Jump to content

Change Mode

browser hi jacked very slow boots and overall performance dds scan and


WsW-WYATT-EARP
 Share

Recommended Posts

My nephew's computer and he likes to download everything that pops up it seems. I have deleted a ton of games and crap through control panel. I have run search and destroy, super antispyware, malewarebytes and each has fixed a bunch of stuff. It seems to be somewhat better but when i open firefox the homepage comes up as normal but if I open a new tab it goes to start.funmoods - a program that i had deleted.

 

Thanks in advance for any help and guidance!

Ben

 

Scans below

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_39
Run by Nolan at 17:16:47 on 2013-02-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2811.1300 [GMT -6:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32atiesrxx.exe
C:Windowssystem32SLsvc.exe
C:Windowssystem32atieclxx.exe
C:WindowsSystem32spoolsv.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesAd-Aware AntivirusAdAwareService.exe
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe
C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
C:Program FilesKodakAiOCenterekdiscovery.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesEgisTecMyWinLocker 3x86MWLService.exe
C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater13.2.0ToolbarUpdater.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesSpybot - Search & DestroySDWinSec.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32alg.exe
C:Windowssystem32taskeng.exe
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesAcerAcer ePower ManagementePowerTray.exe
C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe
C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe
C:Program FilesAVGAVG8avgtray.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAVG Secure Searchvprot.exe
C:ProgramDataAd-Aware Browsing Protectionadawarebp.exe
C:Windowsehomeehtray.exe
C:Program FilesSUPERAntiSpywareSUPERANTISPYWARE.EXE
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesAcerAcer ePower ManagementePowerEvent.exe
C:Windowsehomeehmsas.exe
C:Program FilesiPodbiniPodService.exe
C:PROGRA~1AD-AWA~1AdAware.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesAd-Aware AntivirusSBAMSvc.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32msiexec.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_5_502_149.exe
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_5_502_149.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Windowssystem32svchost.exe -k imgsvc
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5517
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:program filesavgavg8avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre6binssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:program filesavg secure search13.2.0.5AVG Secure Search_toolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre6binjp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:program filesavg secure search13.2.0.5AVG Secure Search_toolbar.dll
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [steam] "c:program filessteamSteam.exe" -silent
uRun: [sUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [RtHDVCpl] c:program filesrealtekaudiohdaRtHDVCpl.exe
mRun: [Acer ePower Management] c:program filesaceracer epower managementePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:program filesegistec egis software updateEgisUpdate.exe"
mRun: [mwlDaemon] c:program filesegistecmywinlocker 3x86mwlDaemon.exe
mRun: [Acer Assist Launcher] c:program filesaceracer assistlauncher.exe
mRun: [startCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun
mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [LManager] c:program fileslaunch managerLManager.exe
mRun: [CLMLServer] "c:program filesacer arcade deluxeacer arcade deluxekernelclmlCLMLSvc.exe"
mRun: [Acer Product Registration] "c:program filesaceracer registrationACE1.exe" /startup
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRun: [skytel] c:program filesrealtekaudiohdaSkytel.exe
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe
mRun: [Conime] c:windowssystem32conime.exe
mRun: [EKIJ5000StatusMonitor] c:windowssystem32spooldriversw32x863EKIJ5000MUI.exe
mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe"
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [vProt] "c:program filesavg secure searchvprot.exe"
mRun: [ROC_roc_dec12] "c:program filesavg secure searchROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "c:programdataad-aware browsing protectionadawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:program filesad-aware antivirusAdAwareLauncher" --windows-run
mRunOnce: [Malwarebytes Anti-Malware] c:program filesmalwarebytes' anti-malwarembamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.27.4
TCP: Interfaces{1E23A0FA-6DE3-4A67-8C4B-0462E1D36530} : DHCPNameServer = 192.168.27.4
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program filescommon filesavg secure searchviprotocolinstaller13.2.0ViProtocol.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL
AppInit_DLLs= protector.dll c:windowssystem32avgrsstx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:program filessuperantispywareSASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:usersnolanappdataroamingmozillafirefoxprofilesh9h8ycwz.default
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.search.selectedengine - search the web
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?ourmark=3&sid=100815&q=
FF - prefs.js: keyword.url - hxxp://search.etype.com/?smart=1&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll
FF - plugin: c:program filescommon filesavg secure searchsitesafetyinstaller13.2.0npsitesafety.dll
FF - plugin: c:program filesjavajre6binplugin2npjp2.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_149.dll
FF - plugin: c:windowssystem32npdeployJava1.dll
FF - plugin: c:windowssystem32npmproxy.dll
FF - ExtSQL: 2013-02-06 15:27; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - ExtSQL: 2013-02-07 04:12; jid1-yZwVFzbsyfMrqQ@jetpack; c:usersnolanappdataroamingmozillafirefoxprofilesh9h8ycwz.defaultextensionsjid1-yZwVFzbsyfMrqQ@jetpack
.
---- FIREFOX POLICIES ----
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 1c2a856b0000000000000026221b7b62
FF - user.js: extensions.BabylonToolbar_i.hardId - 1c2a856b0000000000000026221b7b62
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:54:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods.id - 1c2a856b0000000000000026221b7b62
FF - user.js: extensions.funmoods.instlDay - 15456
FF - user.js: extensions.funmoods.vrsn - 1.5.19.3
FF - user.js: extensions.funmoods.vrsni - 1.5.19.3
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.19.319:28:46
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.admin - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
emoods.admin, false);
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:windowssystem32driversgfibto.sys [2013-2-7 13560]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-9-22 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-9-22 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-9-22 108552]
R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [2013-2-7 26984]
R1 DPMemGridVista;Physical Memory I/O for GridVista;c:program filesgridvistaDPMemGridVista.sys [2009-7-2 10504]
R1 mwlPSDFilter;mwlPSDFilter;c:windowssystem32driversmwlPSDFilter.sys [2008-12-4 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:windowssystem32driversmwlPSDNserv.sys [2008-12-4 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:windowssystem32driversmwlPSDVDisk.sys [2008-12-4 59952]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2011-7-12 67664]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:windowssystem32driversL1C60x86.sys [2009-11-13 57344]
R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys [2009-7-2 23096]
.
=============== Created Last 30 ================
.
2013-02-09 23:07:59 388096 ----a-r- c:usersnolanappdataroamingmicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe
2013-02-09 23:07:56 -------- d-----w- c:program filesTrend Micro
2013-02-09 19:45:51 21104 ----a-w- c:windowssystem32driversmbam.sys
2013-02-09 19:45:51 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2013-02-08 00:07:57 6991832 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{27cebf73-0718-4d11-afb5-7dfc58e9f928}mpengine.dll
2013-02-07 10:29:54 -------- d-----w- c:programdataAd-Aware Antivirus
2013-02-07 10:29:41 -------- d-----w- c:usersnolanappdataroamingLavasoftStatistics
2013-02-07 10:14:45 -------- d-----w- c:program filesAd-Aware Antivirus
2013-02-07 10:13:21 -------- d-----w- c:usersnolanappdatalocalDownloaded Installations
2013-02-07 10:13:05 44424 ----a-w- c:windowssystem32sbbd.exe
2013-02-07 10:13:05 13560 ----a-w- c:windowssystem32driversgfibto.sys
2013-02-07 10:12:37 -------- d-----w- c:programdatablekko toolbars
2013-02-07 10:12:36 -------- d-----w- c:usersnolanappdatalocaladawarebp
2013-02-07 10:12:34 -------- d-----w- c:programdataAd-Aware Browsing Protection
2013-02-07 10:12:25 -------- d-----w- c:program filesadawaretb
2013-02-07 10:12:21 -------- d-----w- c:program filesToolbar Cleaner
2013-02-07 10:00:53 -------- d-----w- c:usersnolanappdataroamingAd-Aware Antivirus
2013-02-07 09:01:15 34304 ----a-w- c:windowssystem32atmlib.dll
2013-02-07 09:01:15 293376 ----a-w- c:windowssystem32atmfd.dll
2013-02-07 09:00:54 26984 ----a-w- c:windowssystem32driversavgtpx86.sys
2013-02-06 21:52:13 2048000 ----a-w- c:windowssystem32win32k.sys
2013-02-06 21:34:53 376320 ----a-w- c:windowssystem32dpnet.dll
2013-02-06 21:34:53 23040 ----a-w- c:windowssystem32dpnsvr.exe
2013-02-06 21:31:38 224640 ----a-w- c:windowssystem32driversvolsnap.sys
2013-02-06 21:29:00 204288 ----a-w- c:windowssystem32ncrypt.dll
2013-02-06 21:28:52 2048 ----a-w- c:windowssystem32tzres.dll
2013-02-06 21:27:58 1400832 ----a-w- c:windowssystem32msxml6.dll
2013-02-06 21:06:32 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-02-06 21:06:31 3550080 ----a-w- c:windowssystem32ntoskrnl.exe
2013-02-06 21:06:09 75776 ----a-w- c:windowssystem32synceng.dll
2013-02-06 21:06:01 985088 ----a-w- c:windowssystem32crypt32.dll
2013-02-06 21:06:01 133120 ----a-w- c:windowssystem32cryptsvc.dll
2013-02-06 21:06:00 98304 ----a-w- c:windowssystem32cryptnet.dll
2013-02-06 20:46:18 172544 ----a-w- c:windowssystem32wintrust.dll
.
==================== Find3M ====================
.
2013-02-08 10:00:38 74096 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-02-08 10:00:38 697712 ----a-w- c:windowssystem32FlashPlayerApp.exe
2013-01-17 07:28:58 232336 ------w- c:windowssystem32MpSigStub.exe
2013-01-15 22:56:10 477616 ----a-w- c:windowssystem32npdeployJava1.dll
2013-01-15 22:56:07 473520 ----a-w- c:windowssystem32deployJava1.dll
2012-11-14 02:09:22 1800704 ----a-w- c:windowssystem32jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:windowssystem32inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:windowssystem32wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:windowssystem32ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:windowssystem32vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:windowssystem32mshtml.tlb
.
============= FINISH: 17:18:01.65 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: DeviceHarddiskVolume2
Install Date: 8/15/2009 2:31:05 AM
System Uptime: 2/9/2013 1:30:50 PM (4 hours ago)
.
Motherboard: Acer | | Aspire 5517
Processor: AMD Athlon Processor TF-20 | Socket S1G1 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 48.938 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT*ISATAP0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT*ISATAP0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT*ISATAP0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT*ISATAP0003
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Acer Arcade Deluxe
Acer Assist
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
aiofw
aioprnt
aioscnnr
AMD USB Audio Driver Filter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
AVG Free 8.5
AVG Security Toolbar
Bonjour
C:Program FilesAcer GameZoneGameConsole
C4USelfUpdater
Cake Mania 2
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Carbonite Online Backup Setup
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Choice Guard
CleanUp!
Compatibility Pack for the 2007 Office system
Cooking Dash
Cradle of Rome
Dairy Dash
Dream Day Honeymoon
ffdshow [rev 2527] [2008-12-19]
Galapago
GridVista
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
James Cameron's AVATAR: THE GAME
Java 6 Update 39
Jewel Quest Solitaire
Junk Mail filter update
KODAK AiO Home Center
ksDIP
Launch Manager
Luxor 2
Mahjong Escape Ancient China
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MS Access 97 SP2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Ocean Express
OGA Notifier 2.0.0048.0
Orion
Parking Dash
PreReq
Puzzle Express
QuickTime
Rainbow Web
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
SimTheme Park
Spybot - Search & Destroy
Steam
SUPERAntiSpyware
Synaptics Pointing Device Driver
Tradewinds 2
Tri-Peaks Solitaire To Go
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vivitar Experience Image Manager
Wedding Dash
Wildlife Zoo
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Software Update
Zoo Tycoon 2 - Extinct Animals
Zuma Deluxe
.
==== End Of File ===========================

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:27:05 PM, on 2/9/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesAcerAcer ePower ManagementePowerTray.exe
C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe
C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe
C:Program FilesAVGAVG8avgtray.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAVG Secure Searchvprot.exe
C:ProgramDataAd-Aware Browsing Protectionadawarebp.exe
C:Windowsehomeehtray.exe
C:Program FilesSUPERAntiSpywareSUPERANTISPYWARE.EXE
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowsehomeehmsas.exe
C:PROGRA~1AD-AWA~1AdAware.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_5_502_149.exe
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_5_502_149.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe
C:UsersNolanDesktophjtHiJackThis.exe
C:Windowssystem32SearchFilterHost.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5517
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program FilesAVG Secure Search13.2.0.5AVG Secure Search_toolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program FilesAVG Secure Search13.2.0.5AVG Secure Search_toolbar.dll
O4 - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
O4 - HKLM..Run: [Acer ePower Management] C:Program FilesAcerAcer ePower ManagementePowerTray.exe
O4 - HKLM..Run: [EgisTecLiveUpdate] "C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe"
O4 - HKLM..Run: [mwlDaemon] C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
O4 - HKLM..Run: [Acer Assist Launcher] C:Program FilesAcerAcer Assistlauncher.exe
O4 - HKLM..Run: [startCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LManager] C:Program FilesLaunch ManagerLManager.exe
O4 - HKLM..Run: [CLMLServer] "C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [Acer Product Registration] "C:Program FilesAcerAcer RegistrationACE1.exe" /startup
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [skytel] C:Program FilesRealtekAudioHDASkytel.exe
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 - HKLM..Run: [Conime] %windir%system32conime.exe
O4 - HKLM..Run: [EKIJ5000StatusMonitor] C:Windowssystem32spoolDRIVERSW32X863EKIJ5000MUI.exe
O4 - HKLM..Run: [APSDaemon] "C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [vProt] "C:Program FilesAVG Secure Searchvprot.exe"
O4 - HKLM..Run: [ROC_roc_dec12] "C:Program FilesAVG Secure SearchROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [Ad-Aware Browsing Protection] "C:ProgramDataAd-Aware Browsing Protectionadawarebp.exe"
O4 - HKLM..Run: [Ad-Aware Antivirus] "C:Program FilesAd-Aware AntivirusAdAwareLauncher" --windows-run
O4 - HKLM..RunOnce: [Malwarebytes Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [steam] "C:Program FilesSteamSteam.exe" -silent
O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program FilesCommon FilesAVG Secure SearchViProtocolInstaller13.2.0ViProtocol.dll
O20 - AppInit_DLLs: protector.dll c:windowssystem32avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE.EXE
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:Program FilesAd-Aware AntivirusAdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:Windowssystem32atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:Program FilesAVGAVG8ToolbarToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:Program FilesKodakAiOCenterekdiscovery.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:Program FilesEgisTecMyWinLocker 3x86MWLService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:Program FilesAd-Aware AntivirusSBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program FilesSpybot - Search & DestroySDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program FilesCommon FilesSteamSteamService.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater13.2.0ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

--
End of file - 10311 bytes

Link to comment
Share on other sites

Download AdWareCleaner http://www.bleepingcomputer.com/download/adwcleaner/ to your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:AdwCleaner[sn].txt as well - n is the order number.

Link to comment
Share on other sites

# AdwCleaner v2.112 - Logfile created 02/11/2013 at 13:47:42# Updated 10/02/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Nolan - NOLAN-PC# Boot Mode : Normal# Running from : C:UsersNolanDesktopAdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Deleted on reboot : C:Program FilesCommon FilesAVG Secure SearchFile Deleted : C:Program FilesMozilla Firefoxsearchpluginsavg-secure-search.xmlFile Deleted : C:Program FilesMozilla FireFoxsearchpluginsSearch_Results.xmlFile Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultbprotector_prefs.jsFile Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultsearchpluginsAskcom.xmlFile Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultsearchpluginsfunmoods.xmlFile Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultsearchpluginsSearch_Results.xmlFile Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultsearchpluginsSearchTheWeb.xmlFolder Deleted : C:Program FilesadawaretbFolder Deleted : C:Program FilesAVG Secure SearchFolder Deleted : C:ProgramDataAskFolder Deleted : C:ProgramDataAVG Secure SearchFolder Deleted : C:ProgramDataAVG Security ToolbarFolder Deleted : C:ProgramDatablekko toolbarsFolder Deleted : C:ProgramDataboost_interprocessFolder Deleted : C:ProgramDataTarma InstallerFolder Deleted : C:ProgramDataWeCareReminderFolder Deleted : C:UsersNolanAppDataLocalAVG Secure SearchFolder Deleted : C:UsersNolanAppDataLocalIlivid PlayerFolder Deleted : C:UsersNolanAppDataLocalLowadawaretbFolder Deleted : C:UsersNolanAppDataLocalLowAVG Secure SearchFolder Deleted : C:UsersNolanAppDataLocalLowAVG Security ToolbarFolder Deleted : C:UsersNolanAppDataLocalLowBabylonToolbarFolder Deleted : C:UsersNolanAppDataRoamingeTypeFolder Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultadawaretbFolder Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultextensionsffxtlbr@funmoods.comFolder Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultextensionsspecialsavings@superfish.comFolder Deleted : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultFCTB***** [Registry] *****Key Deleted : HKCUSoftwareAppDataLowSoftwareAVG Security ToolbarKey Deleted : HKCUSoftwareAppDataLowSoftwareCrossriderKey Deleted : HKCUSoftwareAppDataLowSoftwarePriceGongKey Deleted : HKCUSoftwareAppDataLowSoftwareRewardsArcadeKey Deleted : HKCUSoftwareAVG Secure SearchKey Deleted : HKCUSoftwareAVG Security ToolbarKey Deleted : HKCUSoftwareDataMngrKey Deleted : HKCUSoftwareDSNR LabsKey Deleted : HKCUSoftwareInstallCoreKey Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheAVG Secure SearchKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCachePriceGongKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheRewardsArcadeKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{9D717F81-9148-4F12-8568-69135F087DB0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D0230100-3044-43B1-A44E-70DC12FD418C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{9D717F81-9148-4F12-8568-69135F087DB0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D0230100-3044-43B1-A44E-70DC12FD418C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCUSoftwarewecarereminderKey Deleted : HKLMSoftwareAVG Secure SearchKey Deleted : HKLMSoftwareAVG Security ToolbarKey Deleted : HKLMSOFTWAREClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLMSOFTWAREClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLMSOFTWAREClassesAppID{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLMSOFTWAREClassesAppIDScriptHelper.EXEKey Deleted : HKLMSOFTWAREClassesAppIDViProtocol.DLLKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPIKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPI.1Key Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObjKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObj.1Key Deleted : HKLMSOFTWAREClassesCLSID{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}Key Deleted : HKLMSOFTWAREClassesCLSID{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREClassesCLSID{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREClassesCLSID{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKLMSOFTWAREClassesCLSID{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLMSOFTWAREClassesCLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLMSOFTWAREClassesCLSID{D0230100-3044-43B1-A44E-70DC12FD418C}Key Deleted : HKLMSOFTWAREClassesCLSID{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLMSOFTWAREClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREClassesCLSID{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLMSOFTWAREClassesProd.capKey Deleted : HKLMSOFTWAREClassesPROTOCOLSHandlerviprotocolKey Deleted : HKLMSOFTWAREClassesRewardsArcade.FBApiKey Deleted : HKLMSOFTWAREClassesRewardsArcade.FBApi.1Key Deleted : HKLMSOFTWAREClassesSKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApiKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApi.1Key Deleted : HKLMSOFTWAREClassesTypeLib{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLMSOFTWAREClassesTypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLEKey Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLE.1Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components063A857434EDED11A893800002C0A966Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallAVG Secure SearchKey Deleted : HKLMSOFTWAREMozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLMSoftwareTarma InstallerValue Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Deleted : HKCUSoftwareMozillaFirefoxExtensions [specialsavings@superfish.com]Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [10]Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [Avg@toolbar]***** [internet Browsers] *****- Internet Explorer v9.0.8112.16457[OK] Registry is clean.- Mozilla Firefox v18.0.2 (en-US)File : C:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultprefs.jsC:UsersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultuser.js ... Deleted !Deleted : user_pref("browser.search.defaultengine", "ask.com");Deleted : user_pref("browser.search.defaultenginename", "search the web");Deleted : user_pref("browser.search.order.1", "search the web");Deleted : user_pref("browser.search.selectedengine", "search the web");Deleted : user_pref("extensions.BabylonToolbar.babExt", "");Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:54:20");Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0");Deleted : user_pref("extensions.BabylonToolbar.newTab", false);Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 98792191);Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:54:20");Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "1c2a856b0000000000000026221b7b62");Deleted : user_pref("extensions.BabylonToolbar_i.id", "1c2a856b0000000000000026221b7b62");Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15439");Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:54:20");Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");Deleted : user_pref("extensions.babylontoolbar.admin", false);Deleted : user_pref("extensions.babylontoolbar.aflt", "babsst");Deleted : user_pref("extensions.babylontoolbar.babext", "");Deleted : user_pref("extensions.babylontoolbar.bbdpng", 17);Deleted : user_pref("extensions.babylontoolbar.dfltsrch", false);Deleted : user_pref("extensions.babylontoolbar.hmpg", false);Deleted : user_pref("extensions.babylontoolbar.id", "1c2a856b0000000000000026221b7b62");Deleted : user_pref("extensions.babylontoolbar.instlday", "15439");Deleted : user_pref("extensions.babylontoolbar.instlref", "sst");Deleted : user_pref("extensions.babylontoolbar.lastdp", 17);Deleted : user_pref("extensions.babylontoolbar.lastvrsnts", "1.5.3.1722:54:20");Deleted : user_pref("extensions.babylontoolbar.mntrffxvrsn", "13.0");Deleted : user_pref("extensions.babylontoolbar.newtab", true);Deleted : user_pref("extensions.babylontoolbar.newtaburl", "hxxp://search.babylon.com/?babsrc=nt_ffup");Deleted : user_pref("extensions.babylontoolbar.noffxtlbr", false);Deleted : user_pref("extensions.babylontoolbar.prdct", "babylontoolbar");Deleted : user_pref("extensions.babylontoolbar.propectorlck", 81141937);Deleted : user_pref("extensions.babylontoolbar.prtnrid", "babylon");Deleted : user_pref("extensions.babylontoolbar.ptch_0717", true);Deleted : user_pref("extensions.babylontoolbar.smplgrp", "azb");Deleted : user_pref("extensions.babylontoolbar.srcext", "ss");Deleted : user_pref("extensions.babylontoolbar.tlbrid", "base");Deleted : user_pref("extensions.babylontoolbar.vrsn", "1.5.3.17");Deleted : user_pref("extensions.babylontoolbar.vrsni", "1.5.3.17");Deleted : user_pref("extensions.babylontoolbar.vrsnts", "1.5.3.1722:54:20");Deleted : user_pref("extensions.babylontoolbar_i.aflt", "babsst");Deleted : user_pref("extensions.babylontoolbar_i.babext", "");Deleted : user_pref("extensions.babylontoolbar_i.hardid", "1c2a856b0000000000000026221b7b62");Deleted : user_pref("extensions.babylontoolbar_i.id", "1c2a856b0000000000000026221b7b62");Deleted : user_pref("extensions.babylontoolbar_i.instlday", "15439");Deleted : user_pref("extensions.babylontoolbar_i.instlref", "sst");Deleted : user_pref("extensions.babylontoolbar_i.prdct", "babylontoolbar");Deleted : user_pref("extensions.babylontoolbar_i.prtnrid", "babylon");Deleted : user_pref("extensions.babylontoolbar_i.smplgrp", "none");Deleted : user_pref("extensions.babylontoolbar_i.srcext", "ss");Deleted : user_pref("extensions.babylontoolbar_i.tlbrid", "base");Deleted : user_pref("extensions.babylontoolbar_i.vrsn", "1.5.3.17");Deleted : user_pref("extensions.babylontoolbar_i.vrsni", "1.5.3.17");Deleted : user_pref("extensions.babylontoolbar_i.vrsnts", "1.5.3.1722:54:20");Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "nn_gpl_pid = 21;nfunction parse_url([...]Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_aoi.expiration", "fri feb 01 2030 00:00:00 [...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_aoi.value", "1335400092");Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_crr.expiration", "fri feb 01 2030 00:00:00 [...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_crr.value", "1342581889");Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_hotfix20111102645.expiration", "fri feb 01 [...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_hotfix20111102645.value", "%221%22");Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_installer_params.expiration", "fri feb 01 2[...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_installer_params.value", "%7b%22source_id%2[...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_parent_zoneid.expiration", "fri feb 01 2030[...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_parent_zoneid.value", "%2214019%22");Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_product_id.expiration", "fri feb 01 2030 00[...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_product_id.value", "%2221%22");Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_zoneid.expiration", "fri feb 01 2030 00:00:[...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._gpl_zoneid.value", "%2232352%22");Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.installationtime.expiration", "fri feb 01 2030 0[...]Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.installationtime.value", "1335400092");Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.installerparams.expiration", "fri feb 01 2030 00[...]Deleted : user_pref("extensions.crossriderapp2258.2258.description", "i want this!");Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);Deleted : user_pref("extensions.crossriderapp2258.2258.installationthankyoupage", true);Deleted : user_pref("extensions.crossriderapp2258.2258.installationtime", 1335400092);Deleted : user_pref("extensions.crossriderapp2258.2258.installationusersettings.searchuserconifrmation", false[...]Deleted : user_pref("extensions.crossriderapp2258.2258.installationusersettings.sethomepage", false);Deleted : user_pref("extensions.crossriderapp2258.2258.installationusersettings.setnewtab", false);Deleted : user_pref("extensions.crossriderapp2258.2258.installationusersettings.setsearch", false);Deleted : user_pref("extensions.crossriderapp2258.2258.js", "nvar _gpl_pid=21,_gpl_basecdn="contentcache-a.a[...]Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");Deleted : user_pref("extensions.crossriderapp2258.2258.name", "i want this");Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function©{c.selectedtext=f[...]Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "crossriderapputils");Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", ""undefined"===typeof appapi[...]Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "crossriderutils");Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,B){[...]Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "facebookffie");Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...]Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "ffappapiwrapper");Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;n(function(l,n)[...]Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jquery");Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4);Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 apps");Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "");Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 61);Deleted : user_pref("extensions.crossriderapp2258.adsoldvalue", 14);Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");Deleted : user_pref("extensions.crossriderapp2258.bic", "136ec0d86d7f0b33ff1bd3cdd63eeefc");Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1335400171);Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22667296);Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22667296);Deleted : user_pref("extensions.crossriderapp2258.misc.lastbgworkertimer", "1342015196173");Deleted : user_pref("extensions.crossriderapp2258.misc.lastdomworkertimer", "1342015196128");Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");Deleted : user_pref("extensions.crossriderapp2258.updating", true);Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40funmoods.com:1.5.0,%7B758d6aeb-75e4-9f24-fd49-51b64[...]Deleted : user_pref("extensions.enabledaddons", "plugin@yontoo.com:1.20.00,ffxtlbr@babylon.com:1.1.9,ffxtlbr@f[...]Deleted : user_pref("extensions.funmoods.admin", false);Deleted : user_pref("extensions.funmoods.aflt", "ironto");Deleted : user_pref("extensions.funmoods.autoRvrt", "false");Deleted : user_pref("extensions.funmoods.autorvrt", "false");Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");Deleted : user_pref("extensions.funmoods.cntry", "US");Deleted : user_pref("extensions.funmoods.cv", "cv5");Deleted : user_pref("extensions.funmoods.dfltLng", "");Deleted : user_pref("extensions.funmoods.dfltSrch", true);Deleted : user_pref("extensions.funmoods.dfltlng", "en");Deleted : user_pref("extensions.funmoods.dfltsrch", true);Deleted : user_pref("extensions.funmoods.excTlbr", false);Deleted : user_pref("extensions.funmoods.exctlbr", false);Deleted : user_pref("extensions.funmoods.hdrMd5", "26786A41D9F958789C3A83FC22CE0754");Deleted : user_pref("extensions.funmoods.hdrmd5", "26786a41d9f958789c3a83fc22ce0754");Deleted : user_pref("extensions.funmoods.hmpg", true);Deleted : user_pref("extensions.funmoods.hrdid", "1c2a856b0000000000000026221b7b62");Deleted : user_pref("extensions.funmoods.id", "1c2a856b0000000000000026221b7b62");Deleted : user_pref("extensions.funmoods.instlDay", "15456");Deleted : user_pref("extensions.funmoods.instlRef", "");Deleted : user_pref("extensions.funmoods.instlday", "15456");Deleted : user_pref("extensions.funmoods.instlref", "");Deleted : user_pref("extensions.funmoods.keywordurl", "");Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.19.319:28:46");Deleted : user_pref("extensions.funmoods.lastvrsnts", "1.5.19.319:28:46");Deleted : user_pref("extensions.funmoods.newTab", true);Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironto");Deleted : user_pref("extensions.funmoods.newtab", true);Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=ironto");Deleted : user_pref("extensions.funmoods.prdct", "funmoods");Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");Deleted : user_pref("extensions.funmoods.sg", "none");Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "f825fd4dc391ce7c");Deleted : user_pref("extensions.funmoods.smplGrp", "none");Deleted : user_pref("extensions.funmoods.smplgrp", "none");Deleted : user_pref("extensions.funmoods.srch", "");Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");Deleted : user_pref("extensions.funmoods.tlbrId", "base");Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q="[...]Deleted : user_pref("extensions.funmoods.tlbrid", "base");Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q="[...]Deleted : user_pref("extensions.funmoods.vrsn", "1.5.19.3");Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.19.319:28:46");Deleted : user_pref("extensions.funmoods.vrsni", "1.5.19.3");Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.19.319:28:46");Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);Deleted : user_pref("extensions.funmoods_i.dfltsrch", true);Deleted : user_pref("extensions.funmoods_i.dnsErr", true);Deleted : user_pref("extensions.funmoods_i.dnserr", true);Deleted : user_pref("extensions.funmoods_i.hmpg", true);Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironto");Deleted : user_pref("extensions.funmoods_i.hmpgurl", "hxxp://start.funmoods.com/?f=1&a=ironto");Deleted : user_pref("extensions.funmoods_i.newTab", true);Deleted : user_pref("extensions.funmoods_i.newtab", true);Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");Deleted : user_pref("extensions.funmoods_i.smplgrp", "none");Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.19.319:28:46");Deleted : user_pref("extensions.funmoods_i.vrsnts", "1.5.19.319:28:46");Deleted : user_pref("extensions.installcache", "[{"name":"winreg-app-global","addons":{"{20a82645-c095-[...]Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ClearCacheDate", 11);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.FirstLaunchShown", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.LoadLayoutDate.100815", 11);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.StateReportDate", "1360438823398");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.autosearcheventdata", "auto%20search");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeInstallSaved", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.homepage", "hxxp%3A//start.funmoo[...]Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.search", "Yahoo");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstallsaved", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.clearcachedate", 4);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.customnewtab", false);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.displayeula", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.dnscatch", false);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.dnscatcheventdata", "dns%20catch");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ebomode", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.firstlaunchshown", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.helpusimprove", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.hideothers", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.installdomain", "freecause.com");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.installtype", "standard");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.loadlayoutdate.100815", 25);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.newtabsearcheventdata", "tab%20search");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.partnerauth", false);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.processaddrbar", false);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.restoresearch", false);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.runcmd.", "bb_acct_status_1360611573");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.searchhistory", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.session", "a16d97691eca6f919745370742edb9ed5560[...]Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.showFirstLaunchOptions", false);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.showfirstlaunchoptions", false);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.showrecommendedoptions", true);Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.statereportdate", "1360030688705");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tb_lang", "en");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tool_id", "100815");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.toprightsearcheventdata", "top%20right%20search[...]Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_id", "109541664");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_key", "400ef01b60d0c8ead94f5f97565508448df[...]Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_layouts", "100815");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_lnames", "fcreward.100815.b");Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.yahoosearch", false);Deleted : user_pref("keyword.URL", "hxxp://serp.freecause.com/?ourmark=3&sid=100815&q=");*************************AdwCleaner[s1].txt - [32054 octets] - [11/02/2013 13:47:42]########## EOF - C:AdwCleaner[s1].txt - [32115 octets] ##########

Link to comment
Share on other sites

Phew!! Lots of junk.

 

Let's flush the DNS cache and restore MS Hosts file.

 

Copy and paste these lines in Note pad.

 

@Echo on

pushdwindowssystem32driversetc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

 

Save as flush.bat to your desktop.

Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

 

Next, download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

 

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

Tell me if you're still being redirected in a new tab.

Link to comment
Share on other sites

I'd like you to scan your machine with ESET OnlineScan

    [*]Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

    [*]Click the Posted Image button.

    [*]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

      [*]Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.

      [*]Double click on the Posted Image icon on your desktop.

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Link to comment
Share on other sites

Please download http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/]Farbar Service Scanner[/url] and run it on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services

    • Windows Firewall

    • System Restore

    • Security Center/Action Center

    • Windows Update
    • Windows Defender

  • Press "Scan".

  • It will create a log (FSS.txt) in the same directory the tool is run.

  • Please copy and paste the log to your reply.
Link to comment
Share on other sites

Farbar Service Scanner Version: 10-02-2013Ran by Nolan (administrator) on 13-02-2013 at 14:40:09Running from "C:UsersNolanDesktop"Windows Vista Home Premium Service Pack 2 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Attempt to access Google IP returned error. Google IP is offlineGoogle.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Security Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK.Other Services:==============File Check:========C:Windowssystem32nsisvc.dll => MD5 is legitC:Windowssystem32Driversnsiproxy.sys => MD5 is legitC:Windowssystem32dhcpcsvc.dll => MD5 is legitC:Windowssystem32Driversafd.sys => MD5 is legitC:Windowssystem32Driverstdx.sys => MD5 is legitC:Windowssystem32Driverstcpip.sys => MD5 is legitC:Windowssystem32dnsrslvr.dll => MD5 is legitC:Windowssystem32mpssvc.dll => MD5 is legitC:Windowssystem32bfe.dll => MD5 is legitC:Windowssystem32Driversmpsdrv.sys => MD5 is legitC:Windowssystem32SDRSVC.dll => MD5 is legitC:Windowssystem32vssvc.exe => MD5 is legitC:Windowssystem32wscsvc.dll => MD5 is legitC:Windowssystem32wbemWMIsvc.dll => MD5 is legitC:Windowssystem32wuaueng.dll => MD5 is legitC:Windowssystem32qmgr.dll => MD5 is legitC:Windowssystem32es.dll => MD5 is legitC:Windowssystem32cryptsvc.dll => MD5 is legitC:Program FilesWindows DefenderMpSvc.dll => MD5 is legitC:Windowssystem32svchost.exe => MD5 is legitC:Windowssystem32rpcss.dll => MD5 is legit**** End of log ****

Link to comment
Share on other sites

Download Combofix from any of the links below, and save it to your desktop.<--Important

http://download.bleepingcomputer.com/sUBs/ComboFix.exe] Link 1[/url]
http://www.forospyware.com/sUBs/ComboFix.exe] Link 2[/url]
http://subs.geekstogo.com/ComboFix.exe] Link 3[/url]

 

Click on this link http://www.bleepingcomputer.com/forums/topic114351.html]Here[/url] to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

  • Double click combofix.exe and follow the prompts.

  • When finished, it will produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply

After rebooting ensure your Security applications have been re-enabled.


In your next reply post:
ComboFix.txt

***A guide and tutorial on "How to use Combofix" can be found here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe

Link to comment
Share on other sites

When combofix was running an error popped up that "pev.exe had stopped working and to click to end program or restart. Combofix continued to run and I left the error alone as to not mouse click. Combofix did finish and the log is posted below. I did restart after it finished as some windows updates were needing restarting as well ...

 

ComboFix 13-02-13.02 - Nolan 02/14/2013 4:05.5.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2811.1854 [GMT -6:00]
Running from: c:usersNolanDesktopComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:windowssystem32driversetchosts.ics
c:windowssystem32server.log
c:windowswininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-14 to 2013-02-14 )))))))))))))))))))))))))))))))
.
.
2013-02-13 20:48 . 2013-01-18 18:17 6991832 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{2BAC9142-A824-48AD-88C4-A7F4183E5D67}mpengine.dll
2013-02-09 23:07 . 2013-02-09 23:07 388096 ----a-r- c:usersNolanAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2013-02-09 23:07 . 2013-02-09 23:07 -------- d-----w- c:program filesTrend Micro
2013-02-07 10:29 . 2013-02-07 10:29 -------- d-----w- c:usersNolanAppDataRoamingLavasoftStatistics
2013-02-07 10:13 . 2013-02-07 10:13 -------- d-----w- c:usersNolanAppDataLocalDownloaded Installations
2013-02-07 10:13 . 2013-02-07 10:13 44424 ----a-w- c:windowssystem32sbbd.exe
2013-02-07 10:13 . 2013-02-07 10:13 13560 ----a-w- c:windowssystem32driversgfibto.sys
2013-02-07 10:12 . 2013-02-07 10:12 -------- d-----w- c:usersNolanAppDataLocaladawarebp
2013-02-07 10:12 . 2013-02-07 10:12 -------- d-----w- c:programdataAd-Aware Browsing Protection
2013-02-07 10:12 . 2013-02-07 10:12 -------- d-----w- c:program filesToolbar Cleaner
2013-02-07 09:01 . 2012-12-16 13:12 34304 ----a-w- c:windowssystem32atmlib.dll
2013-02-07 09:01 . 2012-12-16 10:50 293376 ----a-w- c:windowssystem32atmfd.dll
2013-02-07 09:00 . 2013-02-07 09:00 26984 ----a-w- c:windowssystem32driversavgtpx86.sys
2013-02-06 21:52 . 2012-11-23 01:35 2048000 ----a-w- c:windowssystem32win32k.sys
2013-02-06 21:34 . 2012-11-02 10:18 376320 ----a-w- c:windowssystem32dpnet.dll
2013-02-06 21:34 . 2012-11-02 08:26 23040 ----a-w- c:windowssystem32dpnsvr.exe
2013-02-06 21:31 . 2012-08-21 11:47 224640 ----a-w- c:windowssystem32driversvolsnap.sys
2013-02-06 21:29 . 2012-11-20 04:22 204288 ----a-w- c:windowssystem32ncrypt.dll
2013-02-06 21:28 . 2012-11-13 01:29 2048 ----a-w- c:windowssystem32tzres.dll
2013-02-06 21:27 . 2012-11-02 10:19 1400832 ----a-w- c:windowssystem32msxml6.dll
2013-02-06 21:06 . 2012-08-29 11:27 3602816 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-02-06 21:06 . 2012-08-29 11:27 3550080 ----a-w- c:windowssystem32ntoskrnl.exe
2013-02-06 21:06 . 2012-09-25 16:19 75776 ----a-w- c:windowssystem32synceng.dll
2013-02-06 21:06 . 2012-06-02 00:02 985088 ----a-w- c:windowssystem32crypt32.dll
2013-02-06 21:06 . 2012-06-02 00:02 133120 ----a-w- c:windowssystem32cryptsvc.dll
2013-02-06 21:06 . 2012-06-02 00:02 98304 ----a-w- c:windowssystem32cryptnet.dll
2013-02-06 20:46 . 2012-08-24 15:53 172544 ----a-w- c:windowssystem32wintrust.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 10:00 . 2012-03-31 00:01 697712 ----a-w- c:windowssystem32FlashPlayerApp.exe
2013-02-08 10:00 . 2012-03-26 07:44 74096 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-01-17 07:28 . 2009-10-02 20:25 232336 ------w- c:windowssystem32MpSigStub.exe
2013-01-15 22:56 . 2012-05-06 02:37 477616 ----a-w- c:windowssystem32npdeployJava1.dll
2013-01-15 22:56 . 2012-04-04 22:02 473520 ----a-w- c:windowssystem32deployJava1.dll
2013-02-09 19:39 . 2013-02-09 19:39 262552 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersegisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOTCLSID{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:program filesEgisTecMyWinLocker 3x86PSDProtect.dll
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952]
"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2013-02-06 4763008]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"RtHDVCpl"="c:program filesRealtekAudioHDARtHDVCpl.exe" [2009-04-21 7420448]
"Acer ePower Management"="c:program filesAcerAcer ePower ManagementePowerTray.exe" [2009-06-24 703008]
"EgisTecLiveUpdate"="c:program filesEgisTec Egis Software UpdateEgisUpdate.exe" [2009-05-14 199464]
"mwlDaemon"="c:program filesEgisTecMyWinLocker 3x86mwlDaemon.exe" [2009-05-15 345384]
"Acer Assist Launcher"="c:program filesAcerAcer Assistlauncher.exe" [2007-11-19 1261568]
"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2009-05-06 61440]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-01-09 1418536]
"LManager"="c:program filesLaunch ManagerLManager.exe" [2009-02-12 862728]
"CLMLServer"="c:program filesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe" [2009-05-05 206120]
"Acer Product Registration"="c:program filesAcerAcer RegistrationACE1.exe" [2007-11-26 3387392]
"AVG8_TRAY"="c:progra~1AVGAVG8avgtray.exe" [2011-10-17 2042208]
"Skytel"="c:program filesRealtekAudioHDASkytel.exe" [2009-04-21 1833504]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-04-20 58656]
"Conime"="c:windowssystem32conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor"="c:windowssystem32spoolDRIVERSW32X863EKIJ5000MUI.exe" [2010-09-02 1638400]
"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2011-10-09 421736]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]
"Ad-Aware Browsing Protection"="c:programdataAd-Aware Browsing Protectionadawarebp.exe" [2012-12-11 542104]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.DLL
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:windowsSystem32avgrsstx.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-3842200222-3180408110-1540154317-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-14 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-03-31 10:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5517
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.27.4
FF - ProfilePath - c:usersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.default
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.url - hxxp://search.etype.com/?smart=1&query=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-06 15:27; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:program filesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - ExtSQL: 2013-02-07 04:12; jid1-yZwVFzbsyfMrqQ@jetpack; c:usersNolanAppDataRoamingMozillaFirefoxProfilesh9h8ycwz.defaultextensionsjid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-vProt - c:program filesAVG Secure Searchvprot.exe
HKLM-Run-ROC_roc_dec12 - c:program filesAVG Secure SearchROC_roc_dec12.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-14 04:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-02-14 04:24:38
ComboFix-quarantined-files.txt 2013-02-14 10:24
ComboFix2.txt 2012-03-29 09:49
.
Pre-Run: 70,232,580,096 bytes free
Post-Run: 69,892,907,008 bytes free
.
- - End Of File - - C225E28012CD4EC8DD51934E28030185

Link to comment
Share on other sites

Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

************

Download CKScanner from here http://downloads.malwareremoval.com/CKScanner.exe

Save it to your desktop. <=== IMPORTANT

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

 

Note ---> these may take a bit to produce the logs, so be patient and don't think the screen is frozen or the app has stopped working.

Link to comment
Share on other sites

everything ran good - results below

 

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SUPERAntiSpyware
Java 6 Update 39
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (18.0.2)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

 

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.TCNAOV
----- EOF -----

Link to comment
Share on other sites

Java™ 6 Update 39
Java version out of Date!

 

Update Java:

  • Download the latest version of Java Runtime Environment (JRE) 7u13.
    http://www.oracle.com/technetwork/java/javase/downloads/index.html
  • Scroll over to the right (JRE)

  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u13-windows-i586-p.exe to install the newest version.

 

If Ad-aware isn't being used, uninstall it. Let me know how the computer is running now.


Link to comment
Share on other sites

Jacee - I really appreciate the help in this. I uninstalled the old versions of java and installed the updated version as you said. I thought I had uninstalled adaware before but found the uninstaller in add/remove programs and have deleted it. I have updated avg to the 2013 version as well.

 

It is still performing quite slow. Much better than it was when I got it. Just looks like something is constantly accessing the hard drive. I don't know how normal the slow activity is for his computer but the specs aren't that bad and wouldn't expect it to be this slow.

 

cpu - AMD TF-20 1.60 GHz / 3GB ram

 

I know it isn't a crazy fast laptop but opening and closing anything just seems to take too long. When I was going through the add/remove program list, it took forever because it kept "loading" the list as I was scrolling down. This usually doesn't happen once it populates the list in my previous experiences with it. I have opened task manager and don't see anything "crazy" that might be causing this.

Link to comment
Share on other sites

Disable "Bonjour" in services.

Post a fresh HJT log.

 

We may need to run some more tools if Bonjour isn't the problem.

 

 

Pros Big screen. clear picture, and I had no problems with the keyboard or touchpad.

Cons The processor is SO SLOW and I'm a Graphic Design major so I don't have time to wait all day for things to load. Launching Firefox or even Microsoft Word takes forever, and it freezes when you try to run multiple applications. I have homework to do and a

Summary The only reason why I've held onto this is because my parents bought this for me for my 18th birthday for college.... now I have a reason to get rid of it.

http://www.cnet.com/laptops/acer-aspire-as5532-5535/4852-3121_7-33848297.html

Link to comment
Share on other sites

Jacee -

 

I disabled bonjour and it has made a drastic improvement in responsivness. Firefox loads much quicker and the programs list in add/remove populates much faster, it still lags when I scroll down the list some but really catches up much quicker than before and once I get to the bottom of the list I can scroll up and down without a problem.

 

- I have nothing good to say about any Acer product. My sister-in-law purchased this unit for my nephew's birthday when he turned 9 I believe. So, its a few years old. They bought it last minute and then asked what I thought of it. I am not a big fan of Vista - was anyone? and I told them an Asus is a much better buy ... even a Dell is. Anyways this is what he has and really loaded it up with junk. I appreciate the help in removing the bad stuff and getting it to run somewhat "better" ( best out of a bad situation I would have to say). His main concern is playing minecraft and typing homework. I am sure facebook and emails. Hopefully he can stop downloading everything he sees ....

 

Once again - I Thank You ! Your help was very much appreciated !

 

Ben

Link to comment
Share on other sites

I have Vista Business on a 2006 Compaq that was originally an XP pro. It runs great, so I can't say I don't like Vista. :mrgreen:

 

Post another HJT scan. There may be more programs running in the background that can be started manually, when needed.

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:08 PM, on 2/16/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesAcerAcer ePower ManagementePowerTray.exe
C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe
C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesAVGAVG2013avgui.exe
C:Windowsehomeehtray.exe
C:Program FilesSUPERAntiSpywareSUPERANTISPYWARE.EXE
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Windowsehomeehmsas.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Windowssystem32taskeng.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe
C:UsersNolanDesktophjtHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5517
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll
O4 - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
O4 - HKLM..Run: [Acer ePower Management] C:Program FilesAcerAcer ePower ManagementePowerTray.exe
O4 - HKLM..Run: [EgisTecLiveUpdate] "C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe"
O4 - HKLM..Run: [mwlDaemon] C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
O4 - HKLM..Run: [Acer Assist Launcher] C:Program FilesAcerAcer Assistlauncher.exe
O4 - HKLM..Run: [startCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LManager] C:Program FilesLaunch ManagerLManager.exe
O4 - HKLM..Run: [CLMLServer] "C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [Acer Product Registration] "C:Program FilesAcerAcer RegistrationACE1.exe" /startup
O4 - HKLM..Run: [skytel] C:Program FilesRealtekAudioHDASkytel.exe
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 - HKLM..Run: [Conime] %windir%system32conime.exe
O4 - HKLM..Run: [EKIJ5000StatusMonitor] C:Windowssystem32spoolDRIVERSW32X863EKIJ5000MUI.exe
O4 - HKLM..Run: [APSDaemon] "C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [AVG_UI] "C:Program FilesAVGAVG2013avgui.exe" /TRAYONLY
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:Windowssystem32atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG2013avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG2013avgwdsvc.exe
O23 - Service: CLHNService - Unknown owner - C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:Program FilesKodakAiOCenterekdiscovery.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:Program FilesEgisTecMyWinLocker 3x86MWLService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater13.2.0ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

--
End of file - 7976 bytes

Link to comment
Share on other sites

Rescan with HJT, check these items:

R3 - URLSearchHook: (no name) - - (no file)


O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll


O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"

Close all windows except HJT, then click "fix checked". Reboot

 

These processes can all be removed from automatic startup, by typing msconfig in the start search box. Click on the startup tab and uncheck them, click apply and ok. Reboot

 

O4 - HKLM..Run: [Acer ePower Management] C:Program FilesAcerAcer ePower ManagementePowerTray.exe
*** see this first: http://www.bleepingcomputer.com/startups/ePowerTray.exe-27066.html
O4 - HKLM..Run: [EgisTecLiveUpdate] "C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe"
O4 - HKLM..Run: [mwlDaemon] C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
*** See this first: http://processes.glarysoft.com/mwlDaemon.exe/6117/
O4 - HKLM..Run: [Acer Assist Launcher] C:Program FilesAcerAcer Assistlauncher.exe
*** See this first: http://www.bleepingcomputer.com/startups/launcher.exe-19475.html
O4 - HKLM..Run: [startCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
*** See this first: http://www.tweakguides.com/ATICAT_4.html
O4 - HKLM..Run: [LManager] C:Program FilesLaunch ManagerLManager.exe
O4 - HKLM..Run: [CLMLServer] "C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [Acer Product Registration] "C:Program FilesAcerAcer RegistrationACE1.exe" /startup
O4 - HKLM..Run: [skytel] C:Program FilesRealtekAudioHDASkytel.exe
*** See this first: http://www.bleepingcomputer.com/startups/SkyTel.exe-17102.html
O4 - HKLM..Run: [APSDaemon] "C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe"
*** See this first: http://www.andyfrench.info/2012/01/apsdaemonexe-apples-machine-killer.html
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
*** See this first: http://www.bleepingcomputer.com/startups/ehtray.exe-1525.html[/b]

These services can all be set to manual (in services.msc) and used as needed:

 

O23 - Service: CLHNService - Unknown owner - C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe
See this: http://processes.glarysoft.com/CLHNService.exe/5229/
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
*** See this: http://searchtasks.answersthatwork.com/tasklist.php?File=iPodService
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:Program FilesAcerAcer ePower ManagementePowerSvc.exe

O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater13.2.0ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
*** See this: http://www.zdnet.com/yahoo-becomes-avg-secure-search-provider-7000008810/
"Linkscanner" has always been known to slow down web pages, but it is a safty precaution, if 'heeded'. :P

Reboot


Link to comment
Share on other sites

Jacee -

 

It's definitely faster loading up programs and the overall response of things. I think now it's mostly hardware being junk and outdated. It does what it needs to do and until my brother wants to get him a new one ... it is what it is...

 

again - Thanks so much for your help!

 

Ben

Link to comment
Share on other sites

You're very welcome. :)

 

You need to uninstall Combofix now ... The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

Link to comment
Share on other sites

 Share

×
×
  • Create New...