Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mozilla redirects to random sites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Mozilla redirects to random sites

Unread postby Toast » March 26th, 2011, 12:25 am

.I am hoping you can help me regain control. I downloaded Mozilla (un) redirect program, it did not help. I am not sure if I post the two DDS logs now but here goes.

Many thanks for any help!!

.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/7/2008 9:13:41 PM
System Uptime: 3/24/2011 5:47:18 AM (40 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KPL-CM
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2675/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 9.33 GiB free.
D: is CDROM (UDF)
E: is CDROM (UDF)
F: is FIXED (NTFS) - 931 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP419: 3/23/2011 8:41:52 PM - System Checkpoint
RP420: 3/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP421: 3/25/2011 3:51:51 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom
Adobe Reader X (10.0.1)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
AVG Free 9.0
Canon My Printer
Canon PhotoRecord
Canon Pro9000
Canon Pro9000 User Registration
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Pro
COWON D2 User's Guide
CyberLink PowerDirector
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Music Converter
Dynamic-Photo HDR Trial 3.44
File Type Assistant
Final Media Player 2011
FLAC 1.2.1b (remove only)
FXhome PhotoKey 2 (remove only)
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Drivers
Paint.NET v3.5.7
PDF Settings
Photomatix Pro version 3.2.9
Photomatix Pro version 4.0.2
Platform
printmyphotobook 3.67
QuickTime
RegScrubXP 3.25
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shutterfly Express Uploader
SmartSound Quicktracks Plugin
System Requirements Lab for Intel
Topaz Adjust 3
Topaz Adjust 4
Topaz Clean 2
Topaz Clean 3
Topaz DeJpeg 3
Topaz DeJpeg 4
Topaz DeNoise 5
Topaz Detail
Topaz Detail 2
Topaz Fusion Express 2
Topaz ReMask
Topaz ReMask 2
Topaz Simplify 2
Topaz Simplify 3
Trader's Little Helper 2.4.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
WD SmartWare
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
3/23/2011 8:22:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'change.log' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/20/2011 3:04:56 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/18/2011 4:01:21 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll. Reference error message: The operation completed successfully. .
3/18/2011 4:01:21 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll. Reference error message: The operation completed successfully. .
3/18/2011 4:01:21 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll" on line 9.
3/18/2011 4:01:21 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll" on line 9.
.
==== End Of File ===========================

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John FXXXXy at 21:12:27.14 on Fri 03/25/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2466 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\John Forrey\Application Data\cleanhdd.exe
C:\PROGRA~1\MSNGAM~1\Windows\zclientm.exe
C:\PROGRA~1\MSNGAM~1\Windows\zclientm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\John Forrey\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2786678
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom\apdproxy.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom\apdproxy.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {791A0F73-F1A7-4508-BC00-06708A412161} = 4.2.2.2,4.2.2.3
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 209.172.56.113 http://www.google.com
Hosts: 209.172.56.114 search.yahoo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\johnfo~1\applic~1\mozilla\firefox\profiles\rghrqzoa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\john forrey\application data\mozilla\firefox\profiles\rghrqzoa.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\john forrey\application data\mozilla\firefox\profiles\rghrqzoa.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-5 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-5 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-5 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-5 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-5 308136]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-8-7 215936]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-1-15 11520]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-6-9 816672]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-31 517448]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
.
=============== Created Last 30 ================
.
2011-03-15 00:43:56 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-03-15 00:43:56 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-03-15 00:43:56 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-03-15 00:43:56 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-03-15 00:43:56 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-03-15 00:43:56 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-03-15 00:43:56 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-03-14 16:41:57 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
.
==================== Find3M ====================
.
2011-02-20 23:49:26 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 05:00:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-12 05:00:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:13:02.54 ===============
Last edited by Toast on March 29th, 2011, 3:21 am, edited 1 time in total.
Toast
Active Member
 
Posts: 9
Joined: March 26th, 2011, 12:16 am
Advertisement
Register to Remove

Re: Mozilla redirects to random sites

Unread postby askey127 » March 28th, 2011, 9:57 am

Hi Toast,
Please do each step before proceeding to the next.
I would print this out first, to be sure you are doing everything in the correct sequence. Don't Guess.

We are going to remove your AVG antivirus and replace it with an antivirus called Avira Antivir.
This is necessary to for all our tools to work corrrectly.
Then we will have Antivir run a scan and give us a report without removing anything.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
------------------------------------------------
Remove AVG Antivirus and utorrent Using the Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each of these entries in turn, choose Uninstall/Change, and give permission to Continue:

µTorrent
AVG Free 9.0

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------
Install Antivir
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any items it finds.
IMPORTANT >> For Now, tell it to IGNORE any items it finds. Do not choose Quarantine or Delete.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Mozilla redirects to random sites

Unread postby Toast » March 28th, 2011, 8:40 pm

I have removed Utorrent, I read the policy. And removed AVG. I downloaded theAvira Exe. file, right clicked the Run as... from desktop, then it gives me choice of "current user" or sign in with password. I chose "current user" but it does not progress past the installation progress window. It will not show any progress, even after 15 minutes. Never was the term "administrator" presented. I need to know what to do next, the progress window is still activated with nothing happening.
Toast
Active Member
 
Posts: 9
Joined: March 26th, 2011, 12:16 am

Re: Mozilla redirects to random sites

Unread postby Toast » March 29th, 2011, 3:02 am

I went ahead and double clicked the exe file to get it running....
At various times I get the following message: "The instruction at "0x1006a7c" referenced memory could not be written. Click on OK to terminate the program"- which I did.

Avira AntiVir Personal
Report file date: Monday, March 28, 2011 20:38

Scanning for 2541638 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JOHN-FXXXXY

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 21:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 21:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 21:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 21:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 21:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 21:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 21:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 21:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 21:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 21:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 21:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 21:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 21:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 21:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 21:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 21:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 01:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 23:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 01:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 23:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 03:35:15
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 03:35:16
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 03:35:18
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 03:35:19
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 03:35:21
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 03:35:22
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 03:35:24
VBASE028.VDF : 7.11.5.83 2048 Bytes 3/27/2011 03:35:24
VBASE029.VDF : 7.11.5.84 2048 Bytes 3/27/2011 03:35:24
VBASE030.VDF : 7.11.5.85 2048 Bytes 3/27/2011 03:35:24
VBASE031.VDF : 7.11.5.100 102400 Bytes 3/29/2011 03:35:25
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 21:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/29/2011 03:35:42
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 21:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 21:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 3/29/2011 03:35:41
AEPACK.DLL : 8.2.4.13 524662 Bytes 3/29/2011 03:35:39
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 3/29/2011 03:35:36
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 3/29/2011 03:35:36
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 21:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/29/2011 03:35:29
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 21:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 21:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 21:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 21:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 21:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 21:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 21:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 21:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 21:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 21:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 21:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 21:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, March 28, 2011 20:38

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'zclientm.exe' - '89' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '68' Module(s) have been scanned
Scan process 'avscan.exe' - '74' Module(s) have been scanned
Scan process 'firefox.exe' - '88' Module(s) have been scanned
Scan process 'avcenter.exe' - '41' Module(s) have been scanned
Scan process 'avconfig.exe' - '27' Module(s) have been scanned
Scan process 'avgnt.exe' - '56' Module(s) have been scanned
Scan process 'sched.exe' - '54' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'setup.exe' - '57' Module(s) have been scanned
Scan process 'presetup.exe' - '31' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '36' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '38' Module(s) have been scanned
Scan process 'WDSC.exe' - '34' Module(s) have been scanned
Scan process 'WDFME.exe' - '64' Module(s) have been scanned
Scan process 'WDDMService.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'RichVideo.exe' - '20' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '15' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '39' Module(s) have been scanned
Scan process 'NBService.exe' - '38' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'WDDMStatus.exe' - '69' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '54' Module(s) have been scanned
Scan process 'ctfmon.exe' - '31' Module(s) have been scanned
Scan process 'cleanhdd.exe' - '15' Module(s) have been scanned
Scan process 'apdproxy.exe' - '40' Module(s) have been scanned
Scan process 'jusched.exe' - '20' Module(s) have been scanned
Scan process 'BJMyPrt.exe' - '29' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '35' Module(s) have been scanned
Scan process 'rundll32.exe' - '39' Module(s) have been scanned
Scan process 'HDeck.exe' - '46' Module(s) have been scanned
Scan process 'Explorer.EXE' - '147' Module(s) have been scanned
Scan process 'spoolsv.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '166' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1055' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\John Forrey\Application Data\Sun\Java\Deployment\cache\6.0\47\48b9c26f-60812941
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
C:\Documents and Settings\John Forrey\Application Data\Sun\Java\Deployment\cache\6.0\62\ecf32be-5b1b9e3f
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
C:\Documents and Settings\John Forrey\Local Settings\Temp\jar_cache8219083200209867996.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Stutter.D Java virus
--> photoed.class
[DETECTION] Contains recognition pattern of the JAVA/Stutter.D Java virus
Begin scan in 'F:\' <My Book>

Beginning disinfection:
C:\Documents and Settings\John Forrey\Local Settings\Temp\jar_cache8219083200209867996.tmp
[DETECTION] Contains recognition pattern of the JAVA/Stutter.D Java virus
[WARNING] The file was ignored!
C:\Documents and Settings\John Forrey\Application Data\Sun\Java\Deployment\cache\6.0\62\ecf32be-5b1b9e3f
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
[WARNING] The file was ignored!
C:\Documents and Settings\John Forrey\Application Data\Sun\Java\Deployment\cache\6.0\47\48b9c26f-60812941
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
[WARNING] The file was ignored!


End of the scan: Monday, March 28, 2011 23:56
Used time: 1:13:15 Hour(s)

The scan has been done completely.

12600 Scanned directories


290721 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
290718 Files not concerned
2417 Archives were scanned
3 Warnings
0 Notes
558205 Objects were scanned with rootkit scan
0 Hidden objects were found

CK FILE:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
Toast
Active Member
 
Posts: 9
Joined: March 26th, 2011, 12:16 am

Re: Mozilla redirects to random sites

Unread postby askey127 » March 29th, 2011, 7:01 am

Toast,
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Copy/Paste/Print these instructions and Save any unsaved work. TFC will close ALL open programs... including your browser!
Double click to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your AVG protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Mozilla redirects to random sites

Unread postby Toast » March 29th, 2011, 1:32 pm

ComboFix 11-03-28.05 - John Forrey 03/29/2011 10:22:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.3037 [GMT -7:00]
Running from: c:\documents and settings\John Forrey\Desktop\zzz.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
The following files were disabled during the run:
c:\documents and settings\John Forrey\Application Data\cleanhdd.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John Forrey\Application Data\cleanhdd.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))
.
.
2011-03-29 03:38 . 2011-03-29 04:26 -------- d-----w- c:\windows\system32\NtmsData
2011-03-29 03:37 . 2011-03-29 03:37 -------- d-----w- c:\documents and settings\John Forrey\Application Data\Avira
2011-03-29 03:32 . 2011-03-29 03:32 -------- d-----w- c:\program files\Avira
2011-03-29 03:32 . 2011-03-29 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-03-29 03:32 . 2011-03-04 23:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-29 03:32 . 2011-03-04 21:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-29 03:32 . 2010-06-17 21:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-03-29 03:32 . 2010-06-17 21:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-03-26 12:45 . 2011-03-26 12:45 388096 ----a-r- c:\documents and settings\John Forrey\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-26 12:45 . 2011-03-26 12:45 -------- d-----w- c:\program files\Trend Micro
2011-03-25 02:30 . 2011-03-25 00:03 50688 ----a-w- c:\documents and settings\John Forrey\Application Data\cleanhdd.dll.vir
2011-03-15 00:43 . 2011-03-15 00:43 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-03-15 00:43 . 2011-03-15 00:43 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-03-15 00:43 . 2011-03-15 00:43 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-03-15 00:43 . 2011-03-15 00:43 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-03-15 00:43 . 2011-03-15 00:43 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-03-15 00:43 . 2011-03-15 00:43 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-03-15 00:43 . 2011-03-15 00:43 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-03-14 16:41 . 2011-03-14 16:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-03-05 04:58 . 2011-03-05 04:58 -------- d-----w- c:\documents and settings\John Forrey\Application Data\Apple Computer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 23:49 . 2011-02-20 23:49 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-08-08 04:09 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-08-08 04:09 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 05:00 . 2011-01-12 05:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-12 05:00 . 2011-01-12 05:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:53 . 2011-03-25 03:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-14 29753344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/28/2011 8:32 PM 135336]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/8/2010 11:40 AM 237568]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [11/8/2010 11:43 AM 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [11/8/2010 11:43 AM 484352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/7/2008 9:24 PM 215936]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/15/2011 7:47 AM 11520]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [6/9/2010 8:26 PM 816672]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-29 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-16 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2786678
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: {791A0F73-F1A7-4508-BC00-06708A412161} = 4.2.2.2,4.2.2.3
FF - ProfilePath - c:\documents and settings\John Forrey\Application Data\Mozilla\Firefox\Profiles\rghrqzoa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2786678&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-29 10:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-03-29 10:26:36
ComboFix-quarantined-files.txt 2011-03-29 17:26
.
Pre-Run: 14,411,837,440 bytes free
Post-Run: 14,370,885,632 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1401CC338D9F739FB6B2C71F7F10C4C4
Toast
Active Member
 
Posts: 9
Joined: March 26th, 2011, 12:16 am

Re: Mozilla redirects to random sites

Unread postby askey127 » March 29th, 2011, 3:33 pm

Toast,
Pretty Good, actually.
-----------------------------------------------
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
  • List IP configuration
  • List Windows version, partitions, and memory size
Click GO and post the result (Result.txt).
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.
---------------------------------------------------
So we will be looking for the following in your reply:
  • Results from MiniToolBox
  • OTL.txt
  • Extras.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Mozilla redirects to random sites

Unread postby Toast » March 29th, 2011, 8:40 pm

I downloaded Minitoolbox to desktop. Ran it and was presented with the options. I checked the ones you specified and nothing seems to happen. :|
Toast
Active Member
 
Posts: 9
Joined: March 26th, 2011, 12:16 am

Re: Mozilla redirects to random sites

Unread postby Toast » March 29th, 2011, 9:19 pm

Okay, it just isn't obvious that the tool ran, so I searched for results and found this:

MiniToolBox by Farbar
Ran by John Forrey at 2011-03-29 18:15:23
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


================= Flush DNS: ==============================================

================= End of Flush DNS ========================================

================= IP Configuration: =======================================
================= End of IP Configuration =================================

========================= Memory info: ====================================

Percentage of memory in use: 21%
Total physical RAM: 3583.11 MB
Available physical RAM: 2813.13 MB
Total Pagefile: 5465.73 MB
Available Pagefile: 4930.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.1 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:13.41 GB) NTFS
2 Drive d: (Ultimate Digital Photo Backdrops) (CDROM) (Total:2.93 GB) (Free:0 GB) UDF
3 Drive e: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF
4 Drive f: (My Book) (Fixed) (Total:930.86 GB) (Free:0 GB) NTFS


OTL logfile created on: 3/29/2011 6:23:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\John Forrey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 13.41 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
Drive D: | 2.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 930.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: JOHN-FORREY | User Name: John Forrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 18:20:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Forrey\Desktop\OTL.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 11:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 11:40:52 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/11/08 11:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/16 18:40:00 | 001,197,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/29 18:20:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Forrey\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/08 11:43:34 | 001,060,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 11:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 11:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/04 17:44:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/02/12 13:36:38 | 000,816,672 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/20 11:16:00 | 000,037,888 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/01/02 04:21:16 | 000,215,936 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2006/02/28 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2786678
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/01/11 22:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 20:25:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 20:20:22 | 000,000,000 | ---D | M]

[2010/07/05 19:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Forrey\Application Data\Mozilla\Extensions
[2010/07/05 19:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Forrey\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/25 20:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Forrey\Application Data\Mozilla\Firefox\Profiles\rghrqzoa.default\extensions
[2011/03/25 20:24:30 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\John Forrey\Application Data\Mozilla\Firefox\Profiles\rghrqzoa.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/25 20:24:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\John Forrey\Application Data\Mozilla\Firefox\Profiles\rghrqzoa.default\extensions\engine@conduit.com
[2010/12/18 10:40:38 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\John Forrey\Application Data\Mozilla\Firefox\Profiles\rghrqzoa.default\searchplugins\conduit.xml
[2011/03/24 20:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/24 20:25:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/11 22:01:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN FORREY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGHRQZOA.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
[2011/01/11 22:00:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/11 22:00:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/30 08:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/03/14 17:43:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/03/14 17:43:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/03/14 17:43:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/03/14 17:43:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/03/14 17:43:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/03/14 17:43:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/03/14 17:43:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/11/01 11:22:16 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/03/29 10:25:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\John Forrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John Forrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/07 21:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 18:20:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Forrey\Desktop\OTL.exe
[2011/03/29 18:13:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/29 10:19:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/29 10:15:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/29 10:15:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/29 10:15:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/29 10:15:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/29 10:13:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/29 10:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/29 09:59:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Forrey\Desktop\TFC.exe
[2011/03/28 20:38:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/03/28 20:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Forrey\Application Data\Avira
[2011/03/28 20:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/03/28 20:32:27 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/28 20:32:27 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/28 20:32:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/03/28 20:32:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/03/28 20:32:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/03/28 20:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/28 20:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/03/27 16:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Forrey\Desktop\huey and Vanessa
[2011/03/27 07:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Forrey\Desktop\PHOTOS
[2011/03/26 05:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/26 05:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Forrey\Start Menu\Programs\HiJackThis
[2011/03/25 21:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Forrey\Desktop\DDS
[2011/03/24 19:30:11 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\John Forrey\Application Data\cleanhdd.dll
[2011/03/14 09:41:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/09 12:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Forrey\Desktop\ALLISON PLANT
[2011/03/04 21:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Forrey\Application Data\Apple Computer
[2011/02/28 15:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Forrey\Desktop\BISBEE SNOW LYNDA
[1 C:\Documents and Settings\John Forrey\My Documents\*.tmp files -> C:\Documents and Settings\John Forrey\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/29 18:20:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Forrey\Desktop\OTL.exe
[2011/03/29 18:13:43 | 000,365,553 | ---- | M] () -- C:\Documents and Settings\John Forrey\Desktop\ToolBot.exe
[2011/03/29 10:25:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/29 10:19:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/29 10:10:21 | 004,305,591 | R--- | M] () -- C:\Documents and Settings\John Forrey\Desktop\zzz.exe.exe
[2011/03/29 10:05:30 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2011/03/29 10:05:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/29 09:59:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Forrey\Desktop\TFC.exe
[2011/03/29 00:08:18 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\John Forrey\Desktop\CKScanner.exe
[2011/03/28 20:32:38 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/03/28 18:27:34 | 051,349,520 | ---- | M] () -- C:\Documents and Settings\John Forrey\Desktop\avira_antivir_personal_en.exe
[2011/03/28 16:02:39 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/27 21:48:01 | 002,230,204 | ---- | M] () -- C:\Documents and Settings\John Forrey\Desktop\wyatt b.jpg
[2011/03/27 21:30:18 | 007,477,202 | ---- | M] () -- C:\Documents and Settings\John Forrey\Desktop\wyatt.jpg
[2011/03/27 21:26:42 | 008,852,603 | ---- | M] () -- C:\Documents and Settings\John Forrey\Desktop\bisbee blues completed b2a.jpg
[2011/03/26 05:45:24 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\John Forrey\Desktop\HiJackThis.lnk
[2011/03/24 20:25:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\John Forrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 20:25:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/24 17:03:39 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\John Forrey\Application Data\cleanhdd.dll
[2011/03/21 21:45:03 | 003,890,911 | ---- | M] () -- C:\Documents and Settings\John Forrey\Desktop\woman.jpg
[2011/03/09 20:34:11 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\John Forrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch FXhome PhotoKey 2.lnk
[2011/03/09 20:34:11 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FXhome PhotoKey 2.lnk
[2011/03/09 13:25:40 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/08 19:50:51 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/04 20:22:47 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/03 06:47:25 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\John Forrey\default.pls
[1 C:\Documents and Settings\John Forrey\My Documents\*.tmp files -> C:\Documents and Settings\John Forrey\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/29 18:13:42 | 000,365,553 | ---- | C] () -- C:\Documents and Settings\John Forrey\Desktop\ToolBot.exe
[2011/03/29 10:19:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/29 10:19:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/29 10:15:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/29 10:15:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/29 10:15:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/29 10:15:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/29 10:15:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/29 10:10:20 | 004,305,591 | R--- | C] () -- C:\Documents and Settings\John Forrey\Desktop\zzz.exe.exe
[2011/03/29 00:08:18 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\John Forrey\Desktop\CKScanner.exe
[2011/03/28 20:32:38 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/03/28 18:24:38 | 051,349,520 | ---- | C] () -- C:\Documents and Settings\John Forrey\Desktop\avira_antivir_personal_en.exe
[2011/03/27 21:40:20 | 002,230,204 | ---- | C] () -- C:\Documents and Settings\John Forrey\Desktop\wyatt b.jpg
[2011/03/27 21:29:28 | 007,477,202 | ---- | C] () -- C:\Documents and Settings\John Forrey\Desktop\wyatt.jpg
[2011/03/27 21:26:41 | 008,852,603 | ---- | C] () -- C:\Documents and Settings\John Forrey\Desktop\bisbee blues completed b2a.jpg
[2011/03/26 05:45:24 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\John Forrey\Desktop\HiJackThis.lnk
[2011/03/24 20:25:48 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\John Forrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 20:25:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/24 20:25:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/21 21:45:03 | 003,890,911 | ---- | C] () -- C:\Documents and Settings\John Forrey\Desktop\woman.jpg
[2011/01/15 22:28:59 | 000,128,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/26 14:13:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/05 19:35:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 20:26:12 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/10/05 12:47:12 | 011,280,384 | ---- | C] () -- C:\WINDOWS\System32\tliremask10.dll
[2009/09/30 16:11:42 | 006,257,664 | ---- | C] () -- C:\WINDOWS\System32\tlisimplify20.dll
[2009/09/30 16:10:32 | 006,644,736 | ---- | C] () -- C:\WINDOWS\System32\tlidetail10.dll
[2009/09/30 16:07:42 | 008,467,456 | ---- | C] () -- C:\WINDOWS\System32\tlidejpeg30.dll
[2009/09/30 14:20:52 | 006,025,216 | ---- | C] () -- C:\WINDOWS\System32\tliclean21.dll
[2009/09/30 13:52:56 | 009,916,928 | ---- | C] () -- C:\WINDOWS\System32\tliadjust34.dll
[2009/08/22 14:30:33 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\John Forrey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 18:48:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/01/10 09:12:58 | 000,010,210 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2009/01/10 09:12:33 | 000,002,987 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2009/01/10 04:19:05 | 002,857,336 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/01/10 04:19:05 | 000,013,785 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2008/12/13 15:32:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/17 10:01:34 | 002,070,560 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/09/17 09:46:50 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/17 09:46:21 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/08/28 20:41:22 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/08/07 21:23:48 | 000,012,427 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/08/07 21:22:04 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/08/07 21:20:59 | 000,013,268 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/08/07 21:20:59 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/08/07 21:20:50 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/08/07 21:13:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/07 21:10:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/07 16:56:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/07 16:55:50 | 001,438,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/04 10:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/04 10:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/12/04 10:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/04 10:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/12/04 10:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/04 10:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/04 10:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/12/04 10:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/12/04 10:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/03/20 18:47:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/08 20:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/03/14 09:41:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/10/17 09:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
[2009/09/30 11:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FXhome
[2008/09/17 09:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/11/14 18:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/11/14 18:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/12/24 16:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2009/12/24 16:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/10/24 16:21:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{13795121-80CF-4D45-9175-8FD79D18EF7E}
[2010/10/24 16:20:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{529BBEB3-0369-420C-BD9C-37553D289203}
[2010/10/24 16:21:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{682FE305-7958-4875-9B95-34673E7151AD}
[2010/10/24 16:20:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8265C354-3D13-4FE5-95C7-65F277FF3041}
[2010/10/24 16:21:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
[2010/10/24 16:20:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AB404F93-CDCE-40D9-8D4E-8606C84D368C}
[2010/10/24 16:21:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C8DF6520-3E59-4590-A678-CB275CEADF10}
[2010/10/24 16:20:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E6AF2639-F710-4F5B-8830-95A396FB523F}
[2010/09/09 05:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Forrey\Application Data\com.Shutterfly.ExpressUploader
[2009/07/03 15:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Forrey\Application Data\COWON
[2011/02/16 12:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Forrey\Application Data\FinalMediaPlayer
[2010/09/06 20:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Forrey\Application Data\HDRsoft
[2011/01/11 22:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Forrey\Application Data\SystemRequirementsLab
[2010/07/05 15:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Forrey\Application Data\VirtualStore
[2009/12/24 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Forrey\Application Data\Western Digital
[2011/03/29 10:05:30 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 3/29/2011 6:23:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\John Forrey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 13.41 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
Drive D: | 2.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 930.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: JOHN-FORREY | User Name: John Forrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000" = Canon Pro9000
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D4B5330-CEA9-4D58-8355-74729AE527CD}" = Topaz Clean 2
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7037947B-757D-4AA4-A3D4-77156D9E91E1}" = Topaz ReMask
"{770D3BDC-19D7-49D0-B60B-C5BB77553FBB}" = Topaz Fusion Express 2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CE08BB8-C8E7-45C1-9274-BF0B1E810BEC}" = Topaz Detail
"{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A88239C1-1BFB-404C-8CAD-21939011A7C4}" = Topaz DeJpeg 3
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4DD23DF-FA02-4BA0-8087-9FFB5C081033}" = Nero 8
"{B5347403-63C2-4B7A-AF63-AB3FE4F907B7}" = COWON D2 User's Guide
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BBE5EAEC-2319-41BD-B82D-A8B3AB64E1AB}" = Topaz Simplify 2
"{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}" = Topaz ReMask 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}" = Adobe Photoshop Lightroom
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon Pro9000 User Registration" = Canon Pro9000 User Registration
"CanonMyPrinter" = Canon My Printer
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Dynamic-Photo HDR (Trial)_is1" = Dynamic-Photo HDR Trial 3.44
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"FinalMediaPlayer_is1" = Final Media Player 2011
"FLAC" = FLAC 1.2.1b (remove only)
"FXhome PhotoKey 2" = FXhome PhotoKey 2 (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.9
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2
"printmyphotobook" = printmyphotobook 3.67
"RegScrubXP_is1" = RegScrubXP 3.25
"Topaz Adjust 4" = Topaz Adjust 4
"Topaz Clean 3" = Topaz Clean 3
"Topaz DeJpeg 4" = Topaz DeJpeg 4
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz Detail 2" = Topaz Detail 2
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz ReMask 2" = Topaz ReMask 2
"Topaz Simplify 3" = Topaz Simplify 3
"TradersLittleHelper_is1" = Trader's Little Helper 2.4.1
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2011 12:33:20 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:30 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:30 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:40 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:40 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:40 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:40 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:40 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:40 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

Error - 3/29/2011 12:33:40 PM | Computer Name = JOHN-FORREY | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 3/29/2011 1:00:43 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/29/2011 1:00:43 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7034
Description = The PLFlash DeviceIoControl Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/29/2011 1:00:43 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/29/2011 1:00:43 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7034
Description = The WDDMService service terminated unexpectedly. It has done this
1 time(s).

Error - 3/29/2011 1:00:43 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7034
Description = The WD File Management Shadow Engine service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/29/2011 1:00:43 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7034
Description = The NMIndexingService service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/29/2011 1:00:43 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/29/2011 1:02:25 PM | Computer Name = JOHN-FORREY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.

Error - 3/29/2011 1:06:01 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/29/2011 3:00:37 PM | Computer Name = JOHN-FORREY | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).


< End of report >
Toast
Active Member
 
Posts: 9
Joined: March 26th, 2011, 12:16 am

Re: Mozilla redirects to random sites

Unread postby askey127 » March 30th, 2011, 1:58 pm

Toast,
It should be safe to run the Antivir Full Scan again. This time have it Delete or Quarantine anything it finds.
Then please post the contents of the latest Scan Log.
-----------------------------------------------------------
Check Hard Disk For Errors
Press Start->Run, then type or copy/paste the following command into the box and press OK:
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Mozilla redirects to random sites

Unread postby Toast » March 30th, 2011, 7:19 pm

I deleted the ONE object in quarantine.

Report:



Avira AntiVir Personal
Report file date: Wednesday, March 30, 2011 14:31

Scanning for 2548999 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JOHN-FORREY

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 21:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 21:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 21:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 21:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 21:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 21:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 21:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 21:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 21:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 21:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 21:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 21:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 21:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 21:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 21:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 21:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 01:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 23:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 01:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 23:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 03:35:15
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 03:35:16
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 03:35:18
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 03:35:19
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 03:35:21
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 03:35:22
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 03:35:24
VBASE028.VDF : 7.11.5.122 154112 Bytes 3/30/2011 17:05:33
VBASE029.VDF : 7.11.5.123 2048 Bytes 3/30/2011 17:05:33
VBASE030.VDF : 7.11.5.124 2048 Bytes 3/30/2011 17:05:34
VBASE031.VDF : 7.11.5.133 62976 Bytes 3/30/2011 17:05:34
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 21:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/29/2011 03:35:42
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 21:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 21:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 3/29/2011 03:35:41
AEPACK.DLL : 8.2.4.13 524662 Bytes 3/29/2011 03:35:39
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 3/29/2011 03:35:36
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 3/29/2011 03:35:36
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 21:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/29/2011 03:35:29
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 21:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 21:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 21:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 21:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 21:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 21:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 21:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 21:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 21:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 21:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 21:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 21:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, March 30, 2011 14:31

Starting search for hidden objects.
c:\windows\explorer.exe
c:\windows\explorer.exe
[NOTE] The process is not visible.
c:\windows\explorer.exe

The scan of running processes will be started
Scan process 'rsmsink.exe' - '29' Module(s) have been scanned
Scan process 'zclientm.exe' - '86' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '62' Module(s) have been scanned
Scan process 'plugin-container.exe' - '63' Module(s) have been scanned
Scan process 'firefox.exe' - '86' Module(s) have been scanned
Scan process 'AdobeUpdater.exe' - '33' Module(s) have been scanned
Scan process 'notepad.exe' - '26' Module(s) have been scanned
Scan process 'OTL.exe' - '47' Module(s) have been scanned
Scan process 'explorer.exe' - '149' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '38' Module(s) have been scanned
Scan process 'WDSC.exe' - '34' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WDDMService.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'RichVideo.exe' - '20' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '15' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '39' Module(s) have been scanned
Scan process 'NBService.exe' - '38' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'WDDMStatus.exe' - '69' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '57' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'jusched.exe' - '20' Module(s) have been scanned
Scan process 'BJMyPrt.exe' - '28' Module(s) have been scanned
Scan process 'HDeck.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '173' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1053' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\John Forrey\Application Data\Sun\Java\Deployment\cache\6.0\25\39340b59-741fd73c
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AG Java virus
--> gendalf/fire.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AG Java virus
--> mordor/bilbo.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AH Java virus
--> mordor/saruman.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AJ Java virus
Begin scan in 'F:\' <My Book>

Beginning disinfection:
C:\Documents and Settings\John Forrey\Application Data\Sun\Java\Deployment\cache\6.0\25\39340b59-741fd73c
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AJ Java virus
[NOTE] The file was moved to the quarantine directory under the name '4f4d1314.qua'.


End of the scan: Wednesday, March 30, 2011 16:05
Used time: 1:14:03 Hour(s)

The scan has been done completely.

11909 Scanned directories
273255 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
273252 Files not concerned
1905 Archives were scanned
0 Warnings
1 Notes
557533 Objects were scanned with rootkit scan
2 Hidden objects were found

REPORT:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Repairing Usn Journal file record segment.
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

488375968 KB total disk space.
468549908 KB in 108516 files.
58156 KB in 10613 indexes.
0 KB in bad sectors.
288320 KB in use by the system.
65536 KB occupied by the log file.
19479584 KB available on disk.

4096 bytes in each allocation unit.
122093992 total allocation units on disk.
4869896 allocation units available on disk.
Toast
Active Member
 
Posts: 9
Joined: March 26th, 2011, 12:16 am

Re: Mozilla redirects to random sites

Unread postby askey127 » March 31st, 2011, 8:18 am

Those results are good. The note about the bitmap in the check disk scan is a false error; no cause for concern.
Are you still getting the redirects?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Mozilla redirects to random sites

Unread postby Toast » March 31st, 2011, 2:01 pm

No redirects :cheers:
Toast
Active Member
 
Posts: 9
Joined: March 26th, 2011, 12:16 am

Re: Mozilla redirects to random sites

Unread postby askey127 » April 1st, 2011, 3:28 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware