depending on the url. Techspot works but google doesn't

5. You have access to the internet, correct?

Yes i do

6. You know the difference between an IP and a URL, correct?

IP is a layer 3 globally unique address used to identify a pc on the internet. URL is a translation of an ip to an easily remembered name using DNS


ComboFix 12-02-19.02 - Vova 02/20/2012 13:24:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1983.1002 [GMT -5:00]
Running from: c:\users\Vova\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Vova\AppData\Roaming\Microsoft\Windows\Recent\std.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 18:32 . 2012-02-20 18:32 -------- d-----w- c:\users\Vova\AppData\Local\temp
2012-02-20 18:32 . 2012-02-20 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 20:57 . 2012-02-19 20:57 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB10DF12-E505-45BE-9983-CA05835B0E17}\MpKsl457ad428.sys
2012-02-19 20:07 . 2012-02-19 20:07 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1358C11A-42C0-4847-AC09-4CAE6FAA59BC}\gapaengine.dll
2012-02-19 20:07 . 2012-01-06 01:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB10DF12-E505-45BE-9983-CA05835B0E17}\mpengine.dll
2012-02-19 20:05 . 2012-02-19 20:05 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-19 20:00 . 2012-02-19 20:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-19 20:00 . 2012-02-19 20:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-19 20:00 . 2012-02-19 20:00 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-19 20:00 . 2012-02-19 20:00 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-19 20:00 . 2012-02-19 20:00 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-19 20:00 . 2012-02-19 20:00 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-19 20:00 . 2012-02-19 20:00 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-19 20:00 . 2012-02-19 20:00 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-19 20:00 . 2012-02-19 20:00 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-19 20:00 . 2012-02-19 20:00 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-19 20:00 . 2012-02-19 20:00 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-19 20:00 . 2012-02-19 20:00 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-19 19:56 . 2012-02-19 19:56 -------- d-----w- c:\windows\Profiles
2012-02-19 19:46 . 2012-02-19 19:46 -------- d-----w- c:\users\Vova\AppData\Local\Secunia PSI
2012-02-19 16:40 . 2012-02-19 16:40 -------- d-----w- c:\users\Vova\AppData\Roaming\SUPERAntiSpyware.com
2012-02-19 16:40 . 2012-02-19 17:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 16:40 . 2012-02-19 16:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 16:40 . 2012-02-19 16:40 -------- d-----w- c:\program files\Secunia
2012-02-19 16:40 . 2012-02-19 16:40 -------- d-----w- c:\users\Vova\AppData\Roaming\Malwarebytes
2012-02-19 16:39 . 2012-02-19 16:39 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 16:39 . 2012-02-19 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 16:39 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 15:41 . 2012-02-19 15:43 -------- d-sh--w- c:\users\Vova\AppData\Roaming\AV Security Essentials
2012-02-19 15:41 . 2012-02-19 15:41 -------- d-sh--w- c:\programdata\AVDUSQOBSSE
2012-02-19 15:41 . 2012-02-19 15:41 -------- d-sh--w- c:\programdata\fca178
2012-02-17 11:03 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4A67422-BD9D-403C-B652-ABD9B41B5358}\mpengine.dll
2012-02-15 05:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:28 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-08 23:18 . 2012-02-08 23:18 -------- d-----w- c:\users\Vova\AppData\Local\Google
2012-02-08 23:18 . 2012-02-08 23:18 237 ----a-w- C:\user.js
2012-02-08 23:18 . 2012-02-08 23:18 -------- d-----w- c:\users\Vova\AppData\Local\Babylon
2012-02-08 23:18 . 2007-08-21 18:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-02-08 23:18 . 2012-02-08 23:18 -------- d-----w- c:\users\Vova\AppData\Roaming\Babylon
2012-02-08 23:18 . 2012-02-08 23:18 -------- d-----w- c:\programdata\Babylon
2012-02-08 23:18 . 2012-02-08 23:18 -------- d-----w- c:\program files\FoxTabPDFConverter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 20:47 . 2011-07-24 20:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-27 05:21 . 2010-03-02 01:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-26 18:22 . 2011-11-26 18:22 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2012-02-19 20:00 . 2012-02-19 20:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0AMQA2ADEANAA0ADAAMgAzADUALQBGAFAAOQArADYALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEA&prod=90&ver=9.0.872" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-02-19 16:41 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 MpKsl457ad428;MpKsl457ad428;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB10DF12-E505-45BE-9983-CA05835B0E17}\MpKsl457ad428.sys [2012-02-19 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 RtlService;RtlService;c:\program files\Airlink101\Airlink101 WLAN Monitor\RtlService.exe [2010-04-16 36864]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-19 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-19 43904]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-11-03 630304]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KXLDYPOW
*NewlyCreated* - MPKSL457AD428
*Deregistered* - kxldypow
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: citibank.com\online
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vova\AppData\Roaming\Mozilla\Firefox\Profiles\mbeqrgpf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100486&babsrc=adbartrp&mntrId=1c4c8b0800000000000000212f38acb7&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 1c4c8b0800000000000000212f38acb7
FF - user.js: extensions.BabylonToolbar_i.hardId - 1c4c8b0800000000000000212f38acb7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15378
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:18
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-AV Security Essentials - c:\programdata\fca178\AVfca_8042.exe
MSConfigStartUp-cctray - c:\program files\CA\CA Internet Security Suite\casc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-20 13:36:13
ComboFix-quarantined-files.txt 2012-02-20 18:36
.
Pre-Run: 25,397,395,456 bytes free
Post-Run: 24,980,172,800 bytes free
.
- - End Of File - - 3509B94080BDFE4699D539CC2342CC79


Eset Online Virus Scan:

C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.G application


thank for your help

 

[Bobbye]

Okay, now we have a handle on it!

Home Malware Cleaner is a rogue anti-spyware program from the Rogue.VirusDoctor

• It is promoted through web sites that show advertisements that pretend to be online anti-malware scanners.
• These scanners create numerous files that will be detected by the program as malware (See deletions in Combofix)
• The scam is that you are told you have to pay for their program to remove these "threats" when in fact there are fake security warnings that should be ignored
• This infection changes your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software.
• Regardless of the web browser you use, we need to fix the proxy so that we can download the utilities we need to remove this infection.

==========================
1. Boot into Safe Mode with Networking

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, and then press ENTER.

2. Reset your browser proxies

• For Firefox:
  o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
  o Click on the "Network" tab, and then on the "Settings" button.
  o Please make sure that the "No Proxy" option is selected.
• For Internet Explorer:
  o Open Internet Explorer.
  o Click on "Tools" and then select "Internet Options".
  o Click on the "Connections" tab and click the "LAN Settings" button at the bottom.
  o Uncheck "Use a Proxy server for your LAN".
  o Click OK to close the Local Area Network (LAN) Settings window.
  o Click OK to close the Internet Options window.

3. To end the processes that belong to the rogue program:
Please click on RKill

• At the download page, click on Download now button for iExplore.exe download link and save to the desktop
• Double click on the iExplore.exe icon
• Please be patient- it may take a bit.
• The black Window will close when through and you can continue.

Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after running RKill as the malware programs will start again.
====================================
4. Update and rescan with Malwarebytes:

• Select Perform Full Scan on the Scanner tab
• Click on the Scan button.
• When scan has finished, you will see this image:
  
  
• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheck Word Wrap before copying the log to paste in your next reply.

===============================
5. Replace Hosts files and Permissions
The malware also changes your Windows HOSTS file. We will need to replace the default version for your operating system. (Note:if you or your company has added custom entries to your HOSTS file then you will need to add them again after restoring the default HOSTS file.)

The malware, in order to protect itself,may change the permissions of the HOSTS file so you can't edit or delete it. To fix these permissions please download the following batch file and save it to your desktop:

Step 1: Restoring Permissions

• Please download Hostsperm.bat and save it to your desktop.
• Double-click on the hostsperm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run.
• Once it starts you will see a small black window that opens, then goes away. This is normal.

You should now be able to access your HOSTS file.

Step 2: Show Hidden Files and Folders:

• Click on the Start button and select Computer
• Select Folder Options> View tab
• Check Show hidden files and folders
• uncheckHide protected operating system files(Recommended)> Confirm Yes
• Then, uncheck the box next to Hide extensions for known filetypes
• Click Apply then click OK

Step 3: Delete the hosts file

• Using Windows Explorer> navigate to Computer> Local Drive> Windows> System 32> Drivers
• Navigate to C:\Windows\System32\drivers\etc and do a right click> Delete and delete the hosts file.
• Once it is deleted, go to next Step.

Step 4: Replacing the Hosts file for your operating system:

• Download the following HOSTS file that corresponds to your operating system:
  Windows 7 HOSTS File Download Link
  Windows Vista HOSTS File Download Link
  Windows XP HOSTS File Download Link
• Save it in the C:\Windows\System32\Drivers\etc folder.

Note: If the contents of the HOSTS file opens in your browser when you click on a link, then right-click on the ink and select Save Target As for in Internet Explorer, or Save Link As if in Firefox, to download the file.
-------------------------
Now reboot your computer into Normal Mode.
==============================================
I will check the Combofix log for any additional removals.

 

[inekam]

Ok still having issues. I am able to browse to google now but the searches get redirected.

I have followed all your instructions

none of the browsers had the proxy set. I have also installed chrome and its the same issue.

_____________________________________________
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/22/2012 at 18:42:10.
Operating System: Windows 7 Ultimate

Processes terminated by Rkill or while it was running:

Rkill completed on 02/22/2012 at 18:42:13.
_____________________________________________

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.22.05

Windows 7 Service Pack 1 x86 FAT32 (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Vova :: VOVA-PC [administrator]

2/22/2012 6:44:20 PM
mbam-log-2012-02-22 (19-44-43).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262555
Time elapsed: 30 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Creator (Adware.Agent) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> No action taken.

(end)
_____________________________________________

i checked the host file before and it was fine. I ran the batch file just in case and replaced it with the one you provided.

I have also re ran malwarebites and superantispyware and both came up clean

So after all this its now redirecting during google searches.
any other ideas or suggestions? Is it work to try to use system restore to a earlier date?

thanks

 

[Bobbye]

Mbam is not' clean': it has 2 entries in it that show Not action Taken.'
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Creator (Adware.Agent) -> No action taken.

Files Detected: 1
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> No action taken.
This means that you did not check the line:
[*] Be sure that everything is checked, and click Remove Selected.

Run Mbam again please and check the line to remove any entries found.

===========================================
"Is it work to try to use system restore to a earlier date?"
Do you mean is doing a System Restore a lot of 'work', then no, it isn't- it's easy.
Do you mean it is worth doing a System Restore, then No you should not. It will undo what we have done so far to clean the malware.
---------------------------------
Please give me an example of 'this page won't display'>> type it in exactly how you have typed it into the Address Bar (not search bar, but Address Bar)

 

[inekam]

i am sorry i was not clear in my reply. After mbam found the issues it has removed it. I rebooted the system and ran MBAM full system scan again. The second scan came back clean. Same for Super Anti Spyware.

about system restore. I was asking if its worth it. thanks

I will reply with the examples tonight.

 

[Bobbye]

I think I found the search problem:

We know that Babylon is a language translation software. Babylon 7 and later versions install a search toolbar, which in some cases are considered a convenience, but it also comes with adware and is considered a 'potentially unwanted application' (PUA) Since you main problem is with the searches, I'd like you to remove Babylon and it's toolbar from the system as follows:
To remove Babylon:

1. Close the Babylon program. Right click on the Babylon icon by the clock> Choose Exit
2. Select "Yes" to confirm
3. Click "Start"> "Control Panel"> Double-click "Add or Remove Programs
4. Select "Babylon Toolbar"> click "Remove/Uninstall"> Confirm "Yes" when prompted.
5. Select "Conduit Engine"> click "Remove/Uninstall"> Confirm "Yes" when prompted.
6. Restart your computer for the changes to take affect.
   
7. Now use Windows Explorer to access Computer> Local Drive> Programs.
8. Find the Babylon/Babylon Toolbar program folder and do a right click> Delete to remove.

-------------------------------------------------
To reset Babylon Toolbar keyword in Firefox

1. Open FireFox and instead of a url, type about:config in the Address Bar.
2. Firefox will give you a warning, but go in anyway.
   [*. Locate the keyword.url line. It should look like the image below.
   
   
3. . Right click on keyword.url, then select Reset

--------------------------------------
Removing Babylon Toolbar Extensions (16)

• Open Firefox> Tools> Addons> Click on Extensions
• Remove all Babylon Toolbar extensions.(sign on to Administrative account)

You can use the Babylon.com site if you need it for translations, but the other entries are preventing you from using the other search engines.
----------------------------------
Reset Browser search selected Engine:

1. Open FireFox and instead of a url, type about:config in the Address Bar.
2. Firefox will give you a warning, but go in anyway.
3. Locate the browser. search. selectedEngine line
4. Do the right click and choose Reset if available. If not, type in Google

---------------------------------
One more:
Clear Firefox Cache

1. Open Firefox> Click on Tools> Options
2. Select the Advanced panel.
3. Click on the Network tab
4. In the Offline Storage section, click Clear Now.

===============================================
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
• Extract it to the directory on your hard drive you created C:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
============================================
Let's see if this handles the search engine problem. The redirect may be related, so we'll handle that if needed.

 

[inekam]

Ok i have followed the instructions I have removed the browser bar. I have done the firefox about:config. in the IE options the bar was not there. I have scanned the mbam and its still clean.
Attached is the hijackthis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:17:02 PM, on 2/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
F:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0AMQA2ADEANAA0ADAAMgAzADUALQBGAFAAOQArADYALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RtlService - Realtek - C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5084 bytes

 

[Bobbye]

Has the search capability improved? Has there been any change? Better? Worse?