Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mozilla redirect virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Mozilla redirect virus

Unread postby delapena85 » November 11th, 2011, 11:21 pm

My previous attempt to resolve this issue was locked, with a moderator stating that this was for a business computer. I am not sure where you are getting this information. I assure you this is not for a business computer, it is for a laptop used completely for recreational purposes at home. Please let me know if there is anything I can do to confirm this.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by The Delapenas at 20:11:14 on 2011-11-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1199 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\syswow64\msiexec.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\STOPzilla!\SZInit.Exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [mVVVzzONtx0uS2b8234A] C:\Users\The Delapenas\AppData\Roaming\Rx0v2b3nGaH\qKRLL9gTX.exe
uRun: [qN1v2obF4m5Q6E88234A] C:\Users\The Delapenas\AppData\Roaming\HN01GHfLgqwlxS\FHEZwUlBPy1vn4m.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [<NO NAME>]
StartupFolder: C:\Users\THEDEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\Users\THEDEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{117F694F-A6AF-4253-9690-3DD6654DB0B9} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{117F694F-A6AF-4253-9690-3DD6654DB0B9}\D414252594F44545 : DhcpNameServer = 67.91.190.99 67.91.190.98 4.2.2.2
TCP: Interfaces\{117F694F-A6AF-4253-9690-3DD6654DB0B9}\D495C45435D20534F5E4564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9AC04029-B481-448E-8C70-E213C0CEA8B1} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [(Default)]
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Delapenas\AppData\Roaming\Mozilla\Firefox\Profiles\3mt928il.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.weightwatchers.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYSWUS&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: XUL Cache: {012546ad-39dd-46fd-a416-fc3bf819461e} - %profile%\extensions\{012546ad-39dd-46fd-a416-fc3bf819461e}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-6-20 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-5 366640]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-5 2320920]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-7-10 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-5 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-08 03:54:51 25160 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2011-11-08 03:53:52 -------- d-----w- C:\ProgramData\Hitman Pro
2011-11-07 20:55:46 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0173772B-35DF-4899-8972-A5F09EF518A8}\offreg.dll
2011-11-07 20:55:40 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0173772B-35DF-4899-8972-A5F09EF518A8}\mpengine.dll
2011-11-06 06:07:30 0 ----a-w- C:\windows\SysWow64\sho406B.tmp
2011-11-06 04:53:55 1788416 ----a-w- C:\Users\The Delapenas\AppData\Roaming\java.exe
2011-11-06 04:28:39 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2011-11-06 04:28:37 -------- d-----w- C:\ProgramData\STOPzilla!
2011-11-06 04:28:37 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-11-05 07:47:42 546256 ----a-r- C:\windows\SysWow64\SZComp5.dll
2011-11-05 07:47:42 480720 ----a-r- C:\windows\SysWow64\SZBase5.dll
2011-11-05 07:47:42 22992 ----a-r- C:\windows\SysWow64\SZIO5.dll
2011-11-05 07:47:42 132560 ----a-r- C:\windows\SysWow64\IS3HTUI5.dll
2011-11-05 07:47:40 99792 ----a-r- C:\windows\SysWow64\IS3Svc5.dll
2011-11-05 07:47:40 738768 ----a-r- C:\windows\SysWow64\IS3Base5.dll
2011-11-05 07:47:40 67024 ----a-r- C:\windows\SysWow64\IS3Hks5.dll
2011-11-05 07:47:40 456144 ----a-r- C:\windows\SysWow64\IS3DBA5.dll
2011-11-05 07:47:40 390608 ----a-r- C:\windows\SysWow64\IS3UI5.dll
2011-11-05 07:47:40 28624 ----a-r- C:\windows\SysWow64\IS3XDat5.dll
2011-11-05 07:47:40 230864 ----a-r- C:\windows\SysWow64\IS3Win325.dll
2011-11-05 07:47:40 103888 ----a-r- C:\windows\SysWow64\IS3Inet5.dll
2011-10-19 15:55:38 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 02:26:10 -------- d-----w- C:\Users\The Delapenas\AppData\Local\{81AF3D9F-22D3-46B3-ACFF-BBF1EB7D7D61}
2011-10-11 02:25:58 -------- d-----w- C:\Users\The Delapenas\AppData\Local\{52807820-22BD-44A0-89CB-E6968F94B086}
.
==================== Find3M ====================
.
2011-11-06 06:12:18 370 ----a-w- C:\windows\SysWow64\PARTILOG.EXE
2011-09-26 19:21:26 74768 ----a-r- C:\windows\SysWow64\drivers\SZKG64.sys
2011-09-26 19:21:26 74768 ----a-r- C:\windows\SysWow64\drivers\is3srv64.sys
.
============= FINISH: 20:12:26.89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2010 7:48:22 PM
System Uptime: 11/7/2011 12:11:33 PM (8 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1179/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 236.132 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP300: 10/19/2011 7:54:50 AM - Windows Update
RP301: 10/20/2011 1:17:09 PM - Windows Update
RP302: 10/21/2011 3:52:52 PM - Windows Update
RP303: 10/22/2011 9:20:56 PM - Windows Update
RP304: 10/23/2011 11:22:42 PM - Windows Update
RP305: 10/25/2011 1:00:44 PM - Windows Update
RP306: 10/26/2011 2:55:51 PM - Windows Update
RP307: 10/27/2011 9:45:50 PM - Windows Update
RP308: 10/28/2011 10:04:23 PM - Windows Update
RP310: 10/31/2011 12:28:55 AM - Windows Update
RP311: 11/1/2011 6:32:38 AM - Windows Update
RP312: 11/2/2011 6:51:05 AM - Windows Update
RP313: 11/3/2011 7:00:54 AM - Windows Update
RP314: 11/4/2011 7:35:05 AM - Windows Update
RP315: 11/5/2011 7:56:46 AM - Windows Update
RP316: 11/5/2011 8:28:09 PM - Installed STOPzilla. Available with Windows Installer version 1.2

and later.
RP317: 11/5/2011 8:34:16 PM - StopZILLA! Restore Point.
RP318: 11/6/2011 9:15:05 AM - Windows Update
RP319: 11/7/2011 12:55:16 PM - Windows Update
RP320: 11/7/2011 8:10:07 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and

later.
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
AIM 7
Apple Application Support
Apple Software Update
Ask Toolbar
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Best Buy pc app
Bing Bar
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX-Setup
Download Updater (AOL LLC)
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java(TM) 6 Update 17
Junk Mail filter update
Label@Once 1.0
Malwarebytes' Anti-Malware version 1.51.1.1800
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.23)
MSVCRT
MSVCRT_amd64
Norton Security Scan
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Word 2010 (KB2345000)
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
UnHackMe 5.99 release
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.4053
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
11/7/2011 8:10:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was

reached while waiting for a transaction response from the szserver service.
11/5/2011 8:38:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on

starting.
11/5/2011 8:33:04 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: Partizan
11/5/2011 8:32:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time

Protection feature has encountered an error and failed. Feature: Behavior Monitoring

Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver

requires an up-to-date engine in order to function. You must install the latest definition

updates in order to enable real-time protection.
11/5/2011 8:30:32 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has

encountered an error when taking action on spyware or other potentially unwanted software. For

more information please see the following: http://go.microsoft.com/fwlink/?

linkid=37020&name=Exploit:Win32/Pdfjsc.RF&threatid=2147646316 User: NT AUTHORITY\SYSTEM

Name: Exploit:Win32/Pdfjsc.RF ID: 2147646316 Severity: Severe Category: Exploit

Path: Action: Remove Error Code: 0x80508023 Error

description: The program could not find the spyware and other potentially unwanted software on

this computer. Status: Signature Version: AV: 1.115.1326.0, AS: 1.115.1326.0

Engine Version: 1.1.7801.0
11/5/2011 10:12:47 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: is3srv Partizan
11/5/2011 10:12:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time

Protection feature has encountered an error and failed. Feature: Behavior Monitoring

Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver

requires an up-to-date engine in order to function. You must install the latest definition

updates in order to enable real-time protection.
11/5/2011 10:10:47 PM, Error: Service Control Manager [7001] - The Computer Browser service

depends on the Server service which failed to start because of the following error: The

dependency service or group failed to start.
11/5/2011 10:08:59 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service

depends on the Function Discovery Provider Host service which failed to start because of the

following error: The dependency service or group failed to start.
11/5/2011 10:08:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-

F52A-11D8-B9A5-505054503030}
11/5/2011 10:08:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-

AC08-4F1F-BEB7-5C22C517CE39}
11/5/2011 10:08:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2011 10:08:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}
11/5/2011 10:08:29 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: discache is3srv MpFilter Partizan spldr Wanarpv6
11/5/2011 10:08:29 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler

service depends on the Application Virtualization Client service which failed to start because of

the following error: The dependency service or group failed to start.
11/1/2011 6:22:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time

Protection feature has encountered an error and failed. Feature: Behavior Monitoring

Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver

requires an up-to-date engine in order to function. You must install the latest definition

updates in order to enable real-time protection.
.
==== End Of File ===========================
delapena85
Active Member
 
Posts: 2
Joined: November 8th, 2011, 12:14 am
Advertisement
Register to Remove

Re: Mozilla redirect virus

Unread postby Cypher » November 13th, 2011, 1:20 pm

Your logs clearly show that this is a business computer and or connected to a business network.
On this forum the Administrators are the sole arbiters of what constitutes Home use.

We reserve the right to close any topic that in our opinion is from a computer used for other purposes.

All decisions are final, and are not open to discussion or negotiation.

http://malwareremoval.com/forum/viewtop ... 98#p491398

This topic is now closed
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 141 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware