Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

jzip is changing my web browser home page

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

jzip is changing my web browser home page

Unread postby m2thef2thec » October 13th, 2011, 8:07 pm

I recently downloaded jzip but it changed my web browser home page to search.jzip.com

I have since uninstalled the program but my web browser home page is still being changed.

Here are the requested logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26/04/2008 10:30:54 PM
System Uptime: 13/10/2011 2:13:03 AM (31 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2403/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 7.803 GiB free.
D: is FIXED (NTFS) - 409 GiB total, 191.595 GiB free.
E: is Removable
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP603: 13/10/2011 12:13:10 AM - Installed Mobipocket Reader 6.2
RP604: 13/10/2011 12:25:44 AM - Installed Mobipocket Reader 6.2
RP605: 13/10/2011 12:50:18 AM - Installed HiJackThis
RP606: 13/10/2011 1:01:47 AM - Windows Update
RP607: 13/10/2011 1:36:26 AM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
RP608: 14/10/2011 1:35:38 AM - Restore
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Registration
AudioShell 1.3.5
BEHRINGER USB MIDI DRIVER
Bonjour
Cakewalk XL Pack
CamStudio OSS Desktop Recorder
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
CommentKahuna
Conduit Engine
Delta
DivX Setup
Driver & Application Installation
File Type Assistant
Free File Viewer 2011
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.12.0
InterVideo DeviceService
iTunes
Jamstix 3.1.0
Java 2 Runtime Environment, SE v1.4.2_19
Java Auto Updater
Java(TM) 6 Update 26
Just Sudoku - Professional Edition 1.1
Just Trains Bristol to Exeter for RailWorks & Railworks 2
K-Lite Codec Pack 4.0.0 (Full)
Lenovo Media Studio
Lenovo PC Type Configuration
LVT
LXH-RAS79 Hotkey driver
Malwarebytes' Anti-Malware version 1.51.2.1300
Market Samurai
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XML Parser
MiniTool Partition Wizard Home Edition 5.2
Mobipocket Creator 4.2
Mobipocket Reader 6.2
Mozilla Firefox 7.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA PhysX
OGA Notifier 1.7.0105.35.0
OKAVAgent
PaperPort Image Printer
PC Tune-Up
PIXresizer 2.0.4
PMB
QuickTime
RailWorks
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.93
ScanSoft PaperPort 11
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Serif PhotoPlus Starter Edition
SONAR Home Studio 6
Sony USB Driver
Steam
The Lord of the Rings FREE Trial
Traffic Travis 4.0.0
Ulead VideoStudio 11
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VideoStudio
WinDirStat 1.1.2
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin
Wings of Prey 1.0.4.1
WinRAR 4.01 (32-bit)
Xvid Video Codec
yuPlay client 0.7.24
ZoneAlarm Antivirus
ZoneAlarm DataLock
ZoneAlarm Extreme Security
ZoneAlarm Firewall
ZoneAlarm Security
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Mark at 9:54:33 on 2011-10-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3326.1109 [GMT 10:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\runservice.exe
C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\Lenovo\file32\hotkey.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
D:\Program Files\Steam\steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
D:\Program Files\update\realsched.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.lenovo.com
mURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - Conduit Engine
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Extreme Security: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - ZoneAlarm Extreme Security Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} -
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Xvid] d:\program files\CheckUpdate.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [UVS11 Preload] d:\program files\video studio\uvPL.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [Lenovokey] c:\program files\lenovo\file32\hotkey.exe
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [DeltaIITaskbarApp] c:\windows\system32\DeltaIITray.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "d:\program files\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "d:\program files\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\progra~1\speedb~1\sblsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74C65298-7B6A-4716-B1FF-8589C6780BB3} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\i0zxhjrq.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.jzip.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... mid=102&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\netscape6\nppl3260.dll
FF - plugin: d:\program files\netscape6\nprjplug.dll
FF - plugin: d:\program files\netscape6\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-9-9 176128]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-6-24 21504]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-10-26 2560]
R2 OKAV Agent Service;OKAV Agent Service;c:\program files\trend micro\okavagent\OKAVAgent.exe [2008-2-2 66824]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-9-9 8606208]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-9-9 248832]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [2009-6-24 302728]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-7-25 36744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BCMIDI;BCMIDI;c:\windows\system32\drivers\bcmidi2.sys [2005-10-19 22432]
S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2010-3-20 35904]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-6-24 21504]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-4-6 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-4-6 11104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-12 16:14:37 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{13fe769e-9e4f-4e6e-8c0a-7d5fc482c78a}\offreg.dll
2011-10-12 15:40:58 -------- dc----w- c:\program files\AMD APP
2011-10-12 15:37:21 -------- dc----w- c:\windows\LastGood.Tmp
2011-10-12 14:50:45 388096 -c--a-r- c:\users\mark\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-12 14:26:59 -------- dc----w- c:\users\mark\appdata\roaming\Mobipocket
2011-10-12 14:26:16 -------- dc----w- c:\program files\Mobipocket.com
2011-10-12 13:57:44 -------- dc----w- C:\KindleGen
2011-10-12 13:31:57 -------- dc----w- c:\program files\iPod
2011-10-12 13:23:08 -------- dc----w- c:\program files\Bonjour
2011-10-12 08:14:11 69632 -c--a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 08:14:11 57856 -c--a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 08:14:11 293376 -c--a-w- c:\windows\system32\psisdecd.dll
2011-10-12 08:14:11 217088 -c--a-w- c:\windows\system32\psisrndr.ax
2011-10-12 08:14:09 2043392 -c--a-w- c:\windows\system32\win32k.sys
2011-10-12 08:13:48 2409784 -c--a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-12 08:13:42 238080 -c--a-w- c:\windows\system32\oleacc.dll
2011-10-12 08:13:41 563712 -c--a-w- c:\windows\system32\oleaut32.dll
2011-10-12 08:13:41 555520 -c--a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 08:13:41 4096 -c--a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 08:07:43 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{13fe769e-9e4f-4e6e-8c0a-7d5fc482c78a}\mpengine.dll
2011-10-11 01:24:52 -------- dc----w- c:\program files\common files\Mobipocket Shared
2011-10-08 13:22:15 -------- dc----w- c:\program files\NCH Software
2011-10-06 05:20:01 -------- dc----w- c:\programdata\boost_interprocess
2011-09-30 04:11:24 -------- dc----w- c:\program files\common files\xing shared
2011-09-29 02:58:46 -------- dc----w- c:\users\mark\appdata\roaming\FreeFileViewer
2011-09-23 11:50:55 -------- dc----w- c:\program files\NVIDIA Corporation
2011-09-23 11:48:12 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll
2011-09-23 11:48:12 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll
2011-09-14 14:50:42 49664 -c--a-w- c:\windows\system32\CamCodec.dll
2011-09-14 14:24:29 645632 -c--a-w- c:\windows\system32\xvidcore.dll
2011-09-14 14:24:29 240640 -c--a-w- c:\windows\system32\xvidvfw.dll
2011-09-14 14:24:29 153088 -c--a-w- c:\windows\system32\xvid.ax
2011-09-14 01:47:40 53760 -c--a-w- c:\windows\system32\OVDecode.dll
2011-09-14 01:46:58 13625856 -c--a-w- c:\windows\system32\amdocl.dll
2011-09-14 01:38:28 37376 -c--a-w- c:\windows\system32\amdoclcl.dll
.
==================== Find3M ====================
.
2011-10-12 16:15:30 49 -csha-w- c:\windows\system32\mmf.sys
2011-09-30 04:10:34 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2011-09-30 04:10:34 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2011-09-27 04:38:58 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-08 18:26:10 8606208 -c--a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:39:44 18534912 -c--a-w- c:\windows\system32\atioglxx.dll
2011-09-08 17:34:20 151552 -c--a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34:10 732672 -c--a-w- c:\windows\system32\aticfx32.dll
2011-09-08 17:30:38 466944 -c--a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30:10 401408 -c--a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29:46 176128 -c--a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28:46 159744 -c--a-w- c:\windows\system32\atitmmxx.dll
2011-09-08 17:28:32 356352 -c--a-w- c:\windows\system32\atipdlxx.dll
2011-09-08 17:28:22 278528 -c--a-w- c:\windows\system32\Oemdspif.dll
2011-09-08 17:28:16 20992 -c--a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28:10 43520 -c--a-w- c:\windows\system32\ati2edxx.dll
2011-09-08 17:24:38 4204032 -c--a-w- c:\windows\system32\atidxx32.dll
2011-09-08 17:18:22 1828864 -c--a-w- c:\windows\system32\atiumdmv.dll
2011-09-08 17:09:40 46080 -c--a-w- c:\windows\system32\aticalrt.dll
2011-09-08 17:09:28 44032 -c--a-w- c:\windows\system32\aticalcl.dll
2011-09-08 17:08:24 4064768 -c--a-w- c:\windows\system32\atiumdva.dll
2011-09-08 17:05:52 7331840 -c--a-w- c:\windows\system32\aticaldd.dll
2011-09-08 17:05:44 4289024 -c--a-w- c:\windows\system32\atiumdag.dll
2011-09-08 16:59:48 52736 -c--a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53:10 270336 -c--a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:52:56 13312 -c--a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52:46 32768 -c--a-w- c:\windows\system32\atigktxx.dll
2011-09-08 16:52:20 248832 -c--a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:51:54 31744 -c--a-w- c:\windows\system32\atiuxpag.dll
2011-09-08 16:51:44 29184 -c--a-w- c:\windows\system32\atiu9pag.dll
2011-09-08 16:51:22 37376 -c--a-w- c:\windows\system32\atitmpxx.dll
2011-09-08 16:51:12 53248 -c--a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:50:54 53760 -c--a-w- c:\windows\system32\atimpc32.dll
2011-09-08 16:50:54 53760 -c--a-w- c:\windows\system32\amdpcom32.dll
2011-09-07 15:45:22 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-09-01 02:35:59 1798144 -c--a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 -c--a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 -c--a-w- c:\windows\system32\mshtml.tlb
2011-08-31 07:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 13:05:04 83816 -c--a-w- c:\windows\system32\dns-sd.exe
2011-08-30 13:05:04 73064 -c--a-w- c:\windows\system32\dnssd.dll
2011-08-18 14:15:05 45056 -c--a-w- c:\windows\system32\ATIODCLI.exe
2011-08-18 14:14:51 294912 -c--a-w- c:\windows\system32\ATIODE.exe
2011-07-22 20:51:50 94208 -c--a-w- c:\windows\system32\dpl100.dll
.
============= FINISH: 9:56:00.60 ===============

Thank You
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am
Advertisement
Register to Remove

Re: jzip is changing my web browser home page

Unread postby Cypher » October 14th, 2011, 7:05 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Conduit Engine
Java 2 Runtime Environment, SE v1.4.2_19


Next.

Create a System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Creat.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: jzip is changing my web browser home page

Unread postby m2thef2thec » October 14th, 2011, 8:46 am

Thank you for your help, Cypher.

Here are the contents of the two files you requested:

OTL logfile created on: 14/10/2011 10:23:59 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 45.45% Memory free
3.35 Gb Paging File | 1.50 Gb Available in Paging File | 44.59% Paging File free
Paging file location(s): c:\pagefile.sys 200 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 7.20 Gb Free Space | 18.44% Space Free | Partition Type: NTFS
Drive D: | 408.64 Gb Total Space | 190.80 Gb Free Space | 46.69% Space Free | Partition Type: NTFS

Computer Name: MNMSPUTER | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mark\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - D:\Program Files\iTunesHelper.exe (Apple Inc.)
PRC - D:\Program Files\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - D:\Program Files\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe (SonicWALL, Inc.)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Windows\Runservice.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DeltaIITray.exe ()
PRC - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
PRC - C:\Program Files\Lenovo\file32\hotkey.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\22e853d2fe1435baa459685dee7ce7b7\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - D:\Program Files\Steam\bin\libcef.dll ()
MOD - D:\Program Files\Steam\bin\avcodec-52.dll ()
MOD - D:\Program Files\Steam\bin\chromehtml.dll ()
MOD - D:\Program Files\Steam\bin\avformat-52.dll ()
MOD - D:\Program Files\Steam\bin\avutil-50.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll ()
MOD - C:\Windows\System32\DeltaIITray.exe ()
MOD - C:\Program Files\Lenovo\file32\hotkey.exe ()
MOD - C:\Program Files\Lenovo\file32\KEYHOOK.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (VideoAcceleratorService) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LicCtrlService) -- C:\Windows\Runservice.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (OKAV Agent Service) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)


========== Driver Services (SafeList) ==========

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (icsak) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys (Check Point Software Technologies)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (BCMIDI) -- C:\Windows\System32\drivers\bcmidi2.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (BEHRINGER_PT_MIDI) Behringer MIDI driver service (pt) -- C:\Windows\System32\drivers\bhrngr_m.sys (Ploytec GmbH)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (DELTAII) Service for M-Audio Delta Driver (WDM) -- C:\Windows\System32\drivers\deltaII.sys (Avid Technology, Inc.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1473491835-2877683959-1440569699-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1473491835-2877683959-1440569699-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1473491835-2877683959-1440569699-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.jzip.com/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.1.5
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.4.6
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.90: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: d:\program files\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: d:\program files\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: d:\program files\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/09/08 02:00:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/15 00:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/30 14:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 23:00:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 14:11:52 | 000,000,000 | ---D | M]

[2011/10/08 22:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/10/08 22:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions
[2011/01/20 01:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/29 12:55:17 | 000,000,000 | ---D | M] (ZoneAlarm Extreme Security Community Toolbar) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}
[2011/10/06 15:19:57 | 000,002,497 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\searchplugins\SearchResults.xml
[2011/10/08 22:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/23 00:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/30 14:11:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\MARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0ZXHJRQ.DEFAULT\EXTENSIONS\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
() (No name found) -- C:\USERS\MARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0ZXHJRQ.DEFAULT\EXTENSIONS\SEOTOOLBAR@SEOBOOK.COM.XPI
[2011/09/29 17:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/23 00:37:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 11:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 11:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 11:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 11:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/06 15:19:57 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011/09/29 11:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll File not found
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1473491835-2877683959-1440569699-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\Windows\System32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe ()
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] d:\program files\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] D:\Program Files\Video Studio\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1473491835-2877683959-1440569699-1004..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1473491835-2877683959-1440569699-1004..\Run: [Xvid] D:\Program Files\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74C65298-7B6A-4716-B1FF-8589C6780BB3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 01:58:56 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2011/10/13 01:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/10/13 01:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/10/13 01:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/10/13 01:07:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/13 01:07:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/13 01:07:04 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/13 01:07:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/13 01:07:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/13 00:50:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/13 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\My eBooks
[2011/10/13 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mobipocket
[2011/10/13 00:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2011/10/12 23:57:44 | 000,000,000 | ---D | C] -- C:\KindleGen
[2011/10/12 23:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 23:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 23:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 18:14:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 18:14:11 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 18:14:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 18:14:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 18:14:09 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 18:13:41 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 18:13:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/11 23:02:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\My Publications
[2011/10/11 11:25:13 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
[2011/10/11 11:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mobipocket Shared
[2011/10/08 23:28:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\WinRAR
[2011/10/08 23:28:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/08 23:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/08 23:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/10/08 23:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/10/08 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/10/06 15:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/09/30 14:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/09/30 14:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/09/29 12:58:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\FreeFileViewer
[2011/09/29 12:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2011/09/23 23:02:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2011/09/23 23:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2011/09/23 21:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/09/23 21:48:12 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/09/23 21:48:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/09/19 00:33:13 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Tune-Up
[2011/09/15 00:50:42 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\System32\CamCodec.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/14 22:15:17 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/14 22:15:17 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/14 21:26:57 | 000,000,049 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/10/14 21:26:45 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2011/10/14 21:25:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/14 00:45:43 | 000,002,359 | ---- | M] () -- C:\Users\Mark\Desktop\HiJackThis.lnk
[2011/10/13 01:59:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2011/10/13 01:13:51 | 000,413,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 01:04:17 | 000,631,908 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/13 01:04:17 | 000,118,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/13 00:26:18 | 000,001,992 | ---- | M] () -- C:\Users\Mark\Desktop\Mobipocket Reader.lnk
[2011/10/12 23:33:27 | 000,001,425 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/12 23:28:51 | 005,968,181 | ---- | M] () -- C:\Users\Mark\Desktop\kindlegen_win32_v1.2.zip
[2011/10/11 11:25:14 | 000,000,631 | ---- | M] () -- C:\Users\Mark\Desktop\Mobipocket Creator.lnk
[2011/10/05 22:38:54 | 000,167,936 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 23:23:11 | 000,000,605 | ---- | M] () -- C:\Users\Mark\Desktop\DivX Movies.lnk
[2011/10/03 23:22:56 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/09/30 23:00:56 | 000,000,870 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/30 23:00:56 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/30 14:11:43 | 000,000,541 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/09/30 14:11:02 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/09/30 14:10:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/09/30 14:10:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/09/30 14:10:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/09/29 12:55:01 | 000,000,900 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2011/09/29 12:55:01 | 000,000,876 | ---- | M] () -- C:\Users\Mark\Desktop\FreeFileViewer.lnk
[2011/09/28 13:10:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dir
[2011/09/27 14:38:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/27 14:24:24 | 325,884,453 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/23 23:02:06 | 000,000,656 | ---- | M] () -- C:\Users\Mark\Desktop\WinDirStat.lnk
[2011/09/21 15:39:44 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\SONAR Home Studio 6.lnk
[2011/09/21 12:05:19 | 000,001,853 | ---- | M] () -- C:\Users\Mark\Desktop\Lenovo Media Studio.lnk
[2011/09/21 00:15:47 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/20 00:35:38 | 000,000,706 | ---- | M] () -- C:\Users\Mark\Desktop\Traffic Travis v4.lnk
[2011/09/20 00:35:38 | 000,000,706 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis v4.lnk
[2011/09/19 23:34:11 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/19 00:33:14 | 000,000,668 | ---- | M] () -- C:\Users\Mark\Desktop\PC Tune-Up.lnk
[2011/09/15 00:50:44 | 000,000,608 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio-Recorder.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/13 00:50:45 | 000,002,359 | ---- | C] () -- C:\Users\Mark\Desktop\HiJackThis.lnk
[2011/10/13 00:26:18 | 000,001,992 | ---- | C] () -- C:\Users\Mark\Desktop\Mobipocket Reader.lnk
[2011/10/12 23:56:32 | 005,968,181 | ---- | C] () -- C:\Users\Mark\Desktop\kindlegen_win32_v1.2.zip
[2011/10/12 23:33:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 11:25:14 | 000,000,631 | ---- | C] () -- C:\Users\Mark\Desktop\Mobipocket Creator.lnk
[2011/10/03 23:23:11 | 000,000,605 | ---- | C] () -- C:\Users\Mark\Desktop\DivX Movies.lnk
[2011/10/03 23:22:56 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/09/30 14:11:43 | 000,000,541 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/09/29 12:55:04 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2011/09/29 12:55:01 | 000,000,876 | ---- | C] () -- C:\Users\Mark\Desktop\FreeFileViewer.lnk
[2011/09/28 13:10:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dir
[2011/09/27 14:24:24 | 325,884,453 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/23 22:22:08 | 000,000,656 | ---- | C] () -- C:\Users\Mark\Desktop\WinDirStat.lnk
[2011/09/19 00:33:14 | 000,000,668 | ---- | C] () -- C:\Users\Mark\Desktop\PC Tune-Up.lnk
[2011/09/15 00:50:44 | 000,000,608 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio-Recorder.lnk
[2011/09/15 00:24:29 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/15 00:24:29 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/15 00:24:29 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/08/27 00:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/08/19 00:14:52 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/05/23 01:14:27 | 000,000,049 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2011/04/09 01:12:14 | 000,711,168 | ---- | C] () -- C:\Windows\is-MF9H2.exe
[2011/04/06 01:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/06 00:24:23 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/04/06 00:24:23 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/04/06 00:24:22 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/03/29 20:11:56 | 000,236,040 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe
[2011/02/23 10:48:29 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/02/23 10:44:11 | 000,000,280 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/02/23 10:44:11 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/02/23 10:44:11 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2011/02/23 10:35:11 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/16 16:23:09 | 000,000,460 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/16 16:23:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/12/22 22:58:31 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010/12/22 22:57:50 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/12/22 22:57:47 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/10/26 23:10:54 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2010/10/26 23:10:54 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2010/08/26 11:19:36 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/08/14 21:23:49 | 000,000,680 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2009/11/10 21:24:10 | 000,000,073 | ---- | C] () -- C:\Windows\js2.ini
[2009/10/29 21:23:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/01 23:34:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/01 23:34:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/30 21:56:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/12 09:00:42 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2009/07/04 21:53:09 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/07/04 21:53:09 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/07/04 21:53:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/07/04 21:53:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/07/04 21:53:09 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/07/04 21:53:09 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/06/26 00:17:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/25 22:42:54 | 000,000,144 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2009/06/25 22:42:54 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2009/06/25 22:42:54 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2009/06/24 00:08:00 | 000,167,936 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 00:02:24 | 000,017,089 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\UserTile.png
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\Windows\System32\OGAVerify.exe
[2008/04/27 00:56:56 | 000,208,896 | ---- | C] () -- C:\Windows\SetDrive.exe
[2008/04/27 00:56:55 | 000,036,864 | ---- | C] () -- C:\Windows\WinWait.exe
[2008/04/26 23:54:53 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2008/04/26 23:54:53 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2008/04/26 23:54:53 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image.dll
[2008/04/26 23:54:53 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2008/04/26 23:54:53 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2008/04/26 23:54:53 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2008/04/26 23:54:52 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog.dll
[2008/04/26 23:54:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend.dll
[2008/04/26 23:54:51 | 000,622,592 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2008/04/26 23:42:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/03/26 11:04:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/26 11:04:34 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/07/18 17:15:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,413,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,631,908 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,118,534 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >

OTL Extras logfile created on: 14/10/2011 10:23:59 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 45.45% Memory free
3.35 Gb Paging File | 1.50 Gb Available in Paging File | 44.59% Paging File free
Paging file location(s): c:\pagefile.sys 200 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 7.20 Gb Free Space | 18.44% Space Free | Partition Type: NTFS
Drive D: | 408.64 Gb Total Space | 190.80 Gb Free Space | 46.69% Space Free | Partition Type: NTFS

Computer Name: MNMSPUTER | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1473491835-2877683959-1440569699-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08096EC0-62F2-4DB0-A1AC-817D77B74E9C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0EB82CD5-7992-4B2D-A1FF-160A8535D6F1}" = dir=in | app=c:\program files\lenovo\lenovo media studio\pdr.exe |
"{185EAB7C-2E41-44B5-A415-C7F58EC400C7}" = protocol=17 | dir=in | app=d:\program files\wings of prey\launcher.exe |
"{1CB2ADA1-7979-4365-AA1E-EA3C6BC0F990}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FEB8E89-6FDD-4FC7-94C8-D2F52E8C9559}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{2173B96C-FB5D-49E9-842A-4E9C032C0AFE}" = protocol=6 | dir=in | app=d:\program files\wings of prey\yuplay\yuplay.exe |
"{3D609D46-F16B-4AD2-AFE8-E096F38BC36C}" = protocol=17 | dir=in | app=d:\program files\wings of prey\acess.exe |
"{4069C9D5-F704-4FB2-A992-AC38A343F88F}" = protocol=6 | dir=in | app=d:\program files\wings of prey\launcher.exe |
"{5611E9CB-9989-41EA-8328-C4DCB453D941}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BC9CCBD-F968-4914-9DC3-2F322EBD1664}" = protocol=6 | dir=in | app=d:\program files\wings of prey\acess.exe |
"{65C2EBE1-7245-4D36-8FE5-CA76A42FBFC3}" = dir=in | app=d:\program files\itunes.exe |
"{96161F9B-4F32-432B-84E0-0E7AB0C9DBC3}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\railworks\railworks.exe |
"{A5424CEF-C190-4680-8B7B-2B22AAAB71D0}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |
"{BD29621B-0CB2-4A93-A15E-A1C03339C9F0}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{D6F6A3D1-BB5D-42BA-B58D-03BC47A98B2A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\railworks\railworks.exe |
"{D9C67F22-F741-4932-8709-751C38F5022E}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E14E7F00-D1FD-4208-9BC0-F85EBB9AFC05}" = protocol=17 | dir=in | app=d:\program files\wings of prey\yuplay\yuplay.exe |
"{F52E0004-414C-469A-B3D8-62361E2E30DC}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"TCP Query User{DA79DC9A-E471-4DD5-AFC0-9462605B3F14}D:\program files\second life\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=d:\program files\second life\secondlifeviewer2\slvoice.exe |
"UDP Query User{A9E83950-D433-4F5A-87AF-2F49AEF90D08}D:\program files\second life\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=d:\program files\second life\secondlifeviewer2\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{364AD023-F22D-4380-88D0-F9C6A778E194}" = Driver & Application Installation
"{3BB1501C-1670-4b53-8B67-B1C368BC7227}" = Lenovo PC Type Configuration
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DACC3F4-2007-A5EE-5FFF-129338EC89E6}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4717BD4A-E16A-41E9-B0D8-0BD931DAED96}" = CommentKahuna
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6306FC5D-2574-DDDC-181C-49265DFE6D43}" = Market Samurai
"{6603BC18-EEF7-7936-77BF-76861115E674}" = Catalyst Control Center Graphics Previews Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81C6F110-7958-4442-B308-C7C9CAEF8CCF}" = ZoneAlarm DataLock
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb" = PC Tune-Up
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98856675-ABD3-41C6-8BAE-35A3DAA0B971}" = LXH-RAS79 Hotkey driver
"{9919E625-F1EC-4945-AC40-83BEE74B78CC}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0765939-76F5-48D8-82B1-8D0BBFAD0702}" = Serif PhotoPlus Starter Edition
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1" = Wings of Prey 1.0.4.1
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = Lenovo Media Studio
"{CC5FA098-131A-5648-31D5-825692C72B2C}" = Catalyst Control Center
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DBBFDD7B-71FC-443D-95C2-D014FED556CB}" = LVT
"{DF088F13-9C0D-486B-9A6A-A6BA2BCCBAD6}" = Just Trains Bristol to Exeter for RailWorks & Railworks 2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy
"{F99F26DF-CCDE-F5F6-02AD-ABA8AAB51ADE}" = ccc-utility
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioShell_is1" = AudioShell 1.3.5
"Cakewalk XL Pack_is1" = Cakewalk XL Pack
"conduitEngine" = Conduit Engine
"DivX Setup" = DivX Setup
"FreeFileViewer_is1" = Free File Viewer 2011
"InstallShield_{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = Lenovo Media Studio
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Jamstix 3_is1" = Jamstix 3.1.0
"Just Sudoku - Professional Edition_is1" = Just Sudoku - Professional Edition 1.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"PC Tune-Up" = PC Tune-Up
"PIXresizer_is1" = PIXresizer 2.0.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SONAR Home_is1" = SONAR Home Studio 6
"Steam App 24010" = RailWorks
"Traffic Travis 4.0 Setup Wizard_is1" = Traffic Travis 4.0.0
"Traffic Travis v4_is1" = Traffic Travis 4.0.0
"Trusted Software Assistant_is1" = File Type Assistant
"USB_AUDIO_DEusb-audio.deBehringerMIDI" = BEHRINGER USB MIDI DRIVER
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"yuPlay клиент_is1" = yuPlay client 0.7.24
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1473491835-2877683959-1440569699-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2011 8:18:46 AM | Computer Name = MnMsPuter | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2011 8:18:46 AM | Computer Name = MnMsPuter | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2011 8:18:46 AM | Computer Name = MnMsPuter | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2011 8:18:46 AM | Computer Name = MnMsPuter | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2011 8:18:46 AM | Computer Name = MnMsPuter | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2011 8:18:46 AM | Computer Name = MnMsPuter | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2011 9:23:00 AM | Computer Name = MnMsPuter | Source = VSS | ID = 12338
Description =

Error - 7/10/2011 9:28:31 AM | Computer Name = MnMsPuter | Source = System Restore | ID = 8193
Description =

Error - 11/10/2011 10:11:23 AM | Computer Name = MnMsPuter | Source = Windows Search Service | ID = 3013
Description =

Error - 11/10/2011 10:11:23 AM | Computer Name = MnMsPuter | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: jzip is changing my web browser home page

Unread postby Cypher » October 14th, 2011, 11:26 am

Hi m2thef2thec,
Thank you for your help, Cypher.

You're welcome.
Let me know if this fixes the problem with your homepage.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Adobe Reader 9.4.6
Java(TM) 6 Update 26


Next.

Please download from HERE
  • Find Java SE 7, (JRE) Java SE 7.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.1).

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKLM\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found
    FF - prefs.js..browser.startup.homepage: "http://search.jzip.com/"
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q="
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    [2011/06/23 00:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) -- C:\USERS\MARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0ZXHJRQ.DEFAULT\EXTENSIONS\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
    O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O2 - BHO: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FB1B13D8
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [clearallrestorepoints]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply


Logs/Information to Post in your Next Reply

  • OTL log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: jzip is changing my web browser home page

Unread postby m2thef2thec » October 15th, 2011, 12:19 am

Hi Cypher

This has fixed my problem! When I ran Firefox to re-open this forum, it went to the Firefox start page, which I've now changed back to Google, and NOT the jzip search page. My system seems to be running more smoothly, too.

Here is the OTL file:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ deleted successfully.
Prefs.js: "http://search.jzip.com/" removed from browser.startup.homepage
Prefs.js: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14 removed from extensions.enabledItems
Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 removed from extensions.enabledItems
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Windows\System32\ConduitEngine.tmp deleted successfully.
ADS C:\ProgramData\TEMP:B63300D1 deleted successfully.
ADS C:\ProgramData\TEMP:FB1B13D8 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mark\Desktop\cmd.bat deleted successfully.
C:\Users\Mark\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: Mark
->Flash cache emptied: 1944491 bytes

User: Public

Total Flash Files Cleaned = 2.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 26765361 bytes
->Temporary Internet Files folder emptied: 163264079 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5427223 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 1000445 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mark
->Temp folder emptied: 653810018 bytes
->Temporary Internet Files folder emptied: 21651269 bytes
->Java cache emptied: 290839 bytes
->FireFox cache emptied: 42639649 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1285097902 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 924842 bytes

Total Files Cleaned = 2,099.00 mb



OTL by OldTimer - Version 3.2.29.1 log created on 10152011_135626

Files\Folders moved on Reboot...
C:\Users\Mark\AppData\Local\Temp\~DFA5CD.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT025dc.TMP not found!

Registry entries deleted on Reboot...
_________________

Many, many thanks. I will definitely recommend this forum to anyone that is having problems with malware!

Regards
Mark Chaney
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: jzip is changing my web browser home page

Unread postby Cypher » October 15th, 2011, 6:41 am

Hi Mark,
Many, many thanks.

You're most welcome.
This has fixed my problem! When I ran Firefox to re-open this forum, it went to the Firefox start page,

Excellent, I need you to run another scan for me to check for leftovers.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: jzip is changing my web browser home page

Unread postby m2thef2thec » October 15th, 2011, 6:00 pm

Here is the ESET log:

D:\Program Files\Applications\7zip.au01.exe a variant of Win32/Adware.DoubleD.AF application

My computer is definitely running better since we started this process.

Regards
Mark Chaney
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: jzip is changing my web browser home page

Unread postby m2thef2thec » October 15th, 2011, 6:18 pm

Sorry, I sent the wrong file. Here is the correct one:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=df5278ac8d19d946938c8baf3cd42fb9
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-15 03:14:16
# local_time=2011-10-16 01:14:16 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 72926520 72926520 0 0
# compatibility_mode=5892 16776573 100 100 2015 156220441 0 0
# compatibility_mode=8192 67108863 100 0 435 435 0 0
# compatibility_mode=9217 16776893 100 13 0 7399539 0 0
# scanned=5388
# found=0
# cleaned=0
# scan_time=343
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=df5278ac8d19d946938c8baf3cd42fb9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-15 05:13:28
# local_time=2011-10-16 03:13:28 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 72927009 72927009 0 0
# compatibility_mode=5892 16776573 100 100 2504 156220930 0 0
# compatibility_mode=8192 67108863 100 0 924 924 0 0
# compatibility_mode=9217 16776893 100 13 0 7400028 0 0
# scanned=292118
# found=1
# cleaned=0
# scan_time=7005
D:\Program Files\Applications\7zip.au01.exe a variant of Win32/Adware.DoubleD.AF application (unable to clean) 00000000000000000000000000000000 I
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: jzip is changing my web browser home page

Unread postby m2thef2thec » October 15th, 2011, 6:20 pm

Oops! I pasted it twice.
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: jzip is changing my web browser home page

Unread postby Cypher » October 16th, 2011, 6:16 am

Hi Mark,
My computer is definitely running better since we started this process.

Good to hear :)
Delete the below then you should be good to go.
D:\Program Files\Applications\7zip.au01.exe

Once done your latest set of logs appear to be clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: jzip is changing my web browser home page

Unread postby m2thef2thec » October 16th, 2011, 8:34 am

Hi Cypher

Everything is now running as it should - and faster!

I would like to say that I have been impressed with your knowledge of the problem I was experiencing and the fast turnaround times of the posts. I am extremely happy that you were able to help me and I, as mentioned before, will be recommending this site to as many people as I can.

Many Thanks again

Regards
Mark Chaney
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: jzip is changing my web browser home page

Unread postby Cypher » October 16th, 2011, 11:22 am

Hi Mark,
Everything is now running as it should - and faster!

Excellent, :thumbleft:
I would like to say that I have been impressed with your knowledge of the problem I was experiencing and the fast turnaround times of the posts. I am extremely happy that you were able to help me and I, as mentioned before, will be recommending this site to as many people as I can.

Many Thanks again
You're most welcome glad we could help, good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware