Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirection Problem

Started by bubkwa` , Mar 19 2011 01:22 PM

  • Please log in to reply

#1
bubkwa`
Posted 19 March 2011 - 01:22 PM

bubkwa`

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I've been having problems with my mozilla firefox due to redirection issues for the past few days/weeks. I was able to circumvent this issue by using chrome. But it seems that chrome isn't immune to this problem anymore. (There is not a specific website its directing me to, they are quite random.) I most likely got infected while trying to view shows via sidereel that weren't on megavideo.

I've also noticed that its preventing my antivirus software (symantec endpoint protection) from updating itself. I keep updating it, but it never registers on my software. (It says the last update was on feb 22) I've also ran the malwarebites anti-malware software and its coming back clean.

Please let me know what other information you need.

Thanks in advance.

OTL logfile created on: 3/19/2011 2:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\thea\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 90.37 Gb Free Space | 40.33% Space Free | Partition Type: NTFS

Computer Name: MIMSERS | User Name: thea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 14:23:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thea\My Documents\Downloads\OTL.exe
PRC - [2011/03/17 03:15:04 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\thea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\thea\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/01/22 03:13:36 | 000,312,640 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\thea\Application Data\Smilebox\SmileboxTray.exe
PRC - [2010/12/20 19:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/02/28 00:51:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\thea\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/10/05 20:14:22 | 002,075,384 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/03/09 11:50:48 | 001,433,952 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009/03/09 11:49:18 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/12/29 06:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/12/18 09:34:40 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/12/18 09:34:38 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/18 09:34:38 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Endpoint Protection\Smc.exe
PRC - [2008/12/18 09:34:38 | 001,443,144 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/18 09:34:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/05/21 18:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2008/05/09 19:50:42 | 001,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
PRC - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/30 23:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 23:27:12 | 001,347,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/04/30 23:20:38 | 000,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/04/30 23:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/29 14:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/13 17:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 15:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/02/19 03:41:53 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/01/28 18:24:00 | 000,038,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2008/01/28 18:23:18 | 000,268,152 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/04/09 22:07:02 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/03/09 04:28:19 | 000,700,416 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2007/02/12 20:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/03/16 17:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 04:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/03/04 11:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 14:23:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thea\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/02/28 00:51:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/18 09:34:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/12/18 09:34:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/12/18 09:34:38 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/18 09:34:38 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/18 09:34:38 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/06/30 20:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/05/21 18:07:00 | 000,111,984 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2008/04/30 23:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 23:20:38 | 000,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/04/30 23:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/11 15:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/12 20:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2005/03/14 15:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - [2010/12/16 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110222.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110222.021\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/12 07:45:48 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/26 04:46:44 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/18 09:34:40 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/12/18 09:34:40 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/12/18 09:34:40 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/12/18 09:34:36 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/12/18 09:34:36 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/28 10:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/15 14:15:30 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/04 14:57:00 | 000,296,320 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/25 19:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 19:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/25 19:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/03/20 16:32:24 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/02/01 17:18:56 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (CnxtHdAudAddService)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/08/13 04:39:19 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/05/29 14:01:50 | 000,006,912 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/03/26 16:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 19:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 16:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/01/12 20:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/06/11 01:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/05/05 18:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr...=&sa=Rechercher
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 FA 12 98 00 62 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://spike.wharton.upenn.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {1320D5A7-AE4E-4900-8107-690F09E5B933}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/12 12:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1320D5A7-AE4E-4900-8107-690F09E5B933}: C:\Documents and Settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933} [2011/02/23 21:04:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\mozilla.org\Mozilla Firefox\components [2011/03/15 20:40:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla Firefox\plugins [2011/03/15 20:40:03 | 000,000,000 | ---D | M]

[2009/02/26 04:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thea\Application Data\Mozilla\Extensions
[2011/03/18 23:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\extensions
[2010/04/27 11:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/24 00:58:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/02/24 00:58:47 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Documents and Settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\extensions\[email protected]
[2009/07/02 18:23:42 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\THEA\APPLICATION DATA\MOVE NETWORKS
[2011/02/23 21:04:03 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\THEA\LOCAL SETTINGS\APPLICATION DATA\{1320D5A7-AE4E-4900-8107-690F09E5B933}
[2010/03/12 12:13:22 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/11/09 19:59:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/09 20:00:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/05/05 00:33:27 | 000,000,725 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O2 - BHO: (T10QP3808 Class) - {4F4693CD-2B4D-42BD-B512-D2AB0F74D30C} - C:\Program Files\IEToolbar\Google Toolbar\frame_search.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {5DE50A7B-9B62-DDBE-1BA3-C385294E418F} - C:\Program Files\IEToolbar\Google Toolbar\frame_search.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {5DE50A7B-9B62-DDBE-1BA3-C385294E418F} - C:\Program Files\IEToolbar\Google Toolbar\frame_search.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Whitney2_S2P] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Wpifazu] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\thea\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\thea\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\thea\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\thea\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 18:34:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ff66a18-03d9-11de-b121-0022fa1eef1c}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{8b221dca-a1e9-11df-b191-0022fa1eef1c}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{ec0b8486-9024-11de-b14a-0022fa1eef1c}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/15 22:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\Dear My Girls Ch4
[2011/03/15 22:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\DMG.vol1.2
[2011/03/15 22:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\DMG.vol1.1
[2011/03/15 20:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\DMG
[2011/03/15 20:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/15 20:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/15 20:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/15 20:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/03/15 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/15 20:38:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/15 19:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Start Menu\Programs\WinRAR
[2011/03/15 19:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/03/15 19:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/02/26 21:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/26 19:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Local Settings\Application Data\Amazon
[2011/02/26 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\My Documents\My Kindle Content
[2011/02/26 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Start Menu\Programs\Amazon
[2011/02/23 21:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933}
[2011/02/23 21:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Application Data\OfferBox
[2011/02/23 21:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
[2011/02/23 21:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\IEToolbar
[2011/02/23 21:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Application Data\D88D2B70CD6B84F22B2FE3D02B7EDA4B
[2011/02/21 23:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\Esther
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\thea\Desktop\*.tmp files -> C:\Documents and Settings\thea\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/19 14:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/19 14:19:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-595693871-2290516247-3996458890-1005UA.job
[2011/03/17 23:06:43 | 000,437,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/17 23:06:43 | 000,069,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 20:20:41 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\thea\Desktop\Google Chrome.lnk
[2011/03/17 20:20:41 | 000,002,266 | ---- | M] () -- C:\Documents and Settings\thea\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/15 20:45:27 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/15 20:39:53 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/03/09 21:14:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/09 21:13:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 21:13:16 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Mxufomp.job
[2011/03/09 21:13:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/09 21:12:54 | 3079,524,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/09 20:34:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/28 09:19:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-595693871-2290516247-3996458890-1005Core.job
[2011/02/26 19:08:27 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\thea\Desktop\Kindle For PC.lnk
[2011/02/23 23:04:34 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gsufakidalosace.dat
[2011/02/23 23:04:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fpegagijobake.bin
[2011/02/23 21:02:24 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\1031N.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\thea\Desktop\*.tmp files -> C:\Documents and Settings\thea\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/15 22:26:31 | 000,319,424 | ---- | C] () -- C:\Documents and Settings\thea\Desktop\recruit_pg.jpg
[2011/03/15 22:20:16 | 000,292,464 | ---- | C] () -- C:\Documents and Settings\thea\Desktop\recruit.pg.jpg
[2011/03/15 20:45:27 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/15 20:39:53 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/02/26 19:08:27 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\thea\Desktop\Kindle For PC.lnk
[2011/02/23 23:04:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gsufakidalosace.dat
[2011/02/23 23:04:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fpegagijobake.bin
[2011/02/23 21:02:24 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\1031N.dll
[2011/02/23 21:02:24 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\Mxufomp.job
[2010/08/26 08:00:49 | 000,005,740 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/16 00:08:24 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/03/31 23:08:08 | 000,010,936 | -HS- | C] () -- C:\Documents and Settings\thea\Local Settings\Application Data\4NXd80
[2010/03/31 23:08:08 | 000,010,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4NXd80
[2010/02/27 19:41:58 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/01/27 01:03:38 | 000,060,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/23 20:30:51 | 000,109,946 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2009/08/23 20:30:51 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2009/08/23 15:17:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/23 16:04:03 | 000,009,250 | ---- | C] () -- C:\Documents and Settings\thea\Application Data\SmarThruOptions.xml
[2009/05/23 16:03:53 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/05/23 16:03:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2009/05/23 16:03:23 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/05/23 16:03:18 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/05/23 16:02:03 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009/05/23 15:50:39 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/05/23 15:50:39 | 000,110,592 | R--- | C] () -- C:\WINDOWS\WiaInst.exe
[2009/05/23 15:50:39 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/05/23 15:50:38 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/05/23 15:50:38 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2009/05/23 15:50:19 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\scx425ci.exe
[2009/05/23 15:50:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\scx425ci.dll
[2009/05/23 15:28:45 | 000,010,565 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009/05/07 21:38:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/31 08:51:26 | 000,000,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/22 22:30:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009/03/22 22:30:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009/03/22 22:30:42 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009/03/22 22:24:53 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/03/22 22:24:53 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/02/28 15:34:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/02/28 15:32:35 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/02/28 15:32:35 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/02/27 16:42:45 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2009/02/27 16:42:45 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2009/02/27 16:35:06 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\thea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/26 04:17:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2009/02/26 04:06:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/26 03:50:59 | 000,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys
[2009/02/26 02:15:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/26 02:12:18 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2009/02/26 02:12:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2009/02/26 02:12:18 | 000,009,484 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2009/02/26 02:12:18 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2009/02/26 01:58:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2009/02/26 01:54:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/26 01:54:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/26 01:54:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/26 01:54:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/26 01:54:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/26 01:54:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/26 01:49:27 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/02/26 01:49:27 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/02/26 01:49:27 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2009/02/26 00:39:40 | 000,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys
[2009/01/09 04:57:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\HideCmd.exe
[2009/01/08 19:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2009/01/08 19:10:54 | 000,012,524 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2009/01/08 19:10:54 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2009/01/08 18:40:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config
[2009/01/08 18:35:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/08 18:33:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/08 18:32:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/01/08 17:15:55 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/08 17:15:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\gtfirstboot.exe
[2009/01/08 17:11:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/08 17:11:14 | 000,437,610 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/08 17:11:14 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/01/08 17:11:13 | 000,069,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/08 17:11:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/01/08 17:11:11 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/01/08 17:11:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/01/08 17:11:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/01/08 17:10:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/01/08 17:10:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/01/08 17:10:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/01/08 17:10:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/01/08 10:31:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/08 10:30:32 | 001,585,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/21 20:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007/12/14 20:01:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/03/17 09:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 09:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2002/09/18 04:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/07/06 19:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/02/26 05:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/07 23:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/03/22 22:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/07/28 18:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/19 18:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/26 23:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/17 23:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\Amazon
[2009/09/16 10:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/23 21:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\D88D2B70CD6B84F22B2FE3D02B7EDA4B
[2009/02/26 05:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\DAEMON Tools
[2009/02/26 05:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\DAEMON Tools Lite
[2009/02/26 05:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\DAEMON Tools Pro
[2011/03/09 21:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\Dropbox
[2010/02/28 14:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\Facebook
[2009/04/06 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\InterVideo
[2011/03/02 01:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\OfferBox
[2009/07/07 22:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\OverDrive
[2009/02/28 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\pdf995
[2009/05/23 16:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\SmarThru4
[2011/02/09 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\Smilebox
[2011/02/27 15:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\stickies
[2009/01/08 18:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\TMP
[2009/01/14 18:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\toshiba
[2009/06/18 18:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\uTorrent
[2009/01/08 18:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thea\Application Data\WinBatch
[2011/03/09 21:13:16 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\Tasks\Mxufomp.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
NeonFx
Posted 20 March 2011 - 09:51 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Hi there bubkwa'


I'd be glad to assist you with this problem. Let's run a couple more tools to identify the extent of the infection:


Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If GMER will not run in normal windows, please run it in Safe Mode





STEP 2:


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan

Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP