Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I may have a google redirect virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I may have a google redirect virus

Unread postby nyg052003 » November 11th, 2010, 12:00 pm

I recently installed Shareeza music downloading a few days ago. Today when I logged in, my firefox didnt' go to my Aol home page as it usually does. Also, there is a Shareeza toolbar now and in the browser box it is an " S" for shareeza when there used to be the firefox logo. When I put something in the browser button for instance " I boiled peanuts , why did some come out dry" , it goes to something other than what it used to go to as for a list of googled stuff . It now looks different. I also uninstalled Shareeza and restarted computer and it's toolbar was still there.

Hijack this log :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:40 AM, on 11/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hide My IP\HideMyIpSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\PROGRA~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\PROGRA~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: ApproveIt StartUp.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll
O20 - Winlogon Notify: ackpbsc - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Google Update Service (gupdate1cac174fe628bde) (gupdate1cac174fe628bde) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HideMyIpSRV - HideMyIP - C:\Program Files\Hide My IP\HideMyIpSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9084 bytes

Uninstall List:

Acrobat.com
Acrobat.com
ActivClient CAC x86
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
ApproveIt Desktop
Ares 2.1.5
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
DivX Setup
DVDVideoSoftTB Toolbar
Free Studio version 4.8
Free WMA to MP3 Converter 1.16
Google Chrome
Google Update Helper
Hide My IP 5.2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Product Detection
HP Solution Center 9.0
HP Update
HPSSupply
IBM Lotus Forms Viewer 3.5.1
Java(TM) 6 Update 21
LimeWire 5.5.16
Malwarebytes' Anti-Malware
MediaBar
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.8)
MS Topics Smart Tags
Nero 7 Essentials
Norton AntiVirus
Norton Security Scan
RealPlayer
RealUpgrade 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
Viewer_armyifx
VLC media player 1.0.1
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm
Advertisement
Register to Remove

Re: I may have a google redirect virus

Unread postby deltalima » November 14th, 2010, 3:05 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby deltalima » November 14th, 2010, 3:18 pm

Hi nyg052003,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Ares 2.1.5
    LimeWire 5.5.16


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 14th, 2010, 3:44 pm

deltalima wrote:Hi nyg052003,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Ares 2.1.5
    LimeWire 5.5.16


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Please let me know if the computer is used for home or for business use.


I uninstalled both Ares and Limewire and checked to see if I had any other file sharing progams and didn't see any. My pc if for home use. Is there any safe way to have a file sharing program or to download music and be worry-free?
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 14th, 2010, 3:54 pm

Hi nyg052003,

Is there any safe way to have a file sharing program or to download music and be worry-free?


No! all file sharing networks are sources of infected files and should be avoided. There are legitimate sites where music can be legally purchased.


Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 14th, 2010, 4:23 pm

this is the only thing that was in the notepad. Didnt see any extras

OTL logfile created on: 11/14/2010 3:05:01 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 100.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 119.99 Gb Free Space | 80.51% Space Free | Partition Type: NTFS

Computer Name: OWNER-B16159440 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\owner\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Program Files\Java\jre6\bin\jqsnotify.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Hide My IP\HideMyIpSrv.exe (HideMyIP)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\owner\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe (HideMyIP)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101114.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101114.003\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SCR3XX2K) -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (DCamUSBVeo532) -- C:\WINDOWS\system32\drivers\ubVeo532.sys (IC Media Corporation)
DRV - (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Shareaza Web Search"
FF - prefs.js..browser.search.order.1: "Shareaza Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Shareaza Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {D238F46A-64EC-11DE-9C5A-D54056D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.shareazaweb.com/web?src=ffb&systemid=3&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/23 09:36:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 14:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/11 09:43:45 | 000,000,000 | ---D | M]

[2010/11/08 19:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2010/05/02 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/11 20:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions
[2010/09/29 16:06:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/21 20:54:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/24 11:01:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/24 11:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/29 16:06:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/11/08 19:03:29 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}
[2010/09/29 16:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\staged-xpis
[2010/09/29 16:06:46 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\searchplugins\askcom.xml
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\searchplugins\ShareazaWebSearch.xml
[2010/11/11 20:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/19 11:10:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2003/03/18 20:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\mfc71.dll
[2003/02/21 03:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr71.dll
[2010/09/19 11:09:48 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/01 15:47:38 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npmfv.dll
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk = C:\WINDOWS\Installer\{6ECD42B2-32AF-4898-880D-0608EA5C592A}\Icon9557F1BC1.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158
O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Desktop\Saleen SR.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/11 20:58:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{36f0c17b-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17b-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36f0c17d-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17d-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a1f8c5e-6b50-11df-a0e4-00065bdc7814}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{9a1f8c5e-6b50-11df-a0e4-00065bdc7814}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 15:50:29 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll64X.dll
[2010/11/11 15:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/08 19:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\25F
[2010/11/08 19:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\shareazamediabartb
[2010/11/08 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\Shareaza
[2010/11/08 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\My Received Files
[2010/11/08 19:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Shareaza
[2010/11/08 19:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza Applications
[2010/11/08 18:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\PackageAware
[2010/11/07 22:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\HP
[2010/11/07 21:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\husky saw_files
[2010/11/07 20:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/11/07 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2010/11/07 20:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/11/07 20:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/11/07 20:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/11/04 21:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/10/25 08:13:19 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\WINDOWS\System32\HMIPCore.dll
[2010/10/25 08:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hide My IP
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 14:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/14 13:48:13 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\DivX Movies.lnk
[2010/11/14 13:47:39 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/11/13 23:21:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 21:52:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2FC91D7E-537B-4D41-9483-7E9C16F6D78D}.job
[2010/11/13 16:37:16 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for owner.job
[2010/11/11 10:07:57 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2010/11/11 10:07:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-606747145-1801674531-1003.job
[2010/11/11 10:07:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-606747145-1801674531-1003.job
[2010/11/11 10:07:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 09:48:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 09:48:08 | 804,339,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 01:04:36 | 000,633,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/11/08 17:32:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/07 21:15:28 | 000,022,676 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\husky 2.jpg
[2010/11/07 21:07:48 | 000,010,729 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\husky saw.htm
[2010/11/07 20:49:18 | 000,137,610 | ---- | M] () -- C:\WINDOWS\HPHins15.dat
[2010/11/07 20:42:08 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/11/07 20:40:55 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/07 20:25:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/07 17:38:27 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 17:38:27 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/25 08:13:08 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2010/10/25 08:13:08 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Hide My IP.lnk
[2010/10/23 09:35:04 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/10/23 09:24:18 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/23 09:24:18 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/23 09:24:18 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/23 09:24:18 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/23 09:12:31 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/19 07:59:45 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Dish Orders.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 13:48:12 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\DivX Movies.lnk
[2010/11/14 13:47:39 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/11/07 21:15:27 | 000,022,676 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\husky 2.jpg
[2010/11/07 21:07:46 | 000,010,729 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\husky saw.htm
[2010/11/07 20:42:08 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/11/07 20:40:54 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/07 20:36:12 | 000,137,610 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2010/11/07 20:36:12 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2010/11/04 21:24:10 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/04 21:24:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/04 21:24:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/10/25 08:13:08 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2010/10/25 08:13:07 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Hide My IP.lnk
[2010/10/19 07:59:45 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Dish Orders.doc
[2010/10/14 19:07:07 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/14 19:01:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/16 17:00:17 | 000,004,733 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2010/05/07 22:20:17 | 000,000,792 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/02 00:42:03 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\Veo532ut.dll
[2010/02/16 20:44:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/14 13:22:35 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 19:37:31 | 000,003,259 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/12 13:50:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/11 15:48:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/29 22:05:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\erainp32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Also, when I went to do the scan at GMER, it said that GMER didnt find any system modifications and did not scan
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 14th, 2010, 4:41 pm

Hi nyg052003,

this is the only thing that was in the notepad. Didnt see any extras


The Extras.txt should be on your desktop.

It looks like you ran OTL from C:\Documents and Settings\owner\My Documents\Downloads

Please check that folder for the Extras.txt file and post it in your next reply.

It is important to follow the instructions – OTL should have been run from the desktop.

when I went to do the scan at GMER, it said that GMER didnt find any system modifications and did not scan


Please try to run GMER in safe mode, please check the instructions again if the GMER does not scan (make sure you select the Rootkit tab).
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 14th, 2010, 8:26 pm

OTL logfile created on: 11/14/2010 5:52:56 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 178.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 119.99 Gb Free Space | 80.51% Space Free | Partition Type: NTFS

Computer Name: OWNER-B16159440 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\owner\My Documents\Downloads\mpzmwye2.exe ()
PRC - C:\Documents and Settings\owner\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Program Files\Java\jre6\bin\jqsnotify.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Hide My IP\HideMyIpSrv.exe (HideMyIP)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\owner\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe (HideMyIP)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101114.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101114.003\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SCR3XX2K) -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (DCamUSBVeo532) -- C:\WINDOWS\system32\drivers\ubVeo532.sys (IC Media Corporation)
DRV - (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Shareaza Web Search"
FF - prefs.js..browser.search.order.1: "Shareaza Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Shareaza Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {D238F46A-64EC-11DE-9C5A-D54056D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.shareazaweb.com/web?src=ffb&systemid=3&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/23 09:36:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 14:57:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/11 09:43:45 | 000,000,000 | ---D | M]

[2010/11/08 19:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2010/05/02 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/11 20:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions
[2010/09/29 16:06:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/21 20:54:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/24 11:01:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/24 11:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/29 16:06:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/11/08 19:03:29 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}
[2010/09/29 16:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\extensions\staged-xpis
[2010/09/29 16:06:46 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\searchplugins\askcom.xml
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\8g958f5l.default\searchplugins\ShareazaWebSearch.xml
[2010/11/11 20:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/19 11:10:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2003/03/18 20:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\mfc71.dll
[2003/02/21 03:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr71.dll
[2010/09/19 11:09:48 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/01 15:47:38 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npmfv.dll
[2010/08/12 03:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk = C:\WINDOWS\Installer\{6ECD42B2-32AF-4898-880D-0608EA5C592A}\Icon9557F1BC1.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-606747145-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158
O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Desktop\Saleen SR.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/11 20:58:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{36f0c17b-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17b-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36f0c17c-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36f0c17d-a7bb-11df-a14d-00065bdc7814}\Shell - "" = AutoRun
O33 - MountPoints2\{36f0c17d-a7bb-11df-a14d-00065bdc7814}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a1f8c5e-6b50-11df-a0e4-00065bdc7814}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{9a1f8c5e-6b50-11df-a0e4-00065bdc7814}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 15:50:29 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll64X.dll
[2010/11/11 15:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/08 19:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\25F
[2010/11/08 19:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\shareazamediabartb
[2010/11/08 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\Shareaza
[2010/11/08 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\My Received Files
[2010/11/08 19:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Shareaza
[2010/11/08 19:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza Applications
[2010/11/08 18:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\PackageAware
[2010/11/07 22:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\HP
[2010/11/07 21:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\husky saw_files
[2010/11/07 20:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/11/07 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2010/11/07 20:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/11/07 20:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/11/07 20:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/11/04 21:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/10/25 08:13:19 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\WINDOWS\System32\HMIPCore.dll
[2010/10/25 08:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hide My IP
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 17:21:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/14 16:37:52 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for owner.job
[2010/11/14 13:48:13 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\DivX Movies.lnk
[2010/11/14 13:47:39 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/11/13 23:21:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 21:52:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2FC91D7E-537B-4D41-9483-7E9C16F6D78D}.job
[2010/11/11 10:07:57 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2010/11/11 10:07:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-606747145-1801674531-1003.job
[2010/11/11 10:07:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-606747145-1801674531-1003.job
[2010/11/11 10:07:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 09:48:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 09:48:08 | 804,339,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 01:04:36 | 000,633,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/11/08 17:32:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/07 21:15:28 | 000,022,676 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\husky 2.jpg
[2010/11/07 21:07:48 | 000,010,729 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\husky saw.htm
[2010/11/07 20:49:18 | 000,137,610 | ---- | M] () -- C:\WINDOWS\HPHins15.dat
[2010/11/07 20:42:08 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/11/07 20:40:55 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/07 20:25:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/07 17:38:27 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 17:38:27 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/25 08:13:08 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2010/10/25 08:13:08 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Hide My IP.lnk
[2010/10/23 09:35:04 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/10/23 09:24:18 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/23 09:24:18 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/23 09:24:18 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/23 09:24:18 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/23 09:12:31 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/19 07:59:45 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Dish Orders.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 13:48:12 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\DivX Movies.lnk
[2010/11/14 13:47:39 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/11/07 21:15:27 | 000,022,676 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\husky 2.jpg
[2010/11/07 21:07:46 | 000,010,729 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\husky saw.htm
[2010/11/07 20:42:08 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/11/07 20:40:54 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/07 20:36:12 | 000,137,610 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2010/11/07 20:36:12 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2010/11/04 21:24:10 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/04 21:24:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/04 21:24:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/10/25 08:13:08 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2010/10/25 08:13:07 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Hide My IP.lnk
[2010/10/19 07:59:45 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Dish Orders.doc
[2010/10/14 19:07:07 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/14 19:01:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/16 17:00:17 | 000,004,733 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2010/05/07 22:20:17 | 000,000,792 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/02 00:42:03 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\Veo532ut.dll
[2010/02/16 20:44:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/14 13:22:35 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 19:37:31 | 000,003,259 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/12 13:50:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/11 15:48:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/29 22:05:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\erainp32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
OTL Extras logfile created on: 11/14/2010 5:52:56 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 178.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 119.99 Gb Free Space | 80.51% Space Free | Partition Type: NTFS

Computer Name: OWNER-B16159440 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1343024091-606747145-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6ECD42B2-32AF-4898-880D-0608EA5C592A}" = ApproveIt Desktop
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45577A3-F6BF-46AD-91F7-8474B770D595}" = MS Topics Smart Tags
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F17F7703-1E72-40C1-A0DD-E5B365661033}" = Nero 7 Essentials
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5936267-D467-4e7b-8940-A7D9F0398EF3}" = HP Deskjet Printer Driver Software 9.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Studio_is1" = Free Studio version 4.8
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"HMIP50_is1" = Hide My IP 5.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NSS" = Norton Security Scan
"RealPlayer 12.0" = RealPlayer
"Shareaza MediaBar" = MediaBar
"Uninstall_is1" = Uninstall 1.0.0.1
"Viewer_armyifx" = Viewer_armyifx
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-606747145-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2010 9:39:15 PM | Computer Name = OWNER-B16159440 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 10/26/2010 9:39:23 PM | Computer Name = OWNER-B16159440 | Source = Application Error | ID = 1001
Description = Fault bucket 1967498370.

Error - 11/4/2010 4:09:45 PM | Computer Name = OWNER-B16159440 | Source = ActivClient | ID = 769
Description = No exchange account

Error - 11/5/2010 3:23:33 PM | Computer Name = OWNER-B16159440 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 11/5/2010 3:53:08 PM | Computer Name = OWNER-B16159440 | Source = Application Error | ID = 1001
Description = Fault bucket 1967498370.

Error - 11/5/2010 3:57:44 PM | Computer Name = OWNER-B16159440 | Source = ActivClient | ID = 769
Description = No exchange account

Error - 11/5/2010 8:07:25 PM | Computer Name = OWNER-B16159440 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/5/2010 8:07:25 PM | Computer Name = OWNER-B16159440 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/7/2010 9:42:12 PM | Computer Name = OWNER-B16159440 | Source = MsiInstaller | ID = 11904
Description = Product: SolutionCenter -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 11/7/2010 11:05:00 PM | Computer Name = OWNER-B16159440 | Source = ActivClient | ID = 769
Description = No exchange account

[ System Events ]
Error - 11/5/2010 3:56:11 PM | Computer Name = OWNER-B16159440 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader
0' rejected IOCTL GET_STATE: The device has been removed.

Error - 11/5/2010 3:56:54 PM | Computer Name = OWNER-B16159440 | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL client credential
private key. The error code returned from the cryptographic module is 0x8010002e.

Error - 11/5/2010 3:57:25 PM | Computer Name = OWNER-B16159440 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader
0' rejected IOCTL GET_STATE: The device has been removed.

Error - 11/5/2010 3:57:25 PM | Computer Name = OWNER-B16159440 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader
0' rejected IOCTL GET_STATE: The device has been removed.

Error - 11/5/2010 3:57:25 PM | Computer Name = OWNER-B16159440 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader
0' rejected IOCTL GET_STATE: The device has been removed.

Error - 11/5/2010 5:08:14 PM | Computer Name = OWNER-B16159440 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/5/2010 9:15:31 PM | Computer Name = OWNER-B16159440 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/5/2010 11:30:06 PM | Computer Name = OWNER-B16159440 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader
0' rejected IOCTL GET_STATE: The device has been removed.

Error - 11/5/2010 11:30:06 PM | Computer Name = OWNER-B16159440 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader
0' rejected IOCTL GET_STATE: The device has been removed.

Error - 11/5/2010 11:30:07 PM | Computer Name = OWNER-B16159440 | Source = DCOM | ID = 10010
Description = The server {121BC3CF-7F8A-4CFF-80DB-3853231BE619} did not register
with DCOM within the required timeout.


< End of report >

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 19:22:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815A rev.3.AAD
Running: 62edzvpx.exe; Driver: C:\DOCUME~1\owner\LOCALS~1\Temp\pwwoqpow.sys


---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\NCW\FOIMaster.db-journal 0 bytes

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 19:22:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815A rev.3.AAD
Running: 62edzvpx.exe; Driver: C:\DOCUME~1\owner\LOCALS~1\Temp\pwwoqpow.sys


---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\NCW\FOIMaster.db-journal 0 bytes

---- EOF - GMER 1.0.15 ----
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 15th, 2010, 5:17 am

Hi nyg052003,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    datamngrUI.exe
    :otl
    O2 - BHO: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()
    O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = -
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Ares\Ares.exe" = -
    "C:\Program Files\LimeWire\LimeWire.exe" = -
    "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = -
    :files
    C:\Program Files\Shareaza Applications
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now please run a quick scan with Malwarebytes and post the log in your next reply.

Please let me know if the redirects are still happening.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 15th, 2010, 8:47 am

deltalima wrote:Hi nyg052003,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    datamngrUI.exe
    :otl
    O2 - BHO: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()
    O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = -
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Ares\Ares.exe" = -
    "C:\Program Files\LimeWire\LimeWire.exe" = -
    "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = -
    :files
    C:\Program Files\Shareaza Applications
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now please run a quick scan with Malwarebytes and post the log in your next reply.

Please let me know if the redirects are still happening.

How do I run the quickscan with malwarebytes? Do I need to run download/run malwarebytes? I ask cause i didnt see a clickable link from you . I just googled it i guess i just go to Start/All programs,.........ect right?
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 15th, 2010, 8:53 am

Hi nyg052003,

How do I run the quickscan with malwarebytes? Do I need to run download/run malwarebytes?


Malwarebytes is shown as installed on the computer so can be run from Start – Programs.

If not then –

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 15th, 2010, 9:27 am

All processes killed
========== PROCESSES ==========
No active process named datamngrUI.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE9A4208-64EC-11DE-8440-204256D89593}\ deleted successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}\ deleted successfully.
C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll deleted successfully.
C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe deleted successfully.
========== FILES ==========
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\components folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar\chrome folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\ToolBar folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar\Datamngr folder moved successfully.
C:\Program Files\Shareaza Applications\MediaBar folder moved successfully.
C:\Program Files\Shareaza Applications folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 323725 bytes
->Temporary Internet Files folder emptied: 70316 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21497328 bytes
->Flash cache emptied: 2539 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: owner
->Temp folder emptied: 890826447 bytes
->Temporary Internet Files folder emptied: 100282087 bytes
->Java cache emptied: 404673 bytes
->FireFox cache emptied: 54401997 bytes
->Google Chrome cache emptied: 5285994 bytes
->Flash cache emptied: 54702 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 271704 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6493281 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13718716 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10313280 bytes

Total Files Cleaned = 1,053.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11152010_075304

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat moved successfully.
C:\WINDOWS\temp\subE4.tmp moved successfully.

Registry entries deleted on Reboot...

Now for the Malware log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4629

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2010 8:13:58 AM
mbam-log-2010-11-15 (08-13-58).txt

Scan type: Quick scan
Objects scanned: 142877
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Before I did the Malware scan, my computer had already rebooted from the OTL scan and when I checked to see if it was still doing the redirect thing, yes it was still doing it. I noticed Malware didnt find any infections to fix.
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 15th, 2010, 9:32 am

Hi nyg052003,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I may have a google redirect virus

Unread postby nyg052003 » November 15th, 2010, 9:46 am

No infections found

2010/11/15 08:42:58.0375 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/15 08:42:58.0375 ================================================================================
2010/11/15 08:42:58.0375 SystemInfo:
2010/11/15 08:42:58.0375
2010/11/15 08:42:58.0375 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/15 08:42:58.0375 Product type: Workstation
2010/11/15 08:42:58.0375 ComputerName: OWNER-B16159440
2010/11/15 08:42:58.0375 UserName: owner
2010/11/15 08:42:58.0375 Windows directory: C:\WINDOWS
2010/11/15 08:42:58.0375 System windows directory: C:\WINDOWS
2010/11/15 08:42:58.0375 Processor architecture: Intel x86
2010/11/15 08:42:58.0375 Number of processors: 1
2010/11/15 08:42:58.0375 Page size: 0x1000
2010/11/15 08:42:58.0375 Boot type: Normal boot
2010/11/15 08:42:58.0375 ================================================================================
2010/11/15 08:42:59.0406 Initialize success
2010/11/15 08:44:04.0796 ================================================================================
2010/11/15 08:44:04.0796 Scan started
2010/11/15 08:44:04.0796 Mode: Manual;
2010/11/15 08:44:04.0796 ================================================================================
2010/11/15 08:44:05.0218 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/11/15 08:44:05.0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/15 08:44:05.0406 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/15 08:44:05.0515 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/15 08:44:05.0625 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/15 08:44:05.0718 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/15 08:44:06.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/15 08:44:06.0437 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/15 08:44:06.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/15 08:44:06.0671 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/15 08:44:06.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/15 08:44:06.0937 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
2010/11/15 08:44:07.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/15 08:44:07.0187 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/15 08:44:07.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/15 08:44:07.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/15 08:44:07.0546 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/15 08:44:07.0625 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/11/15 08:44:08.0109 DCamUSBVeo532 (e3834cdc0ea44bdda7c54861a4c92d32) C:\WINDOWS\system32\Drivers\ubVeo532.sys
2010/11/15 08:44:08.0234 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/15 08:44:08.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/15 08:44:08.0453 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/15 08:44:08.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/15 08:44:08.0562 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/15 08:44:08.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/15 08:44:08.0843 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/15 08:44:09.0000 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/11/15 08:44:09.0093 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/15 08:44:09.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/15 08:44:09.0343 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/15 08:44:09.0437 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/15 08:44:09.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/15 08:44:09.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/15 08:44:09.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/15 08:44:09.0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/15 08:44:09.0875 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/15 08:44:09.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/15 08:44:10.0125 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/15 08:44:10.0375 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/15 08:44:10.0593 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSxpx86.sys
2010/11/15 08:44:10.0718 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/15 08:44:10.0875 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/15 08:44:10.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/15 08:44:10.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/15 08:44:11.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/15 08:44:11.0140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/15 08:44:11.0250 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/15 08:44:11.0312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/15 08:44:11.0390 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/15 08:44:11.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/15 08:44:11.0593 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/15 08:44:11.0718 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/15 08:44:11.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/15 08:44:12.0031 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/15 08:44:12.0109 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/15 08:44:12.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/15 08:44:12.0312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/15 08:44:12.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/15 08:44:12.0562 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/15 08:44:12.0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/15 08:44:12.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/15 08:44:12.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/15 08:44:12.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/15 08:44:12.0953 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/15 08:44:13.0015 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/15 08:44:13.0078 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/15 08:44:13.0156 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/15 08:44:13.0312 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101114.003\NAVENG.SYS
2010/11/15 08:44:13.0515 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101114.003\NAVEX15.SYS
2010/11/15 08:44:13.0671 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/15 08:44:13.0750 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/15 08:44:13.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/15 08:44:13.0921 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/15 08:44:13.0953 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/15 08:44:14.0078 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/15 08:44:14.0125 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/15 08:44:14.0187 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/15 08:44:14.0343 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/15 08:44:14.0406 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/15 08:44:14.0531 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/15 08:44:14.0656 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/15 08:44:14.0765 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/15 08:44:14.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/15 08:44:14.0937 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/15 08:44:14.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/15 08:44:15.0046 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/15 08:44:15.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/15 08:44:15.0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/15 08:44:15.0843 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/15 08:44:15.0906 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/15 08:44:16.0046 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/15 08:44:16.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/15 08:44:16.0437 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/15 08:44:16.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/15 08:44:16.0953 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/15 08:44:17.0031 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/15 08:44:17.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/15 08:44:17.0187 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/15 08:44:17.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/15 08:44:17.0390 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/15 08:44:17.0468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/15 08:44:17.0546 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/15 08:44:17.0718 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/15 08:44:17.0859 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
2010/11/15 08:44:17.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/15 08:44:18.0046 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/15 08:44:18.0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/15 08:44:18.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/15 08:44:18.0390 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/15 08:44:18.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/15 08:44:18.0609 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/15 08:44:18.0750 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS
2010/11/15 08:44:18.0828 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS
2010/11/15 08:44:18.0937 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/15 08:44:19.0031 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/15 08:44:19.0125 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/15 08:44:19.0203 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/15 08:44:19.0421 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS
2010/11/15 08:44:19.0578 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS
2010/11/15 08:44:19.0703 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/15 08:44:19.0765 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS
2010/11/15 08:44:19.0828 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS
2010/11/15 08:44:20.0093 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/15 08:44:20.0218 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/15 08:44:20.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/15 08:44:20.0343 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/15 08:44:20.0437 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/15 08:44:20.0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/15 08:44:20.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/15 08:44:20.0906 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/15 08:44:21.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/15 08:44:21.0109 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/15 08:44:21.0171 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/15 08:44:21.0234 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/15 08:44:21.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/15 08:44:21.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/15 08:44:21.0468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/15 08:44:21.0609 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/15 08:44:21.0781 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/15 08:44:21.0890 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/15 08:44:21.0953 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/15 08:44:22.0046 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/15 08:44:22.0312 ================================================================================
2010/11/15 08:44:22.0312 Scan finished
2010/11/15 08:44:22.0312 ================================================================================
2010/11/15 08:44:44.0515 Deinitialize success
nyg052003
Regular Member
 
Posts: 42
Joined: September 13th, 2010, 5:34 pm

Re: I may have a google redirect virus

Unread postby deltalima » November 15th, 2010, 9:56 am

Hi nyg052003,

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 344 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware