Google redirect on firefox

View previous topic View next topic Go down

Google redirect on firefox

Post by quickdrawkiddo on Fri 26 Aug 2011, 6:34 pm

I am having a hard time getting rid of the redirect virus with firefox, it doesn't do it for every web site I go to but it is happening quite often..usually goes to find-fast answers or something. I tried malwarebytes, and rkill, and tdsskiller, but nothing has worked so far. My logs are posted below and in the two responses below due to length. Thanks in advance

OTL logfile created on: 8/26/2011 12:38:12 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\jaz\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.32 Mb Total Physical Memory | 302.76 Mb Available Physical Memory | 29.85% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 2.19 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive F: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KILLBOT | User Name: jaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/26 00:37:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaz\My Documents\Downloads\OTL.com
PRC - [2011/08/02 19:11:34 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/21 21:44:33 | 000,025,088 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/13 19:38:32 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 19:38:30 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/18 06:42:04 | 000,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2007/08/03 15:11:00 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/08/03 15:11:00 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/08/03 15:11:00 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/08/03 15:11:00 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/08/03 15:11:00 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/08/03 15:11:00 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/08/03 15:11:00 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2008/04/21 21:44:33 | 000,053,248 | ---- | M] () -- C:\Program Files\Gizmo\gshell.dll
MOD - [2008/04/13 17:12:08 | 000,245,760 | ---- | M] () -- C:\WINDOWS\ituzeraz.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/08/08 19:15:02 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.3\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/21 21:44:33 | 000,025,088 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/18 06:56:46 | 000,109,080 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2007/09/18 06:42:04 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2007/08/03 15:11:00 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/08/03 15:11:00 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/08/03 15:11:00 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/08/03 15:11:00 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/08/03 15:11:00 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/08/03 15:11:00 | 000,116,928 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/08/03 15:11:00 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/07 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110825.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/07 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110825.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/31 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/31 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/11 12:42:56 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/10/09 09:55:40 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NtpaSp50.sys -- (NTPASp50)
DRV - [2008/04/21 21:44:34 | 000,016,787 | ---- | M] (Arainia Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2008/02/18 17:29:16 | 000,096,256 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/01/30 18:55:08 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/01/15 12:17:58 | 004,652,544 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/28 02:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/12/26 03:20:18 | 000,288,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/09/19 11:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/09/18 06:42:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/09/18 06:38:50 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/08/03 15:11:00 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/08/03 15:11:00 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2007/08/03 15:11:00 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/03 15:11:00 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2007/08/03 15:11:00 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/02/22 16:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/15 17:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.3.1
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\WINDOWS\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6d: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\jaz\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\jaz\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\jaz\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\jaz\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jaz\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jaz\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/02 19:11:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{494CF9DF-0D89-4CB5-AE54-2D37D389E1B8}: C:\Documents and Settings\jaz\Local Settings\Application Data\{494CF9DF-0D89-4CB5-AE54-2D37D389E1B8} [2011/08/17 18:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/02 19:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/02 19:12:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Documents and Settings\jaz\Local Settings\Application Data\Mozilla Firefox\components [2011/08/18 23:43:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Documents and Settings\jaz\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\jaz\Application Data\Move Networks [2011/08/17 18:48:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\components [2011/03/10 20:21:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\plugins [2011/03/10 20:21:53 | 000,000,000 | ---D | M]

[2009/07/04 15:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jaz\Application Data\Mozilla\Extensions
[2010/11/25 23:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jaz\Application Data\Mozilla\Firefox\Profiles\s2hhic5w.default\extensions
[2010/04/28 13:59:51 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\jaz\Application Data\Mozilla\Firefox\Profiles\s2hhic5w.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2009/11/05 14:45:38 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\jaz\Application Data\Mozilla\Firefox\Profiles\s2hhic5w.default\extensions\personas@christopher.beard
[2010/10/27 16:33:39 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\jaz\Application Data\Mozilla\Firefox\Profiles\s2hhic5w.default\extensions\vshareus@toolbar
[2011/06/02 21:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/11 23:27:23 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) --
[2011/08/02 19:11:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/08/17 18:41:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JAZ\LOCAL SETTINGS\APPLICATION DATA\{494CF9DF-0D89-4CB5-AE54-2D37D389E1B8}
[2008/12/07 16:49:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/12/07 16:42:20 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/07 16:42:20 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/07 16:42:20 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/07 16:42:20 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/07 16:42:20 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Ohiyuxisetacokuv] C:\WINDOWS\ituzeraz.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\jaz\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gdrive.dll ()
O4 - HKCU..\Run: [googletalk] C:\Documents and Settings\jaz\Application Data\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\jaz\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jaz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jaz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 17:29:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4728204f-5662-11df-a937-0016448b1ebc}\Shell - "" = AutoRun
O33 - MountPoints2\{4728204f-5662-11df-a937-0016448b1ebc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4728204f-5662-11df-a937-0016448b1ebc}\Shell\AutoRun\command - "" = E:\LapNetWizard.exe
O33 - MountPoints2\{47282053-5662-11df-a937-0016448b1ebc}\Shell - "" = AutoRun
O33 - MountPoints2\{47282053-5662-11df-a937-0016448b1ebc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47282053-5662-11df-a937-0016448b1ebc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{47282055-5662-11df-a937-0016448b1ebc}\Shell - "" = AutoRun
O33 - MountPoints2\{47282055-5662-11df-a937-0016448b1ebc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47282055-5662-11df-a937-0016448b1ebc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Gizmo.lnk - C:\Program Files\Gizmo\gizmo.exe - (Arainia Solutions)
MsConfig - StartUpFolder: C:^Documents and Settings^cseagle^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: GizmoDriveDelegate - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/26 00:20:06 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jaz\Desktop\aswMBR.exe
[2011/08/25 23:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaz\Application Data\Malwarebytes
[2011/08/25 23:53:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/25 23:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/25 23:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/25 23:53:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/25 23:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/24 17:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaz\Local Settings\Application Data\Temp
[2011/08/24 17:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaz\Local Settings\Application Data\Facebook
[2011/08/17 18:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaz\Local Settings\Application Data\{494CF9DF-0D89-4CB5-AE54-2D37D389E1B8}
[2011/08/09 12:37:41 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/09 12:37:17 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/02 19:12:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jaz\My Documents\My Videos
[2011/08/02 19:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/08/02 19:11:44 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/08/02 19:11:37 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/08/02 19:11:37 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/08/02 19:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/08/02 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/08/02 19:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/08/02 19:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaz\Application Data\Real
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/26 00:28:18 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\jaz\Desktop\SecurityCheck.exe
[2011/08/26 00:23:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\jaz\Desktop\MBR.dat
[2011/08/26 00:20:16 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jaz\Desktop\aswMBR.exe
[2011/08/26 00:04:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/26 00:03:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mmoluqanalepetiy.bin
[2011/08/26 00:02:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/08/26 00:02:45 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-1844237615-2146765159-1004.job
[2011/08/26 00:02:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/25 23:53:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/25 23:28:01 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1844237615-2146765159-1004UA.job
[2011/08/25 22:57:34 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Eqeqogut.dat
[2011/08/25 22:52:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1844237615-2146765159-1004UA.job
[2011/08/25 17:28:01 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1844237615-2146765159-1004Core.job
[2011/08/25 16:43:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/23 19:52:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1844237615-2146765159-1004Core.job
[2011/08/21 22:21:29 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\jaz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/18 23:43:09 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-1844237615-2146765159-1004.job
[2011/08/02 19:12:06 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/08/02 19:11:44 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/08/02 19:11:37 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/08/02 19:11:37 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/08/02 19:11:36 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/26 00:28:18 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\jaz\Desktop\SecurityCheck.exe
[2011/08/26 00:23:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\jaz\Desktop\MBR.dat
[2011/08/25 23:53:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/24 17:23:58 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1844237615-2146765159-1004UA.job
[2011/08/24 17:23:57 | 000,000,968 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1844237615-2146765159-1004Core.job
[2011/08/22 14:42:13 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1844237615-2146765159-1004UA.job
[2011/08/22 14:42:11 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1844237615-2146765159-1004Core.job
[2011/08/17 18:41:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mmoluqanalepetiy.bin
[2011/08/17 18:41:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Eqeqogut.dat
[2011/08/02 19:12:30 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-1844237615-2146765159-1004.job
[2011/08/02 19:12:29 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-1844237615-2146765159-1004.job
[2011/08/02 19:12:06 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/07/27 14:44:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/31 20:08:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/03/10 20:20:58 | 000,017,354 | -HS- | C] () -- C:\Documents and Settings\jaz\Local Settings\Application Data\712789849
[2011/03/10 20:20:58 | 000,017,354 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\712789849
[2010/04/27 16:38:13 | 000,014,494 | -HS- | C] () -- C:\Documents and Settings\jaz\Local Settings\Application Data\UsIG2
[2010/04/27 16:38:13 | 000,014,494 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\UsIG2
[2009/08/17 21:34:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\jaz\Local Settings\Application Data\PUTTY.RND
[2009/08/11 12:49:15 | 000,025,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/07/08 13:11:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2008/03/26 22:32:45 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\jaz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 21:38:50 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/30 20:55:22 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/01/30 19:10:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/01/30 19:06:50 | 000,001,784 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/30 19:02:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/30 18:37:06 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/01/30 18:37:06 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/01/30 18:37:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/01/30 18:37:06 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/01/30 17:31:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/30 17:27:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/30 09:22:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/30 09:22:00 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,245,760 | ---- | C] () -- C:\WINDOWS\ituzeraz.dll
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2009/12/11 23:21:47 | 000,001,642 | -H-- | M] () -- C:\Documents and Settings\jaz\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/26 00:20:16 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jaz\Desktop\aswMBR.exe
[2011/08/26 00:28:18 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\jaz\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2008/04/21 21:46:27 | 001,478,696 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jaz\My Documents\GenuineCheck.exe
[2008/03/26 20:32:22 | 008,506,408 | ---- | M] () -- C:\Documents and Settings\jaz\My Documents\Install_AIM59.exe
[2009/05/11 01:28:19 | 074,302,760 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\jaz\My Documents\iTunesSetup.exe
[2009/03/02 00:45:44 | 003,004,064 | ---- | M] (Photodex Corporation) -- C:\Documents and Settings\jaz\My Documents\pxsetup.exe
[2008/04/21 21:58:17 | 001,291,576 | ---- | M] () -- C:\Documents and Settings\jaz\My Documents\setup_magicdisc.exe
[2008/04/21 21:47:08 | 000,765,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jaz\My Documents\WindowsXP-KB932716-x86-ENU.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2008/12/07 16:42:22 | 007,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/12/07 16:42:27 | 000,132,232 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
[2008/12/07 16:42:27 | 000,073,336 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xpicleanup.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/01/30 18:53:54 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/03/26 20:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/03/26 20:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2009/05/11 01:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/08/11 12:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2010/11/25 22:42:54 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2009/05/11 01:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/22 13:31:51 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast
[2010/08/22 13:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\ComcastUI
[2011/08/02 19:11:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/01/30 17:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/03/26 21:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2008/04/21 21:44:39 | 000,000,000 | ---D | M] -- C:\Program Files\Gizmo
[2008/04/21 19:23:14 | 000,000,000 | ---D | M] -- C:\Program Files\hkSFV
[2008/05/05 14:27:51 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/08/11 12:50:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/01/30 22:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/05/31 20:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2011/08/10 10:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/05/11 01:40:03 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/05/11 01:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/12/07 16:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/04/21 21:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2011/08/25 23:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/01/30 18:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2008/12/07 17:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/01/30 23:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/01/30 17:30:00 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/08/12 03:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/02 21:12:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/12/07 17:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\msn
[2008/01/30 17:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/07/09 03:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/01/30 17:30:00 | 000,000,000 | ---D | M] -- C:\Program Files\netmeeting
[2008/01/30 17:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/01/30 19:11:57 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.3
[2009/08/11 12:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\Option
[2010/12/15 04:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/25 22:43:22 | 000,000,000 | ---D | M] -- C:\Program Files\Peggle
[2010/03/09 01:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex Presenter
[2009/05/11 01:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/08/02 19:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/01/30 20:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/11 12:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless Inc
[2010/08/21 11:33:24 | 000,000,000 | ---D | M] -- C:\Program Files\support.com
[2008/01/30 18:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/08/26 00:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2008/01/30 21:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2008/01/30 18:18:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/03/26 20:48:34 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/01/30 23:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/03/26 20:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/03/26 21:29:27 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2008/12/07 17:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/07 16:59:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/30 17:28:50 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/03/26 21:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/01/30 17:30:00 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2008/01/30 13:25:00 | 016,565,030 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/07 16:50:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/07 16:50:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/01/30 13:25:00 | 016,565,030 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/07 16:50:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/07 16:50:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/01/30 13:25:00 | 016,565,030 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/12/07 16:50:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/12/07 16:50:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2007/09/30 00:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/01/30 13:14:49 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2008/01/30 13:14:49 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-24 07:29:38

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2008/12/07 16:42:27 | 000,450,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2008/12/07 16:42:27 | 000,450,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2008/12/07 16:42:27 | 000,450,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2008/12/07 16:42:22 | 007,660,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2008/12/07 16:42:22 | 007,660,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2008/12/07 16:42:22 | 007,660,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2008/12/07 16:42:27 | 000,450,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2008/12/07 16:42:27 | 000,450,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2008/12/07 16:42:27 | 000,450,936 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2008/12/07 16:42:22 | 007,660,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2008/12/07 16:42:22 | 007,660,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2008/12/07 16:42:22 | 007,660,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >




Last edited by quickdrawkiddo on Fri 26 Aug 2011, 7:07 pm; edited 1 time in total

quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by quickdrawkiddo on Fri 26 Aug 2011, 7:04 pm

Error - 8/26/2011 2:50:20 AM | Computer Name = KILLBOT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl ElbyCDIO Fips GizmoDrv intelppm SAVRT SAVRTPEL SPBBCDrv SYMTDI

Error - 8/26/2011 3:00:59 AM | Computer Name = KILLBOT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/26/2011 3:02:54 AM | Computer Name = KILLBOT | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 8/26/2011 3:12:49 AM | Computer Name = KILLBOT | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/26/2011 3:12:49 AM | Computer Name = KILLBOT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by quickdrawkiddo on Fri 26 Aug 2011, 7:05 pm

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-26 00:20:29
-----------------------------
00:20:29.453 OS Version: Windows 5.1.2600 Service Pack 3
00:20:29.453 Number of processors: 2 586 0xF0D
00:20:29.453 ComputerName: KILLBOT UserName: jaz
00:20:30.359 Initialize success
00:22:21.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:22:21.781 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3
00:22:21.812 Disk 0 MBR read successfully
00:22:21.812 Disk 0 MBR scan
00:22:21.812 Disk 0 Windows XP default MBR code
00:22:21.812 Disk 0 scanning sectors +234420480
00:22:21.875 Disk 0 scanning C:\WINDOWS\system32\drivers
00:22:35.093 Service scanning
00:22:36.703 Modules scanning
00:22:47.859 Disk 0 trace - called modules:
00:22:47.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
00:22:47.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ce6030]
00:22:47.890 3 CLASSPNP.SYS[f758dfd7] -> nt!IofCallDriver -> \Device\00000080[0x86d6d910]
00:22:47.890 5 ACPI.sys[f7414620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d6b030]
00:22:47.890 Scan finished successfully
00:23:07.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jaz\Desktop\MBR.dat"
00:23:07.359 The log file has been saved successfully to "C:\Documents and Settings\jaz\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec AntiVirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
``````````End of Log````````````


quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Bump

Post by quickdrawkiddo on Tue 30 Aug 2011, 4:16 am

No reply yet, please help

quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by Gabethebabe on Tue 30 Aug 2011, 6:00 pm

Hi there quickdrawkiddo and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst Im helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. Im here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesnt mean it is clean yet!

====================

Your problem is not TDSS. It is a malicious Firefox addon. Lets get rid of it.
Please download GooredFix by jpshortstuff from one of the locations below and save it to your desktop:
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (WIN XP), or right-click and select Run As Administrator (Vista/WIN7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\WINDOWS\ituzeraz.dll
C:\WINDOWS\Mmoluqanalepetiy.bin
C:\WINDOWS\Eqeqogut.dat
C:\Documents and Settings\jaz\Local Settings\Application Data\712789849
C:\Documents and Settings\All Users\Application Data\712789849

:otl
O4 - HKLM..\Run: [Ohiyuxisetacokuv] C:\WINDOWS\ituzeraz.dll ()

:commands
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by quickdrawkiddo on Wed 31 Aug 2011, 4:20 pm

Gooredfix log below. Running the other two next and will post as soon as I have. Thanks

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:16 on 30/08/2011 (jaz)
Firefox version 6.0 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{494CF9DF-0D89-4CB5-AE54-2D37D389E1B8} -> Success!
Deleting C:\Documents and Settings\jaz\Local Settings\Application Data\{494CF9DF-0D89-4CB5-AE54-2D37D389E1B8} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[You must be registered and logged in to see this link.] [01:44 31/01/2008]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:44 31/01/2008]
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [02:06 31/01/2008]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [23:39 15/03/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [23:50 07/12/2008]

C:\Documents and Settings\jaz\Application Data\Mozilla\Firefox\Profiles\s2hhic5w.default\extensions\
[You must be registered and logged in to see this link.] [21:45 05/11/2009]
vshareus@toolbar [23:33 27/10/2010]
{dd3d7613-0246-469d-bc65-2a3cc1668adc} [20:59 28/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [23:49 07/12/2008]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [02:11 03/08/2011]

-=E.O.F=-

quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by quickdrawkiddo on Wed 31 Aug 2011, 4:36 pm

========== FILES ==========
C:\WINDOWS\ituzeraz.dll moved successfully.
C:\WINDOWS\Mmoluqanalepetiy.bin moved successfully.
C:\WINDOWS\Eqeqogut.dat moved successfully.
C:\Documents and Settings\jaz\Local Settings\Application Data\712789849 moved successfully.
C:\Documents and Settings\All Users\Application Data\712789849 moved successfully.
File\Folder :otl not found.
File\Folder O4 - HKLM..\Run: [Ohiyuxisetacokuv] C:\WINDOWS\ituzeraz.dll () not found.
File\Folder :commands not found.
File\Folder [reboot] not found.

OTL by OldTimer - Version 3.2.26.5 log created on 08302011_222206



Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7616

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/30/2011 10:35:47 PM
mbam-log-2011-08-30 (22-35-47).txt

Scan type: Quick scan
Objects scanned: 182669
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by quickdrawkiddo on Wed 31 Aug 2011, 4:38 pm

I have symantec antivirus, and it has been going off quite often recently always with Trojan.gen.2

Not sure if that helps at all..

quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by Gabethebabe on Wed 31 Aug 2011, 4:55 pm

Google redirects are gone, is that correct?

If symantec warns of Trojan.gen.2, which file is triggering that?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by quickdrawkiddo on Wed 31 Aug 2011, 5:18 pm

Redirect seems to be gone so far..=D
Symantec popped up yesterday at some point but I am not sure when and then again just now when I was running the malwarebytes. What fixed redirect? The Gooredfix? I hope it stays fixed!!

quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by Gabethebabe on Wed 31 Aug 2011, 6:20 pm

Yes, Gooredfix fixed a malicious Firefox addon that was installed, causing the redirects


I noted that OTL failed to fix something - which is odd. So Im running another utility to do that for us:

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by quickdrawkiddo on Thu 01 Sep 2011, 7:20 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:54 PM, on 8/31/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Gizmo\gservice.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Documents and Settings\jaz\Local Settings\Application Data\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jaz\Local Settings\Application Data\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:service@tokidoki.it
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ohiyuxisetacokuv] rundll32.exe "C:\WINDOWS\ituzeraz.dll",Startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] C:\Documents and Settings\jaz\Application Data\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jaz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\jaz\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 9228 bytes

quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by Gabethebabe on Thu 01 Sep 2011, 6:56 pm

OK, lets fix the thing that OTL could not.

  • Please re-open HijackThis.
  • Choose the option "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [Ohiyuxisetacokuv] rundll32.exe "C:\WINDOWS\ituzeraz.dll",Startup


  • Press the "Fix Checked" button.
  • Then close Hijack This.

====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!
  • Adobe Reader 10.0. The last and most safest version of Adobe Reader.
  • SumatraPDF. Very small and very light PDF viewer.
  • PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 27

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 27).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have Viewpoint installed. This is so-called foistware. It is practically useless, comes with AOL software and is installed without your consent. I recommend you uninstall it.

====================

I see that you have P2P software installed on your machine (uTorrent).
While file-sharing is a useful concept, P2P programs are mostly used for shady/illegal practices like software piracy, copyright infraction and malware distribution. You really do not want to contribute to illegal activities or find yourself victim of cybercriminals using P2P for spreading of their malware. I would strongly recommend that you uninstall all P2P software, however that choice is up to you. If you choose to remove these programs, you can do so via Start >> Control Panel >> Add or Remove Programs.

====================

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by quickdrawkiddo on Sat 03 Sep 2011, 8:09 am

Ok, just finished doing the rest of that..mostly. I would like your awesome list. Thanks for all your help

quickdrawkiddo

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-08-26
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by Gabethebabe on Sun 04 Sep 2011, 12:35 am

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware cant touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • Online Armor. A very smart and user friendly firewall.
  • Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Google redirect on firefox

Post by Sponsored content Today at 9:26 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum