Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I may have a google redirect virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I may have a google redirect virus

Unread postby nyg052003 » November 15th, 2010, 11:03 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7A2F000 \WINDOWS\system32\KDCOM.DLL
0xF793F000 \WINDOWS\system32\BOOTVID.dll
0xF74E0000 ACPI.sys
0xF7A31000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74CF000 pci.sys
0xF752F000 isapnp.sys
0xF7A33000 intelide.sys
0xF77AF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF753F000 MountMgr.sys
0xF74B0000 ftdisk.sys
0xF7A35000 dmload.sys
0xF748A000 dmio.sys
0xF77B7000 PartMgr.sys
0xF754F000 VolSnap.sys
0xF7472000 atapi.sys
0xF77BF000 cercsr6.sys
0xF745A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF755F000 disk.sys
0xF756F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF743A000 fltmgr.sys
0xF73E3000 SYMDS.SYS
0xF73D1000 sr.sys
0xF7328000 SYMEFA.SYS
0xF757F000 PxHelp20.sys
0xF7311000 KSecDD.sys
0xF7284000 Ntfs.sys
0xF7257000 NDIS.sys
0xF723D000 Mup.sys
0xF758F000 agp440.sys
0xF773F000 \SystemRoot\system32\DRIVERS\processr.sys
0xF7014000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF7000000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF782F000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF6FEF000 \SystemRoot\system32\DRIVERS\el90xbc5.sys
0xF7837000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF775F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF783F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF776F000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A07000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6FDB000 \SystemRoot\system32\DRIVERS\parport.sys
0xF777F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7847000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6FB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF6F9F000 \SystemRoot\system32\drivers\ac97intc.sys
0xF6F7B000 \SystemRoot\system32\drivers\portcls.sys
0xF778F000 \SystemRoot\system32\drivers\drmk.sys
0xF6F58000 \SystemRoot\system32\drivers\ks.sys
0xF7B60000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF779F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A0F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6F41000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75AF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75BF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF784F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F30000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75CF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7857000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF785F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6F00000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF75DF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7867000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A5F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6E7A000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A2B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75EF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF75FF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A67000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF786F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7A69000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C0F000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A6B000 \SystemRoot\System32\Drivers\Beep.SYS
0xF787F000 \SystemRoot\System32\drivers\vga.sys
0xF7A6D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A6F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7887000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF788F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF79CB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF4BCF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4B76000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF4B1D000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMTDI.SYS
0xF4AF7000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF4A9F000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSxpx86.sys
0xF4A79000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF4A51000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF79E3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF762F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7897000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF766F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF79EF000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF4A2F000 \SystemRoot\System32\drivers\afd.sys
0xF767F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4A0C000 \SystemRoot\system32\drivers\NAV\1201000.025\Ironx86.SYS
0xF768F000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSPX.SYS
0xF49E1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4971000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76BF000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF4913000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF48F6000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF484A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
0xF76EF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF480A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A8B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4CC6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78CF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C04000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF37D2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF2C85000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7AE3000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF2AED000 \SystemRoot\system32\DRIVERS\srv.sys
0xF26D4000 \SystemRoot\System32\Drivers\NAV\1201000.025\SRTSP.SYS
0xF2586000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101114.003\NAVEX15.SYS
0xF2572000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101114.003\NAVENG.SYS
0xF2445000 \SystemRoot\system32\drivers\wdmaud.sys
0xF251A000 \SystemRoot\system32\drivers\sysaudio.sys
0xF1D1E000 \SystemRoot\System32\Drivers\HTTP.sys
0xEFA47000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 88):
0 System Idle Process
4 System
504 C:\WINDOWS\system32\smss.exe
560 csrss.exe
584 C:\WINDOWS\system32\winlogon.exe
628 C:\WINDOWS\system32\services.exe
640 C:\WINDOWS\system32\lsass.exe
796 C:\WINDOWS\system32\svchost.exe
856 svchost.exe
952 C:\WINDOWS\system32\svchost.exe
1012 svchost.exe
1084 svchost.exe
1160 acevents.exe
1340 C:\WINDOWS\system32\spoolsv.exe
1388 C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
1412 scardsvr.exe
1500 svchost.exe
1604 C:\WINDOWS\system32\svchost.exe
1624 C:\Program Files\Java\jre6\bin\jqs.exe
1724 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
1968 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1036 alg.exe
2604 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
2660 C:\WINDOWS\explorer.exe
2972 C:\Program Files\Hide My IP\HideMyIpSrv.exe
3760 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3768 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
3784 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
3932 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4004 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4028 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
4040 C:\WINDOWS\system32\ctfmon.exe
4064 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
1004 C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
236 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2916 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
1000 C:\Program Files\Mozilla Firefox\firefox.exe
544 C:\Program Files\Java\jre6\bin\jqsnotify.exe
2644 C:\Program Files\Mozilla Firefox\plugin-container.exe
3560 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
3872 C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
3476 C:\Documents and Settings\owner\My Documents\Downloads\MBRCheck.exe
3880 C:\Program Files\Real\RealPlayer\realplay.exe
2724 C:\Program Files\Real\RealPlayer\realplay.exe
3484 C:\Program Files\Real\RealPlayer\realplay.exe
2228 C:\Program Files\Real\RealPlayer\realplay.exe
1352 C:\Program Files\Real\RealPlayer\realplay.exe
2140 C:\Program Files\Real\RealPlayer\realplay.exe
2156 C:\Program Files\Real\RealPlayer\realplay.exe
3812 C:\Program Files\Real\RealPlayer\realplay.exe
2576 C:\Program Files\Real\RealPlayer\realplay.exe
3352 C:\Program Files\Real\RealPlayer\realplay.exe
440 C:\Program Files\Real\RealPlayer\realplay.exe
1056 C:\Program Files\Real\RealPlayer\realplay.exe
3644 C:\Program Files\Real\RealPlayer\realplay.exe
1184 C:\Program Files\Real\RealPlayer\realplay.exe
3524 C:\Program Files\Real\RealPlayer\realplay.exe
3220 C:\Program Files\Real\RealPlayer\realplay.exe
728 C:\Program Files\Real\RealPlayer\realplay.exe
2616 C:\Program Files\Real\RealPlayer\realplay.exe
724 C:\Program Files\Real\RealPlayer\realplay.exe
688 C:\Program Files\Real\RealPlayer\realplay.exe
1256 C:\Program Files\Real\RealPlayer\realplay.exe
2884 C:\Program Files\Real\RealPlayer\realplay.exe
2824 C:\Program Files\Real\RealPlayer\realplay.exe
1456 C:\Program Files\Real\RealPlayer\realplay.exe
3380 C:\Program Files\Real\RealPlayer\realplay.exe
2840 C:\Program Files\Real\RealPlayer\realplay.exe
3000 C:\Program Files\Real\RealPlayer\realplay.exe
3452 C:\Program Files\Real\RealPlayer\realplay.exe
2808 C:\Program Files\Real\RealPlayer\realplay.exe
1520 C:\Program Files\Real\RealPlayer\realplay.exe
2164 C:\Program Files\Real\RealPlayer\realplay.exe
372 C:\Program Files\Real\RealPlayer\realplay.exe
756 C:\Program Files\Real\RealPlayer\realplay.exe
2756 C:\Program Files\Real\RealPlayer\realplay.exe
476 C:\Program Files\Real\RealPlayer\realplay.exe
2476 C:\Program Files\Real\RealPlayer\realplay.exe
4052 C:\Program Files\Real\RealPlayer\realplay.exe
3544 C:\Program Files\Real\RealPlayer\realplay.exe
3420 C:\Program Files\Real\RealPlayer\realplay.exe
2748 C:\Program Files\Real\RealPlayer\realplay.exe
1768 C:\Program Files\Real\RealPlayer\realplay.exe
1900 C:\Program Files\Real\RealPlayer\realplay.exe
3896 C:\Program Files\Real\RealPlayer\realplay.exe
3776 C:\Program Files\Real\RealPlayer\realplay.exe
3964 C:\Program Files\Real\RealPlayer\realplay.exe
620 C:\Program Files\Real\RealPlayer\realplay.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160815A, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm
Advertisement
Register to Remove

Re: I may have a google redirect virus

Unread postby deltalima » November 15th, 2010, 1:57 pm

Hi nyg052003,

Please let me know if the Shareeza toolbar has now gone.

Please describe the redirects that you see.

If you enter a search phrase in the Firefox search box are you taken to the Ask search results?

Pleas click on the drop down arrow next to the search box and select Manage Search Engines. Here you wll be able to select and delete Ask and Shareaza Web Search then move Google to the top.

Let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 15th, 2010, 2:31 pm

deltalima wrote:Hi nyg052003,

Please let me know if the Shareeza toolbar has now gone.

Please describe the redirects that you see.

If you enter a search phrase in the Firefox search box are you taken to the Ask search results?

Pleas click on the drop down arrow next to the search box and select Manage Search Engines. Here you wll be able to select and delete Ask and Shareaza Web Search then move Google to the top.

Let me know how the computer is running now.


If I type into the large search engine it's still taking me to the , well i don't see " Ask " but it looks like a similiar redirect. I did the manage search engines thing and deleted sharazea and ask . I still see the sharezea box and I'm going to reboot the computer to see if that helps.

Also the small search engine box next to the large one, I see google there. If I type into it then it will take me to google. That appears to be working fine. Just the large box is still redirecting me.
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby nyg052003 » November 15th, 2010, 2:41 pm

just rebooted and still the same thing.
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 15th, 2010, 2:57 pm

That appears to be working fine. Just the large box is still redirecting me.


OK, please run a new scan with OTL and post just the OTL.txt log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 15th, 2010, 4:24 pm

OTL logfile created on: 11/15/2010 3:17:05 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 98.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 120.92 Gb Free Space | 81.13% Space Free | Partition Type: NTFS

Computer Name: OWNER-B16159440 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\owner\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Hide My IP\HideMyIpSrv.exe (HideMyIP)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\owner\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe (HideMyIP)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101115.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101115.002\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SCR3XX2K) -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (DCamUSBVeo532) -- C:\WINDOWS\system32\drivers\ubVeo532.sys (IC Media Corporation)
DRV - (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Shareaza Web Search"
FF - prefs.js..browser.search.order.1: "Shareaza Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {D238F46A-64EC-11DE-9C5A-D54056D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.shareazaweb.com/web?src=ffb&systemid=3&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/23 09:36:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 14:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/11 09:43:45 | 000,000,000 | ---D | M]

[2010/11/08 19:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2010/05/02 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/15 08:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions
[2010/09/29 16:06:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/21 20:54:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/24 11:01:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/24 11:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/29 16:06:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/11/08 19:03:29 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}
[2010/09/29 16:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\staged-xpis
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\searchplugins\ShareazaWebSearch.xml
[2010/11/15 08:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/19 11:10:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2003/03/18 20:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\mfc71.dll
[2003/02/21 03:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr71.dll
[2010/09/19 11:09:48 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/01 15:47:38 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npmfv.dll
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {EE9A4208-64EC-11DE-8440-204256D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk = C:\WINDOWS\Installer\{6ECD42B2-32AF-4898-880D-0608EA5C592A}\Icon9557F1BC1.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Desktop\Saleen SR.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/11 20:58:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{36f0c17b-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17b-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36f0c17d-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17d-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a1f8c5e-6b50-11df-a0e4-00065bdc7814}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{9a1f8c5e-6b50-11df-a0e4-00065bdc7814}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 07:53:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/11 15:50:29 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll64X.dll
[2010/11/08 19:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\25F
[2010/11/08 19:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\shareazamediabartb
[2010/11/08 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\Shareaza
[2010/11/08 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\My Received Files
[2010/11/08 19:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Shareaza
[2010/11/08 18:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\PackageAware
[2010/11/07 22:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\HP
[2010/11/07 21:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\husky saw_files
[2010/11/07 20:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/11/07 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2010/11/07 20:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/11/07 20:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/11/07 20:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/11/04 21:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/10/25 08:13:19 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\WINDOWS\System32\HMIPCore.dll
[2010/10/25 08:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hide My IP

========== Files - Modified Within 30 Days ==========

[2010/11/15 15:21:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 15:13:29 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2FC91D7E-537B-4D41-9483-7E9C16F6D78D}.job
[2010/11/15 13:37:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-606747145-1801674531-1003.job
[2010/11/15 13:37:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-606747145-1801674531-1003.job
[2010/11/15 13:36:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/15 13:36:45 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2010/11/15 13:36:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/15 13:36:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 13:36:26 | 804,339,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 16:37:52 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for owner.job
[2010/11/09 01:04:36 | 000,633,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/11/08 17:32:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/07 21:15:28 | 000,022,676 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\husky 2.jpg
[2010/11/07 21:07:48 | 000,010,729 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\husky saw.htm
[2010/11/07 20:49:18 | 000,137,610 | ---- | M] () -- C:\WINDOWS\HPHins15.dat
[2010/11/07 20:42:08 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/11/07 20:40:55 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/07 20:25:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/07 17:38:27 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 17:38:27 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/25 08:13:08 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2010/10/25 08:13:08 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Hide My IP.lnk
[2010/10/23 09:35:04 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/10/23 09:24:18 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/23 09:24:18 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/23 09:24:18 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/23 09:24:18 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/23 09:12:31 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/19 07:59:45 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Dish Orders.doc

========== Files Created - No Company Name ==========

[2010/11/07 21:15:27 | 000,022,676 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\husky 2.jpg
[2010/11/07 21:07:46 | 000,010,729 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\husky saw.htm
[2010/11/07 20:42:08 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/11/07 20:40:54 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/07 20:36:12 | 000,137,610 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2010/11/07 20:36:12 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2010/11/04 21:24:10 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/04 21:24:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/04 21:24:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/10/25 08:13:08 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2010/10/25 08:13:07 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Hide My IP.lnk
[2010/10/19 07:59:45 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Dish Orders.doc
[2010/10/14 19:07:07 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/14 19:01:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/16 17:00:17 | 000,004,733 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2010/05/07 22:20:17 | 000,000,792 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/02 00:42:03 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\Veo532ut.dll
[2010/02/16 20:44:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/14 13:22:35 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 19:37:31 | 000,003,259 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/12 13:50:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/11 15:48:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/29 22:05:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\erainp32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 15th, 2010, 4:33 pm

Hi nyg052003,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Shareaza Web Search"
    FF - prefs.js..browser.search.order.1: "Shareaza Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/"
    FF - prefs.js..keyword.URL: "http://search.shareazaweb.com/web?src=ffb&systemid=3&q="
    [2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\searchplugins\ShareazaWebSearch.xml
    [2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 15th, 2010, 7:04 pm

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Shareaza Web Search" removed from browser.search.defaultenginename
Prefs.js: "Shareaza Web Search" removed from browser.search.order.1
Prefs.js: "http://search.shareazaweb.com/" removed from browser.startup.homepage
Prefs.js: "http://search.shareazaweb.com/web?src=ffb&systemid=3&q=" removed from keyword.URL
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\searchplugins\ShareazaWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml moved successfully.

OTL by OldTimer - Version 3.2.17.3 log created on 11152010_175116

seems to be running fine now. I do still notice a little " S" in lower left hand corner of the toolbars. There is a Yahoo search, Shareeza i guess that is, the long main box, and the google short box next to the long search engine. The shareeza one might be there because the PC wasnt rebooted. It didn't prompt me to reboot the computer.

I have a few questions. Is it ok to have AOL as my homepage? I know someone told me along time ago that aol was a virus lol. I did find that hard to believe. Second question is do you know of a safe music site I can download music safely, even if I have to pay? I don't want to lose all of my songs again. When I deleted Limewire and Ares, all of my music was lost. I did about a month or two ago, save everything to a disc so most of the music I had is still on the disk.
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 16th, 2010, 5:10 am

Hi nyg052003,

Is it ok to have AOL as my homepage? I know someone told me along time ago that aol was a virus lol. I did find that hard to believe.


That should be fine, some of the AOL applications have a bad reputation but the home page is perfectly safe.

Second question is do you know of a safe music site I can download music safely, even if I have to pay?


Unfortunately I can't advise as I do not download music, the big names such as Itunes store should be safe, just keep away from free stuff via P2P!!!

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 16th, 2010, 9:13 pm

did all of the last things you said. With installing Spywareblaster, will my Norton still be running also. I like Norton in which it tells me and warns me also when something isnt safe at all and it auto fixes alot of stuff and prevents alot of stuff I should say.

And what about downloading stuff from youtube? Would it be considered the same p2p stuff as limewire and ares?
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 17th, 2010, 7:15 am

Hi nyg052003,

With installing Spywareblaster, will my Norton still be running also


Yes that will be no problem, there is no conflict between the two programs.

And what about downloading stuff from youtube?


I would still advise not to, as the content uploaded to the site can come from anyone and so can be infected with malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 17th, 2010, 10:55 am

deltalima wrote:Hi nyg052003,

With installing Spywareblaster, will my Norton still be running also


Yes that will be no problem, there is no conflict between the two programs.

And what about downloading stuff from youtube?


I would still advise not to, as the content uploaded to the site can come from anyone and so can be infected with malware.


what about using Bit Torrent. I watched a tutorial a minute ago and it really seems to me as to what you were saying earlier. It was saying that with bit torrent it's basically a file sharing thing between people. Is that the same thing Limewire and Ares and sites like that use?
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 17th, 2010, 10:58 am

what about using Bit Torrent


NO!! - Bittorrent is a form of P2P - any form of file sharing where anyone can provide the files is going to be a source of malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 17th, 2010, 12:09 pm

deltalima wrote:
what about using Bit Torrent


NO!! - Bittorrent is a form of P2P - any form of file sharing where anyone can provide the files is going to be a source of malware.

so I guess you are saying No to don't use it lol?

also, I lately also, maybe the past month or so sometimes get a prompt come up saying " High usage by firefox" . What is that about? I was thinking maybe having alot of tabs open or something?
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 17th, 2010, 3:00 pm

past month or so sometimes get a prompt come up saying " High usage by firefox" . What is that about?


That is a feature of the latest Norton product and is nothing to worry about.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware