Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32:rootkit-gen, win32:trojan-gen, BV:Malware-gen, [Solved]

Started by Aoc , May 13 2009 01:19 PM

  • This topic is locked This topic is locked

#16
XmichouX
Posted 27 May 2009 - 11:56 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Let's try something else..

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Cheers,
  • 0

Advertisements

#17
Aoc
Posted 27 May 2009 - 01:04 PM

Aoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
ok, here are the logs.



Attached File  virusinfo_syscheck.zip   28.8KB   153 downloads Attached File  virusinfo_syscure.zip   28.46KB   108 downloads


Thank you for working on this for me.
  • 0

#18
XmichouX
Posted 28 May 2009 - 09:38 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

  • Close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program

    beginSetAVZGuardStatus(True);SearchRootkit(true, true); TerminateProcessByName('c:\windows\sysguard.exe'); DelBHO('{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}'); DeleteFile('c:\windows\sysguard.exe'); DeleteFile('C:\WINDOWS\system32\iehelper.dll');ExecuteSysClean;end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically, and post back with a new HijackThis log.

Regards,
  • 0

#19
Aoc
Posted 31 May 2009 - 08:33 AM

Aoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Got called out of town on a emergency, I will be back on tuesday may 2nd. Sorry for the delay.... I dont want you to think I am not following up on this.
  • 0

#20
XmichouX
Posted 31 May 2009 - 10:40 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
No Problem.
  • 0

#21
Aoc
Posted 02 June 2009 - 09:42 AM

Aoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
ok ran it and here is the new log. Also, avast found proquota.exe on reboot which I moved to the vault.

OTListIt logfile created on: 6/2/2009 10:19:52 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\John B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

750.79 Mb Total Physical Memory | 479.70 Mb Available Physical Memory | 63.89% Memory free
1.04 Gb Paging File | 0.76 Gb Available in Paging File | 73.04% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.08 Gb Free Space | 27.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNLAPTOP
Current User Name: John B
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe (Belkin)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\System32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\John B\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon [Auto | Running]) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\System32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (gupdate1c9a0d0dfd66502 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (Pml Driver HPH11 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPHipm11.exe (HP)
SRV - (Pml Driver HPZ12 [Unknown | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (SonicStage Back-End Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APL531 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ov550i.sys (Omnivision Technologies, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\atksgt.sys ()
DRV - (BsStor [Boot | Running]) -- C:\WINDOWS\System32\drivers\BsStor.sys (B.H.A Co.,Ltd.)
DRV - (BsUDF [Disabled | Running]) -- C:\WINDOWS\System32\drivers\BsUDF.sys (B.H.A Co.,Ltd.)
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (Dot4 HPH11 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hphid411.sys (HP)
DRV - (Dot4Print HPH11 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hphipr11.sys (HP)
DRV - (Dot4Usb HPH11 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\hphius11.sys (HP)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EAPPkt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\EAPPkt.sys (Realtek)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (GWIOPM [On_Demand | Stopped]) -- c:\Program Files\LEA Digital Recorder\gwiopm.sys ()
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys ()
DRV - (MASPINT [Auto | Running]) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (NETGEAR_MA111 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MA111nd5.sys ( )
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (pciSd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys (TOSHIBA)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PRISM_A02 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PRISMAXP.sys (GlobespanVirata, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rt2870 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt2870.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (SUSTUCAM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sustucam.sys (Susteen, Inc.)
DRV - (TBiosDrv [Auto | Running]) -- C:\WINDOWS\System32\drivers\TBiosDrv.sys ()
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tossmbnt [Auto | Running]) -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys ()
DRV - (tsdhd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (WlanUIB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MA111nd5.sys ( )
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\wA301a.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0
FF - prefs.js..extensions.enabledItems: {5872365e-67d1-4afd-9480-fd293bebd20d}:1.7.2
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.6.11
FF - prefs.js..extensions.enabledItems: {396BA20B-7E61-47EB-9095-08D70EF4D85A}:1.0
FF - prefs.js..extensions.enabledItems: {AFE5B061-B10B-4111-8C93-FE38258C5CE0}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.foxtor.browser.search.update: true

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 09:03:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/30 09:03:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/04/01 14:12:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/03/03 11:10:06 | 00,000,000 | ---D | M]

[2009/01/10 15:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Extensions
[2009/01/10 15:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/29 14:44:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions
[2008/02/10 10:04:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}
[2008/12/03 00:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2009/05/12 14:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/10/29 23:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/03/20 13:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/03/17 14:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\[email protected]
[2008/09/10 22:44:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John B\Application Data\mozilla\Firefox\Profiles\ghtrl0km.default\extensions\[email protected]
[2009/05/29 14:44:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 14:08:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{396BA20B-7E61-47EB-9095-08D70EF4D85A}
[2009/04/30 09:03:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/30 16:06:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{AFE5B061-B10B-4111-8C93-FE38258C5CE0}
[2007/06/10 23:13:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla(2).org
[2009/04/30 09:02:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 09:02:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/10 15:56:18 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/10 15:56:18 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/10 15:56:18 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/10 15:56:18 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/10 15:56:18 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/10 15:56:18 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (148 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivaresys.com
O1 - Hosts: 94.232.248.66 www.antivaresys.com
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [TFNF5] TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exe (TOSHIBA Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin N Wireless USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} http://www.shockwave...gwebinstall.cab (Sandlot Loader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave...bugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_16)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8135.7490393519 (Reg Error: Key error.)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicr...scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_16)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://download.game...inematycoon.cab (TikGames Online Control)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/27 13:15:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John B\Desktop\avz4
[2009/05/27 13:14:06 | 04,626,422 | ---- | C] () -- C:\Documents and Settings\John B\Desktop\avz4.zip
[2009/05/27 10:24:50 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/26 15:04:01 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/26 13:05:28 | 00,002,691 | ---- | C] () -- C:\Documents and Settings\John B\Desktop\DrWeb.csv
[2009/05/21 15:03:39 | 14,095,000 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\John B\Desktop\drweb-cureit.exe
[2009/05/19 13:20:53 | 00,001,766 | ---- | C] () -- C:\Documents and Settings\John B\Desktop\Build-a-Lot 2.lnk
[2009/05/19 13:20:53 | 00,001,130 | ---- | C] () -- C:\Documents and Settings\John B\Desktop\Game Center.lnk
[2009/05/19 13:15:37 | 58,746,152 | ---- | C] (Oberon Media Inc.) -- C:\Documents and Settings\John B\Desktop\Build_a_lot_2-setup.exe
[2009/05/19 13:09:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2009/05/19 08:59:14 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/05/18 14:52:51 | 00,214,534 | ---- | C] () -- C:\Documents and Settings\John B\Desktop\_0.27918000 1224882611
[2009/05/13 13:56:34 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John B\Desktop\OTListIt2.exe
[2009/05/13 13:54:52 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/13 12:00:30 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/13 11:22:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/13 11:17:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John B\Desktop\newspy
[2009/05/13 10:37:06 | 78,733,7216 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/13 10:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John B\Local Settings\Temp
[2009/05/13 10:34:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/12 10:19:25 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/12 10:19:25 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/07 15:17:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John B\Desktop\McafeeRootkitDetective
[2009/05/07 15:03:18 | 01,728,150 | ---- | C] () -- C:\Documents and Settings\John B\Desktop\McafeeRootkitDetective.zip
[2009/05/07 12:39:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John B\Desktop\RootkitRevealer
[2009/05/07 12:14:45 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin N Wireless USB Adapter Client Utility.lnk
[2009/05/07 12:14:45 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin N Wireless USB Adapter Client Utility.lnk
[2009/05/07 12:13:52 | 00,450,432 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\rtl8192u.sys
[2009/05/07 12:13:51 | 00,450,432 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System\rtl8192u.sys
[2009/05/07 12:13:29 | 00,038,144 | ---- | C] (Realtek) -- C:\WINDOWS\System32\drivers\EAPPkt.sys
[2009/05/07 12:13:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Belkin N Wireless USB Adapter Software
[2009/05/07 12:12:02 | 06,549,329 | ---- | C] () -- C:\Documents and Settings\John B\Desktop\f5d8053v5_us_5.01.03_w6.exe
[2009/05/07 09:14:03 | 00,000,226 | ---- | C] () -- C:\Boot.bak
[2009/05/07 09:13:57 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/07 09:13:48 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/07 09:12:09 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/07 09:12:09 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/07 09:12:09 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/07 09:12:09 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/07 09:12:09 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/07 09:12:09 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/06 11:01:53 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/06 11:01:53 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 11:01:52 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/06 11:01:51 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/06 11:01:49 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/06 11:01:47 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/06 11:01:47 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/06 11:01:47 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/06 11:01:47 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/06 11:01:21 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/06 11:01:21 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/06 11:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/05 09:11:45 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\John B\My Documents\alice grant.doc
[2009/01/14 21:23:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/12/09 00:09:21 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2008/12/09 00:09:21 | 00,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2008/12/09 00:04:55 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/11/06 15:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/25 23:03:08 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/07/26 13:01:50 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/06/30 23:57:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/06/18 00:34:35 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/04/25 00:14:14 | 00,000,052 | ---- | C] () -- C:\WINDOWS\STYLEEASEAPA.INI
[2007/04/10 00:03:22 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/19 03:25:49 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/11 04:09:33 | 00,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2006/12/05 17:21:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Tripeaks.INI
[2006/11/02 17:03:38 | 00,002,042 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2006/10/31 12:06:03 | 00,000,128 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/11 09:46:53 | 00,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006/09/11 09:46:52 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2005/09/04 22:53:16 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.John B.ini
[2005/08/06 09:32:12 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MouseTrapLib.dll
[2005/06/10 10:57:39 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/06/02 22:37:45 | 00,004,005 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/05/28 18:50:53 | 00,005,667 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/23 21:17:54 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/01/16 20:42:25 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/17 16:34:53 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/10/06 19:33:37 | 00,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2004/10/06 19:33:35 | 00,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2004/07/22 19:26:30 | 00,000,028 | ---- | C] () -- C:\WINDOWS\BTW.ini
[2004/07/22 19:26:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2004/07/07 20:09:00 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\GTRTST32.DLL
[2004/07/07 20:08:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\arhelper.INI
[2004/07/06 21:24:06 | 00,000,708 | ---- | C] () -- C:\WINDOWS\label.ini
[2004/07/06 21:23:54 | 00,000,052 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2004/05/28 21:40:39 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/03/03 16:27:08 | 00,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys
[2004/01/30 10:37:50 | 00,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/11/21 16:49:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/20 20:49:20 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2003/11/20 20:40:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2003/11/20 20:34:03 | 00,000,906 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/11/20 20:32:41 | 00,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2003/11/20 20:12:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/11/20 20:06:36 | 00,000,034 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2003/11/20 19:54:31 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/11/20 19:54:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/11/20 19:54:31 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/11/20 19:54:31 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/11/20 19:53:21 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/11/20 19:44:16 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/20 19:28:40 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2003/11/20 18:53:50 | 00,001,924 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/20 18:50:00 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/20 18:42:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/20 17:12:52 | 00,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/20 17:12:23 | 00,000,742 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/11/20 17:12:16 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/04/04 15:04:08 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[2009/06/02 10:14:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/02 10:14:34 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/06/02 10:14:32 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/02 10:14:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/02 10:14:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\John B\Local Settings\desktop.ini
[2009/06/02 10:14:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/02 10:14:12 | 78,733,7216 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/27 13:15:12 | 04,626,422 | ---- | M] () -- C:\Documents and Settings\John B\Desktop\avz4.zip
[2009/05/27 10:21:53 | 00,000,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/26 13:05:28 | 00,002,691 | ---- | M] () -- C:\Documents and Settings\John B\Desktop\DrWeb.csv
[2009/05/21 15:04:21 | 14,095,000 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\John B\Desktop\drweb-cureit.exe
[2009/05/21 08:39:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/20 10:01:55 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\John B\My Documents\alice grant.doc
[2009/05/19 13:20:53 | 00,001,766 | ---- | M] () -- C:\Documents and Settings\John B\Desktop\Build-a-Lot 2.lnk
[2009/05/19 13:20:53 | 00,001,130 | ---- | M] () -- C:\Documents and Settings\John B\Desktop\Game Center.lnk
[2009/05/19 13:20:13 | 58,746,152 | ---- | M] (Oberon Media Inc.) -- C:\Documents and Settings\John B\Desktop\Build_a_lot_2-setup.exe
[2009/05/19 09:11:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/19 08:59:14 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/05/18 14:52:52 | 00,214,534 | ---- | M] () -- C:\Documents and Settings\John B\Desktop\_0.27918000 1224882611
[2009/05/13 13:56:35 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B\Desktop\OTListIt2.exe
[2009/05/12 10:19:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/07 15:03:47 | 01,728,150 | ---- | M] () -- C:\Documents and Settings\John B\Desktop\McafeeRootkitDetective.zip
[2009/05/07 12:14:45 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin N Wireless USB Adapter Client Utility.lnk
[2009/05/07 12:14:45 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin N Wireless USB Adapter Client Utility.lnk
[2009/05/07 12:12:40 | 06,549,329 | ---- | M] () -- C:\Documents and Settings\John B\Desktop\f5d8053v5_us_5.01.03_w6.exe
[2009/05/07 09:14:03 | 00,000,296 | RHS- | M] () -- C:\boot.ini
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 11:01:53 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 11:01:47 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16C36E31
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B60C375
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8961A52
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2932DB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4630A5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A5186C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F42B5B0E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D76DB8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:015DC393
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9046031
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11F6DF5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
< End of report >
  • 0

#22
XmichouX
Posted 02 June 2009 - 11:20 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

1) Which internet browser do you use ? Internet Explorer, Mozilla ?
Same redirects with the both ?

2) Waiting to find the canned speech of FoxScan ...

Regards,

Edited by XmichouX, 04 June 2009 - 11:16 AM.

  • 0

#23
Aoc
Posted 03 June 2009 - 10:16 AM

Aoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
yes, still the same problems.

When I paste the script you posted into Otlist and run thescan it locks up. Should I be scanning with the script or "run fix" or run "clean up"?

Edited by Aoc, 03 June 2009 - 10:17 AM.

  • 0

#24
Aoc
Posted 04 June 2009 - 11:22 AM

Aoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Firefox.....

yes, same redirects.
  • 0

#25
XmichouX
Posted 05 June 2009 - 01:13 PM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Download FoxScan to your desktop.
  • Run the FoxScan file.
  • A window will open up and give you an option for what language to use. Press 2 and then Enter, let the program run unhindered.
  • The message "Press any key to continue..." will appear, do what it says and press any key you want.
  • The program will then open its report in a Notepad file, it will also be saved to your C:\ drive (C:\Rapport-FS.txt).
  • Post this log on the forum.

(Just an additionnal question : Are there redirects with Internet Explorer ? )

Cheers,

P.S : Please forgive me if I take time to answer, i have to prepare my baccalaureat.
  • 0

Advertisements

#26
Aoc
Posted 05 June 2009 - 01:59 PM

Aoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
No, it does not redirect in IE. I didn't realize that cause I hardly ever use IE anymore.

Here is the scan...


FoxScan Version 1.1.0
By Loup blanc - Zebulon.fr
Scan started Fri 06/05/2009 at 14:54

Microsoft Windows XP Home Edition Service Pack 3 [Version 5.1.2600]

Mozilla Firefox version : 3.0.10 (en-US)
Installation folder : ""


=================================================================================
---------- User account : John B [Current session]
=================================================================================


Profile name : default
Profile folder : C:\Documents and Settings\John B\Application Data\mozilla\firefox\Profiles\ghtrl0km.default\
Start pages prefs.js : "www.yahoo.com"


//////////// Setting \\\\\\\\\\\\\
======= Profile name : default =======

Firefox update : Activated
Add-on update : Activated
Search engines update : Activated
Java : Activated
Javascript : Activated
Proxy : Automatic detection




//////////// Add-on \\\\\\\\\\\\\

======= Profile name : default =======

Installation notification for Add-on is enabled

Name : Distrust
State : Activated
Folder : C:\Documents and Settings\John B\Application Data\Mozilla\Firefox\Profiles\ghtrl0km.default\extensions\[email protected]

Name : DownThemAllname
State : Activated
Folder : C:\Documents and Settings\John B\Application Data\Mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

Name : firefusk
State : Activated
Folder : C:\Documents and Settings\John B\Application Data\Mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}

Name : myibay Firefox extension
State : Activated
Folder : C:\Documents and Settings\John B\Application Data\Mozilla\Firefox\Profiles\ghtrl0km.default\extensions\[email protected]

Name : PasswordMaker
State : Activated
Folder : C:\Documents and Settings\John B\Application Data\Mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}

Name : User Agent Switcher
State : Activated
Folder : C:\Documents and Settings\John B\Application Data\Mozilla\Firefox\Profiles\ghtrl0km.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

Name : XUL Cache
State : Activated
Folder : C:\Program Files\Mozilla Firefox\extensions\{396BA20B-7E61-47EB-9095-08D70EF4D85A}

####### Goored traces found in : C:\Program Files\Mozilla Firefox\extensions\{396BA20B-7E61-47EB-9095-08D70EF4D85A}\chrome\content\overlay.xul #######


####### Goored traces found in : C:\Program Files\Mozilla Firefox\extensions\{AFE5B061-B10B-4111-8C93-FE38258C5CE0}\chrome\content\overlay.xul #######


Name : Default
State : Activated
Folder : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Name : 1-ClickWeather
State : Deactivated




//////////// Search plugins \\\\\\\\\\\\\

======= Profile name : default =======

Search in "prefs.js" :

browser.search.defaultenginename :
browser.search.defaulturl :
browser.search.selectedEngine :
keyword.URL :
keyword.enable :


--------- Search engines found ------------
+ Search form configured for the engine





=================================================================================
---------- Common section
=================================================================================

//////////// DLL found in ""\components \\\\\\\\\\\\\



------------------------------------------------------

//////////// Search plugins \\\\\\\\\\\\\

--------- Search engines found ------------
+ Search form configured for the engine



------------------------------------------------------

//////////// Plugins set in registry \\\\\\\\\\\\\


[HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer]
"Description"="Adobe® Flash® Player 10"
"Vendor"="Adobe Systems Incorporated"
"Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/ShockwavePlayer]
"Description"="Adobe Shockwave Player"
"Vendor"="Adobe Systems Inc"
"Path"="C:\WINDOWS\system32\Adobe\Director\np32dsw.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=6.0.11.2061]
"Description"="RealPlayer™ LiveConnect-Enabled Plug-In"
"Vendor"="RealNetworks"
"Path"="C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprjplug;version=1.0.2.2122]
"Description"="RealJukebox Netscape Plugin"
"Vendor"="RealNetworks"
"Path"="C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=6.0.12.1059]
"Description"="6.0.12.1059"
"Vendor"="RealNetworks"
"Path"="C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=]

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@tools.google.com/Google Update;version=8]
"Description"="Google Update"
"Vendor"="Google"
"Path"="C:\Program Files\Google\Update\1.2.145.5\npGoogleOneClick8.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@unity3d.com/UnityPlayer]
"Description"="Unity Player 2.0.2f2"
"Vendor"="Unity Technologies ApS"
"Path"="C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@viewpoint.com/VMP]
"Description"="Viewpoint Media Player for Mozilla"
"Vendor"="Viewpoint Corporation"
"Path"="C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"="Yahoo! activeX Plug-in Bridge"
"Vendor"="Yahoo"
"Path"="C:\Program Files\Yahoo!\Common\npyaxmpb.dll"

[HKEY_CURRENT_USER\software\mozillaplugins\@adobe.com/FlashPlayer]
"Description"="Adobe Flash Player 9.0"
"Vendor"="Adobe Systems Inc."
"Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll"


------------------------------------------------------

//////////// Additional search... \\\\\\\\\\\\\

==== Additional extension ====


[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]


=========================== End of report ===========================



Thanks.....
  • 0

#27
XmichouX
Posted 06 June 2009 - 03:35 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi :)

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

Cheers,
  • 0

#28
Aoc
Posted 08 June 2009 - 11:59 AM

Aoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ok,,,

GooredFix v1.92 by jpshortstuff
Log created at 12:44 on 08/06/2009 running Option #1 (John B)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{AFE5B061-B10B-4111-8C93-FE38258C5CE0}

C:\Program Files\Mozilla Firefox\extensions\{396BA20B-7E61-47EB-9095-08D70EF4D85A}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
  • 0

#29
Aoc
Posted 10 June 2009 - 11:03 AM

Aoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Still with me?
  • 0

#30
Egwene
Posted 11 June 2009 - 04:10 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

Sorry for the delay,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
C:\Program Files\Mozilla Firefox\extensions\{396BA20B-7E61-47EB-9095-08D70EF4D85A}
C:\Program Files\Mozilla Firefox\extensions\{AFE5B061-B10B-4111-8C93-FE38258C5CE0}
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Then :

Navigate with your windows explorer until these following files in bold, then right-click on them, chose "open with", then select notepad :

C:\Program Files\Mozilla Firefox\extensions\{396BA20B-7E61-47EB-9095-08D70EF4D85A}\chrome\content\overlay.xul
C:\Program Files\Mozilla Firefox\extensions\{AFE5B061-B10B-4111-8C93-FE38258C5CE0}\chrome\content\overlay.xul

Copy and paste me the contents of these two files.

Regards,
Egwene.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP