Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mozilla FF Crashes & Search Engine Redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Mozilla FF Crashes & Search Engine Redirects

Unread postby thoos » April 1st, 2009, 12:54 am

Over the past week I have had an issue with my Mozilla FF browser crashing both when I attempt to open it and randomly on the occassions that I can open it generally crashes shortly thereafter. When I do internet searches on either Mozilla or using Internet Explorer and I click on search results I am then redirected to alternative sites. The sites are sometimes related to the topic I was searching on, but they are definitely not the sight I had selected. I get redirected on searches done on google and yahoo. To attempt to fix this issue I have used programs including Spybot Search & Destroy, Malwarebytes Anti-Malware, and Super AntiSpyware. None of these have worked and when I tried to run a complete scan with Malwarebytes the computer was not able to complete the scan.

Any insight and assistance is very much appreciated.

Regards,

Tim

Here is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:55 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://MyDarden.darden.virginia.edu
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9189890156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9190053234
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7092 bytes
thoos
Active Member
 
Posts: 8
Joined: April 1st, 2009, 12:43 am
Advertisement
Register to Remove

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby Carolyn » April 6th, 2009, 12:03 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


  1. Please download OTListIt2 by OldTimer from Geeks to Go. Save it your desktop.
  2. Double click on OTListIt2.exe to run it.
  3. Under Extra Registry section, select Use SafeList.
  4. Copy the lines in the codebox below.
Code: Select all
Drivers32

  • Return to OTListIt2, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby thoos » April 6th, 2009, 10:54 pm

Here is the first of the two logs.

OTListIt Extras logfile created on: 4/6/2009 9:48:20 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.1 Folder = C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.03% Memory free
3.84 Gb Paging File | 3.42 Gb Available in Paging File | 89.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 55.60 Gb Free Space | 74.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANASTASIT08-S
Current User Name: AnastasiT08
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21B9D2F9-1CE7-4CDA-9D0D-28EB96565D25}" = Client for Microsoft Office SharePoint Portal Server 2003
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4917F448-B925-405F-9C2E-B48FF011A40B}" = Crystal Ball 7
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1" = Spy Sweeper
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7EF46B6F-BC3A-4959-88E1-52AF882F1ADA}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7E3366C-C3C5-4662-BD30-D71341FD1E80}" = T-Mobile Connection Manager
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}" = Dell Mobile Broadband Card Utility
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD727056-F0C4-4811-9688-9EBF450D22C4}" = AXIS Media Control Embedded Installer
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DiskMapper" = DiskMapper
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PrimoPDF3.1" = PrimoPDF
"ProInst" = Intel(R) PROSet/Wireless Software
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP LE" = Ipswitch WS_FTP LE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2009 7:11:31 PM | Computer Name = ANASTASIT08-S | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/29/2009 9:58:45 AM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.508, faulting module unknown,
version 0.0.0.0, fault address 0x10001e39.

Error - 3/29/2009 3:07:54 PM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x10002aa2.

Error - 3/29/2009 3:08:21 PM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x10002aa2.

Error - 3/29/2009 3:08:41 PM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x10002aa2.

Error - 3/30/2009 7:56:39 PM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.508, faulting module unknown,
version 0.0.0.0, fault address 0x10001e39.

Error - 3/31/2009 6:50:05 AM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.31.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x10021e39.

Error - 4/4/2009 10:50:48 AM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/4/2009 10:50:52 AM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1001
Description = Fault bucket 1204890990.

Error - 4/4/2009 11:07:59 AM | Computer Name = ANASTASIT08-S | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.508, faulting module unknown,
version 0.0.0.0, fault address 0x10001e39.

[ OSession Events ]
Error - 9/4/2007 11:05:11 AM | Computer Name = ANASTASIT08-S | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5459
seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/16/2007 7:49:37 AM | Computer Name = ANASTASIT08-S | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/11/2008 5:31:28 PM | Computer Name = ANASTASIT08-S | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/12/2008 12:43:23 PM | Computer Name = ANASTASIT08-S | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/30/2008 11:46:09 AM | Computer Name = ANASTASIT08-S | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3780
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/5/2009 7:26:23 PM | Computer Name = ANASTASIT08-S | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pwipf6

Error - 4/5/2009 7:26:26 PM | Computer Name = ANASTASIT08-S | Source = WMPNetworkSvc | ID = 866297
Description = Service 'WMPNetworkSvc' did not start correctly because the registry
could not be updated due to error '0x80070006'. If possible, reinstall Windows
Media Player.

Error - 4/5/2009 7:26:26 PM | Computer Name = ANASTASIT08-S | Source = Service Control Manager | ID = 7023
Description = The Windows Media Player Network Sharing Service service terminated
with the following error: %%1008

Error - 4/6/2009 10:41:12 PM | Computer Name = ANASTASIT08-S | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/6/2009 10:41:23 PM | Computer Name = ANASTASIT08-S | Source = WMPNetworkSvc | ID = 866297
Description = Service 'WMPNetworkSvc' did not start correctly because the registry
could not be updated due to error '0x80070006'. If possible, reinstall Windows
Media Player.

Error - 4/6/2009 10:41:24 PM | Computer Name = ANASTASIT08-S | Source = Service Control Manager | ID = 7023
Description = The Windows Media Player Network Sharing Service service terminated
with the following error: %%1008

Error - 4/6/2009 10:41:42 PM | Computer Name = ANASTASIT08-S | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pwipf6

Error - 4/6/2009 10:41:45 PM | Computer Name = ANASTASIT08-S | Source = WMPNetworkSvc | ID = 866297
Description = Service 'WMPNetworkSvc' did not start correctly because the registry
could not be updated due to error '0x80070006'. If possible, reinstall Windows
Media Player.

Error - 4/6/2009 10:41:45 PM | Computer Name = ANASTASIT08-S | Source = Service Control Manager | ID = 7023
Description = The Windows Media Player Network Sharing Service service terminated
with the following error: %%1008

Error - 4/6/2009 10:43:56 PM | Computer Name = ANASTASIT08-S | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
thoos
Active Member
 
Posts: 8
Joined: April 1st, 2009, 12:43 am

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby thoos » April 6th, 2009, 10:58 pm

Here is the second of the two logs.

Thank you for your assistance.

Tim



OTListIt logfile created on: 4/6/2009 9:48:20 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.1 Folder = C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.03% Memory free
3.84 Gb Paging File | 3.42 Gb Available in Paging File | 89.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 55.60 Gb Free Space | 74.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANASTASIT08-S
Current User Name: AnastasiT08
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/13 12:22:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
PRC - [2006/01/19 08:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008/11/12 17:02:14 | 03,667,312 | ---- | M] (Webroot Software, Inc. (http://www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2008/04/14 06:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2007/06/28 09:14:42 | 00,270,648 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/03/24 16:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2005/03/23 18:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2008/12/13 12:22:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2009/02/17 11:43:26 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2007/06/28 09:14:32 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/06 21:46:43 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/04 23:05:06 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 06:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/06/28 09:14:32 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/12/13 12:22:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/11/17 03:06:00 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Stopped])
SRV - [2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/05/15 18:08:38 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Auto | Running])
SRV - [2006/01/19 08:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/05/15 18:08:40 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hpzipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2008/11/12 17:02:14 | 03,667,312 | ---- | M] (Webroot Software, Inc. (http://www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/10/26 09:01:02 | 00,142,720 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2004/08/04 02:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/08/13 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/12/13 10:54:08 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [On_Demand | Stopped])
DRV - [2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/01 00:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 00:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009/02/04 23:05:05 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009/02/04 23:05:05 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2005/10/04 22:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/01/19 08:14:00 | 03,595,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/12/09 15:39:16 | 00,067,840 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\DRIVERS\NWADIenum.sys -- (NWADI [On_Demand | Running])
DRV - [2001/08/22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2004/11/29 13:13:28 | 00,017,359 | R--- | M] (PCTEL Inc.) -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5 [On_Demand | Stopped])
DRV - [2005/03/15 04:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/22 19:26:45 | 00,107,272 | ---- | M] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys.old -- (pwipf6 [System | Stopped])
DRV - [2005/12/28 12:22:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2009/02/17 11:43:28 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/02/17 11:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/02/17 11:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2008/11/12 17:02:26 | 00,029,808 | ---- | M] (Webroot Software, Inc. (http://www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys.old -- (SSFS0BBC [Boot | Stopped])
DRV - [2008/11/12 17:02:26 | 00,023,152 | ---- | M] (Webroot Software, Inc. (http://www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys.old -- (SSHRMD [Boot | Stopped])
DRV - [2008/11/12 17:02:28 | 00,170,608 | ---- | M] (Webroot Software, Inc. (http://www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys.old -- (SSIDRV [Boot | Stopped])
DRV - [2006/07/07 15:41:48 | 00,014,848 | ---- | M] (Webroot Software Inc (http://www.webroot.com)) -- C:\WINDOWS\System32\Drivers\sskbfd.sys -- (SSKBFD [On_Demand | Running])
DRV - [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2006/03/24 16:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2004/08/13 00:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2006/03/20 18:10:22 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbccid.sys -- (USBCCID [On_Demand | Running])
DRV - [2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])
DRV - [2005/12/01 00:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value Default_Secondary_Page_URL = 0 bytes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value Secondary Start Pages = 0 bytes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dl ... =ie5update

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.espn.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.1
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.3
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.3.3
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.2
FF - prefs.js..extensions.enabledItems: LDshowpicture_plashcor@gmail.com:1.5
FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:3.1.2009032701
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.3.0.5
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:3.0.3
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/13 12:22:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 16:20:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 16:00:29 | 00,000,000 | ---D | M]

[2008/12/13 12:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Extensions
[2008/12/13 12:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/31 22:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions
[2009/03/31 22:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/03/31 22:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/12/13 12:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2009/03/31 22:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2008/12/13 12:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2009/02/14 10:20:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/13 12:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2008/12/13 12:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009/02/14 19:42:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2009/03/31 22:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/13 00:32:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/14 10:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/12/13 12:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2008/12/13 12:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2008/12/13 12:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/12/13 12:24:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\LDshowpicture_plashcor@gmail.com
[2009/01/27 22:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\mozilla\Firefox\Profiles\ysrwuiit.default\extensions\moveplayer@movenetworks.com
[2009/03/28 16:00:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 16:00:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/26 14:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 14:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 13:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 13:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 13:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 13:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 13:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 13:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 13:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: virginia.edu ([admin.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([computing.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([exed.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([faculty.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([intranet.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([it.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([mail.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([mail2.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([mydarden.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([portal.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([student.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([webboard.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: virginia.edu ([webmail.darden] http in Local intranet)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: virginia.edu ([admin.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([computing.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([exed.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([faculty.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([intranet.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([it.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([mail.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([mail2.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([mydarden.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([portal.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([student.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([webboard.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: virginia.edu ([webmail.darden] http in Local intranet)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} http://supportsoft.adelphia.net/sdccomm ... ctlins.cab (Support.com Installer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 9189890156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9190053234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/14 13:24:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
Drivers32: aux - C:\WINDOWS\system32\..\fbr.rfh ()
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/04/06 21:46:26 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\OTListIt2.exe
[2009/03/31 23:19:14 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\HiJackThis.exe
[2009/03/31 23:17:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/31 23:16:47 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\NTREGOPT.lnk
[2009/03/31 23:16:47 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\ERUNT.lnk
[2009/03/31 23:16:47 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/31 23:15:24 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\erunt-setup.exe
[2009/03/31 19:25:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/31 19:24:53 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/31 19:24:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/31 19:24:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Application Data\SUPERAntiSpyware.com
[2009/03/31 19:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/30 19:41:24 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/30 19:40:35 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/30 19:39:25 | 00,175,504 | ---- | C] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\activescan2_en.exe
[2009/03/30 19:03:21 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\Spybot - Search & Destroy.lnk
[2009/03/30 19:03:15 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/30 19:03:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/28 16:00:32 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/27 08:20:03 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\Pledges and Promsies 03.27.09.xls
[2009/03/27 08:19:48 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\Copy of Pledges and Promsies.xls
[2009/02/14 23:52:27 | 00,000,072 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/02/14 23:52:27 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/02/14 23:52:27 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/12/13 10:54:12 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/13 10:54:08 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/07/26 21:01:03 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/07/26 21:00:45 | 00,000,166 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/07/07 11:02:26 | 00,001,345 | ---- | C] () -- C:\WINDOWS\DKAAT2DD.ini
[2007/12/04 18:24:19 | 00,003,227 | ---- | C] () -- C:\WINDOWS\DM.INI
[2007/12/04 18:10:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/07/31 17:05:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/01/22 21:57:31 | 00,000,665 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/02 17:54:30 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/11/06 17:49:36 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/08/23 20:05:38 | 00,000,685 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/07/17 15:00:14 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/17 15:00:14 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/07/17 14:39:05 | 00,000,189 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/17 14:38:42 | 00,000,319 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2006/07/17 14:17:36 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/17 12:31:54 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/14 13:56:53 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/14 13:56:52 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/14 13:56:48 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/14 13:56:41 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/14 13:56:26 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/01/21 11:02:28 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 07:00:00 | 00,000,749 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,289 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/06 21:46:43 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\OTListIt2.exe
[2009/04/06 21:41:44 | 00,067,353 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/04/06 21:41:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/04/06 21:41:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/06 21:40:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/06 21:40:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/05 19:17:58 | 02,236,448 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/04/05 19:17:58 | 00,393,248 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/04/05 19:17:58 | 00,018,552 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/04/05 19:17:58 | 00,002,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/04/01 20:37:09 | 07,228,990 | -H-- | M] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Local Settings\Application Data\IconCache.db
[2009/03/31 23:19:23 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\HiJackThis.exe
[2009/03/31 23:16:47 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\NTREGOPT.lnk
[2009/03/31 23:16:47 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\ERUNT.lnk
[2009/03/31 23:15:47 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\erunt-setup.exe
[2009/03/31 19:24:53 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/30 19:39:25 | 00,175,504 | ---- | M] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\activescan2_en.exe
[2009/03/30 19:03:21 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\Spybot - Search & Destroy.lnk
[2009/03/28 16:00:32 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/27 08:24:25 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\Pledges and Promsies 03.27.09.xls
[2009/03/27 08:19:50 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\Copy of Pledges and Promsies.xls
[2009/03/12 07:29:17 | 00,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/09 06:48:39 | 00,526,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 06:48:39 | 00,444,900 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 06:48:39 | 00,072,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >
thoos
Active Member
 
Posts: 8
Joined: April 1st, 2009, 12:43 am

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby Carolyn » April 7th, 2009, 12:31 pm

Hi Tim,

I notice that there is more than one antivirus program installed on your computer. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. When you have more than one antivirus program installed at the same time, they conflict with each other rendering the computer vulnerable or unusable.

It is NOT safe to have more than one anti-virus installed on a system, and doing so not only does NOT provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes!

Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.

==============================================

I see signs of McAfee antivirus on your computer... It looks like you previously uninstalled McAfee and it left some free parting gifts behind. Let's remove those


Dowload and save McAfee Removal Tool to your desktop.

Run it to remove McAfee. After this, please restart your computer.

==============================================

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERUNT.exe

==============================================

Custom Fix with OTListIt2
  • Double-click OTListIt2.exe. (Vista users, please right click on OTListIt2.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:files
C:\WINDOWS\system32\..\fbr.rfh /s

:reg
[hklm\software\microsoft\windows nt\currentversion\drivers32]
"aux"="wdmaud.drv"

:commands
[emptytemp]

  • Return to OTListIt2, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
  • Click the red Run Fix button.
  • If OTListIt prompts for permission to reboot the computer, allow it to do so. After the reboot, you may need to double click OTListIt2 to launch the program and retrieve the log.
  • Copy and paste the contents of the OTListIt2 log in your next reply.[/color]

==============================================

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

==============================================

Please post the following in your next reply:
  • The OTListIt log
  • The Kaspersky log
  • A fresh HijackThis log
  • A description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby thoos » April 8th, 2009, 10:56 am

I have hit a snag in following the instructions you gave me. I was able to successfully uninstall all of the additional Anti-Virus programs I had, leaving Kaspersky only. I have not been able to successfully run the McAfee removal tool though. When I attempt to download it my computer stalls and it will not proceed to download and run that application. Should I continue to the next steps you gave me or should I do something else to try and remove the remnants of the McAfee program that was on my machine before proceeding.

Thanks,

Tim
thoos
Active Member
 
Posts: 8
Joined: April 1st, 2009, 12:43 am

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby Carolyn » April 8th, 2009, 2:16 pm

Hi Tim,

Please continue with the next steps. We can revisit the McAfee remnants at a later time.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby thoos » April 9th, 2009, 10:53 pm

The good news first. As far as I can tell my computer now seems to be behaving properly. Mozilla is no longer crashing and when I tried using google none of my searches got redirected. I was able to run the OTListIT application and I have created another HijackThis log. I have pasted both below.

On the bad side, I went through the steps to run the Kaspersky online scan and that was unsuccessful. I was able to hit "Accept" and the "Run," but when the program went to update the databases it took a long time and then my entire computer screen went blue and the machine crashed. This happened twice. When the blue screen appeared it said that it was due to a klif.sys error, whatever that may be. After the second time I simply moved on and ran the HijackThis log and I tested the computer's performance, which as I noted above appears to be good.

What should I do next?

Thanks,

Tim

OTListIt Log

========== FILES ==========
C:\WINDOWS\system32\..\fbr.rfh moved successfully.
========== REGISTRY ==========
hklm\software\microsoft\windows nt\currentversion\drivers32\\"aux"|"wdmaud.drv" /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Local Settings\Temporary Internet Files\Content.IE5\X2182IJ3\default[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Local Settings\Temporary Internet Files\Content.IE5\4QU7JD5O\InboxLight[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Local Settings\Temporary Internet Files\Content.IE5\4QU7JD5O\viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS000361F5-2858-4F5C-AC4C-210549138317.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS02E7D451-A6F3-40F6-9687-6D9E53C69BDD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS035E254C-47A2-42A5-8610-A8FCAF4AE467.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS043E383E-1DDD-42D6-A497-B31FFE1C4303.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS06C049A0-E401-4ACB-99E2-E22DB62D8E9C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0A195E12-9DD2-4458-AEC3-6A6EED6EF8CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0A8A7C80-60CC-4305-B6C3-3932D355A679.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0E6BFF62-ACB1-457D-9DB1-DE3915661144.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0EE207A3-F999-41DC-9392-D60CE9EEC445.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0F95F4AE-E0B1-4682-BEA5-28D0A9421B10.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS11691411-1F42-4EAC-BFB7-A86A3E5BA7D0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1481AEA0-33CB-4108-AE3C-E03F48E803F5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1D7B86C3-8B6E-411C-A8FF-E311D1009379.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1D9B72A5-32AC-4D79-B44B-CCC7376220CF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1E0BEF29-2335-4815-A35F-59E92B32DF5D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1EDF1CD0-D0A3-4F9A-B848-663CD17E9264.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2052327B-5672-4D98-886B-64E4578044EF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS20B2D10E-A23B-40CF-B3A2-177DBC435AB8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS213C2614-74AE-4E05-B0FA-0430D9B3704B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS21671D56-D3EC-481E-AD19-F923A933FD37.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS22CD76BC-3BAC-4A73-BE87-7285AA059938.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS238D0112-7904-4541-81BE-740710B20CB1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS242C8D22-CD11-40E0-959E-2E364D05DB66.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS26A8EE43-C5DC-4392-BBFD-A32B0B769A48.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS29AC91B8-90E9-4F47-8260-9AD78E46DCAA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2AAA928E-7C21-49BB-8405-3F70451E1EFF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2E0D0CE7-4FBA-4CF7-B3B3-5FDEDA1326DE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2F6AC7F3-5E1E-4F2C-8C3B-18FE9A7E0307.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS33B66010-313E-42A0-989C-E56288B8E6C0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS37C044FE-38A3-46AB-B419-64EA3AD5741B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS385944C8-54FE-4838-A036-942A3F53C037.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS437A50E9-18E4-4A61-ADAB-EF794CCD7238.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS47E7CB45-413E-4161-A74D-44F957660EF1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS48164475-07C9-49D1-B3E7-8896D3E46337.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS49C237A1-E22B-44B8-8C82-E583043046F4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4AACFAA7-677A-4ED2-A5D1-3FCC8FBDBA44.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4AC3B14D-B385-4CC5-9839-87AB1B34D59F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4BAE9CB2-4450-42DA-B424-AB1B9986B378.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4C70B765-D3D4-43F2-8A50-98BDECF542AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4E20D655-C09E-4BB1-9912-2723C9F6B14D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS503D9A6C-0E2A-4D85-8654-80FD2857BEE0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS547024B0-C766-4315-B577-527AC33070DA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS55ACF901-6EB3-4B05-BBA6-49BC88B1778A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS55CC8843-4A77-443F-961D-F910A4020901.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS56D38EC2-4B58-4CD5-9764-7F5C1B7E95FF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5998D2B8-9D80-4C7C-BA06-1C618AC10A63.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS59BB2020-E3FB-40B4-893F-6D929546CB47.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5CB35F59-40F1-4DF0-82C1-813C481668FE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS64429F3B-440E-47D4-89AC-D9310ADC4232.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS64F60D04-3297-41EB-83D8-6C3DC37DE428.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6B2029D2-EB81-482A-941A-3C87A5D7DC26.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6B413FE7-692F-4E58-B769-2D901F1EF28E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6EE006EF-3E45-4053-9083-9B52F56F75D7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6F83DB07-3055-48CF-BA24-C6E2220DB1E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS774C2517-852C-4185-8F8D-D74188E1F5A4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS79C2D203-4ACC-482E-BDBB-525A92556BFE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7AD105AB-DFAA-41FB-835F-3DA5D0A750E1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8089D250-E322-4E06-B235-BDCE6FBC8BB9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8826DA0F-B331-4258-B8B9-A77CA42D1529.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS89CC7384-941F-4F97-B48B-B6CD9815F870.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS90BB2942-3928-4177-B52E-F6FD93D51944.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9483A2C2-3AD3-43BD-9ADC-03DE668DB9C9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9713110D-E36D-4A6F-84CE-313E48630E30.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS97B94D90-0F6F-4D17-92D8-482579F998B0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9AB610A5-88EE-41B9-AEB6-0A5DDF3E0E71.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9D1EE6AE-3B80-4AD3-AE36-8DA6836E5729.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9D9578F7-E304-43FC-A142-5555BE71D0AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9DF6C686-5520-4E47-A8E6-9314D82FB50D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA60CC906-1FFF-4D90-8C8F-36CAF3203052.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA62F4A11-FCD9-43DF-B727-CC02A68B4955.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA749A8E1-55F2-453D-BCE3-798AD3617C87.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB3027985-C226-4914-8BD8-42C70619938A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB58AEE1D-4B8C-481C-8782-667EE0B2E1D1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB5D54A50-01AA-4901-83AF-263959A42D8D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB61EB536-EE95-4B9C-81C3-A26C4C9B24C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB7E17175-3CFD-4692-9152-53622759A207.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBAE54854-5658-420E-A856-CD364F168407.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBCDB261B-A46A-4405-B2A6-31051B74E5AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC029D9CE-9B92-43F4-B743-ED05FACE1324.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC0589C42-4147-4C04-A360-215483636D71.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC16D5013-3EF1-4E1D-85A3-70B36BE99BD8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCF0164AE-90B8-4D4E-B7C7-5E4EBF28BB6B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCF5E587A-7B8D-4AAE-9B48-B26184D17888.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD3B771D9-2EC6-4207-8950-F0DEF95AAECD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD819794B-D039-46BF-A7C0-A37F3BF3F0A7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDB3A7ED3-27C2-4096-8097-BEC1C10E2450.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDC81071C-227B-4695-825F-066D46091FB3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDF09087B-0218-4E5D-B699-43CD632D8899.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDFD0000B-4EF1-48F3-8A98-EF73A05CD47E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE13137F6-155E-4DE2-9485-FE066077686D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE23AE8C8-B37C-4D66-8689-A7FDF50F3DE0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE2D5D8E9-1D12-4556-97FD-5F1AEE2031B9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE3AE3B82-F67C-403C-A80B-E56824795CA9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE456F681-B563-4202-90F9-7D1E2BD4A645.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE726E594-3C62-4FA6-98C8-844323AA1613.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE79072D6-69D0-48B5-B139-401B071D84E5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEB91AAE0-085C-469C-A3AE-164B5AB80E5A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEEFB36F3-9A2D-4723-B7E2-1D210ABB462B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF0125BE5-573E-4888-9697-4388440639D2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF0C2FDF0-15DA-4206-AC91-A90464CE50F3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF3B6B020-2602-4545-8C4D-EAA303CDCB27.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF44D0FB4-8DDE-452C-94C0-7198CB55E33A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF5AA62AB-383C-4604-A4F0-1D0891776400.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFC60A40B-118D-49D5-801C-A507DF43C3E9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~6bced1c96e.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~6bced1ce26.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_774.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.12.1 log created on 04092009_190435

Files moved on Reboot...
C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Local Settings\Temporary Internet Files\Content.IE5\X2182IJ3\default[1].htm moved successfully.
C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Local Settings\Temporary Internet Files\Content.IE5\4QU7JD5O\InboxLight[1].htm moved successfully.
C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Local Settings\Temporary Internet Files\Content.IE5\4QU7JD5O\viewtopic[1].htm moved successfully.
File C:\WINDOWS\temp\wrstemp\SSMS000361F5-2858-4F5C-AC4C-210549138317.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS02E7D451-A6F3-40F6-9687-6D9E53C69BDD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS035E254C-47A2-42A5-8610-A8FCAF4AE467.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS043E383E-1DDD-42D6-A497-B31FFE1C4303.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS06C049A0-E401-4ACB-99E2-E22DB62D8E9C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0A195E12-9DD2-4458-AEC3-6A6EED6EF8CE.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0A8A7C80-60CC-4305-B6C3-3932D355A679.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0E6BFF62-ACB1-457D-9DB1-DE3915661144.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0EE207A3-F999-41DC-9392-D60CE9EEC445.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0F95F4AE-E0B1-4682-BEA5-28D0A9421B10.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS11691411-1F42-4EAC-BFB7-A86A3E5BA7D0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1481AEA0-33CB-4108-AE3C-E03F48E803F5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1D7B86C3-8B6E-411C-A8FF-E311D1009379.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1D9B72A5-32AC-4D79-B44B-CCC7376220CF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1E0BEF29-2335-4815-A35F-59E92B32DF5D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1EDF1CD0-D0A3-4F9A-B848-663CD17E9264.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2052327B-5672-4D98-886B-64E4578044EF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS20B2D10E-A23B-40CF-B3A2-177DBC435AB8.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS213C2614-74AE-4E05-B0FA-0430D9B3704B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS21671D56-D3EC-481E-AD19-F923A933FD37.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS22CD76BC-3BAC-4A73-BE87-7285AA059938.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS238D0112-7904-4541-81BE-740710B20CB1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS242C8D22-CD11-40E0-959E-2E364D05DB66.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS26A8EE43-C5DC-4392-BBFD-A32B0B769A48.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS29AC91B8-90E9-4F47-8260-9AD78E46DCAA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2AAA928E-7C21-49BB-8405-3F70451E1EFF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2E0D0CE7-4FBA-4CF7-B3B3-5FDEDA1326DE.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2F6AC7F3-5E1E-4F2C-8C3B-18FE9A7E0307.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS33B66010-313E-42A0-989C-E56288B8E6C0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS37C044FE-38A3-46AB-B419-64EA3AD5741B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS385944C8-54FE-4838-A036-942A3F53C037.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS437A50E9-18E4-4A61-ADAB-EF794CCD7238.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS47E7CB45-413E-4161-A74D-44F957660EF1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS48164475-07C9-49D1-B3E7-8896D3E46337.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS49C237A1-E22B-44B8-8C82-E583043046F4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4AACFAA7-677A-4ED2-A5D1-3FCC8FBDBA44.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4AC3B14D-B385-4CC5-9839-87AB1B34D59F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4BAE9CB2-4450-42DA-B424-AB1B9986B378.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4C70B765-D3D4-43F2-8A50-98BDECF542AD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4E20D655-C09E-4BB1-9912-2723C9F6B14D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS503D9A6C-0E2A-4D85-8654-80FD2857BEE0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS547024B0-C766-4315-B577-527AC33070DA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS55ACF901-6EB3-4B05-BBA6-49BC88B1778A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS55CC8843-4A77-443F-961D-F910A4020901.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS56D38EC2-4B58-4CD5-9764-7F5C1B7E95FF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5998D2B8-9D80-4C7C-BA06-1C618AC10A63.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS59BB2020-E3FB-40B4-893F-6D929546CB47.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5CB35F59-40F1-4DF0-82C1-813C481668FE.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS64429F3B-440E-47D4-89AC-D9310ADC4232.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS64F60D04-3297-41EB-83D8-6C3DC37DE428.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6B2029D2-EB81-482A-941A-3C87A5D7DC26.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6B413FE7-692F-4E58-B769-2D901F1EF28E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6EE006EF-3E45-4053-9083-9B52F56F75D7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6F83DB07-3055-48CF-BA24-C6E2220DB1E7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS774C2517-852C-4185-8F8D-D74188E1F5A4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS79C2D203-4ACC-482E-BDBB-525A92556BFE.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7AD105AB-DFAA-41FB-835F-3DA5D0A750E1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8089D250-E322-4E06-B235-BDCE6FBC8BB9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8826DA0F-B331-4258-B8B9-A77CA42D1529.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS89CC7384-941F-4F97-B48B-B6CD9815F870.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS90BB2942-3928-4177-B52E-F6FD93D51944.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9483A2C2-3AD3-43BD-9ADC-03DE668DB9C9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9713110D-E36D-4A6F-84CE-313E48630E30.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS97B94D90-0F6F-4D17-92D8-482579F998B0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9AB610A5-88EE-41B9-AEB6-0A5DDF3E0E71.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9D1EE6AE-3B80-4AD3-AE36-8DA6836E5729.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9D9578F7-E304-43FC-A142-5555BE71D0AA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9DF6C686-5520-4E47-A8E6-9314D82FB50D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA60CC906-1FFF-4D90-8C8F-36CAF3203052.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA62F4A11-FCD9-43DF-B727-CC02A68B4955.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA749A8E1-55F2-453D-BCE3-798AD3617C87.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB3027985-C226-4914-8BD8-42C70619938A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB58AEE1D-4B8C-481C-8782-667EE0B2E1D1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB5D54A50-01AA-4901-83AF-263959A42D8D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB61EB536-EE95-4B9C-81C3-A26C4C9B24C3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB7E17175-3CFD-4692-9152-53622759A207.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBAE54854-5658-420E-A856-CD364F168407.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBCDB261B-A46A-4405-B2A6-31051B74E5AA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC029D9CE-9B92-43F4-B743-ED05FACE1324.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC0589C42-4147-4C04-A360-215483636D71.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC16D5013-3EF1-4E1D-85A3-70B36BE99BD8.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCF0164AE-90B8-4D4E-B7C7-5E4EBF28BB6B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCF5E587A-7B8D-4AAE-9B48-B26184D17888.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD3B771D9-2EC6-4207-8950-F0DEF95AAECD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD819794B-D039-46BF-A7C0-A37F3BF3F0A7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDB3A7ED3-27C2-4096-8097-BEC1C10E2450.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDC81071C-227B-4695-825F-066D46091FB3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDF09087B-0218-4E5D-B699-43CD632D8899.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDFD0000B-4EF1-48F3-8A98-EF73A05CD47E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE13137F6-155E-4DE2-9485-FE066077686D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE23AE8C8-B37C-4D66-8689-A7FDF50F3DE0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE2D5D8E9-1D12-4556-97FD-5F1AEE2031B9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE3AE3B82-F67C-403C-A80B-E56824795CA9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE456F681-B563-4202-90F9-7D1E2BD4A645.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE726E594-3C62-4FA6-98C8-844323AA1613.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE79072D6-69D0-48B5-B139-401B071D84E5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEB91AAE0-085C-469C-A3AE-164B5AB80E5A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEEFB36F3-9A2D-4723-B7E2-1D210ABB462B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF0125BE5-573E-4888-9697-4388440639D2.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF0C2FDF0-15DA-4206-AC91-A90464CE50F3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF3B6B020-2602-4545-8C4D-EAA303CDCB27.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF44D0FB4-8DDE-452C-94C0-7198CB55E33A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF5AA62AB-383C-4604-A4F0-1D0891776400.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFC60A40B-118D-49D5-801C-A507DF43C3E9.tmp not found!
File C:\WINDOWS\temp\cch~6bced1c96e.htp not found!
File C:\WINDOWS\temp\cch~6bced1ce26.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_774.dat not found!

Registry entries deleted on Reboot...


HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:57 PM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://MyDarden.darden.virginia.edu
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9189890156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9190053234
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6875 bytes
thoos
Active Member
 
Posts: 8
Joined: April 1st, 2009, 12:43 am

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby Carolyn » April 10th, 2009, 7:34 am

Hi,

Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of http://java.sun.com/javase/downloads/index.jsp.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 13.
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
  • Note: If you don't want the Google toolbar, make sure you uncheck the option included in the installer!

================================

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

If you don't like Adobe Reader, you can try Foxit PDF Reader. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

================================

  1. Click here to perform a Panda online scan. Please use Internet Explorer as it requires ActiveX.
  2. Click on Scan your PC now.
  3. A new window will open.
  4. Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable. option.
  5. Click on Free online scan.
  6. You will be prompted to install an ActiveX. Please allow it.
  7. Once installed, it will start downloading the virus definitions. Please be patient. This takes a while.
  8. Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
  9. The scan will start. It takes a while, please be patient.
  10. Once done, click on View Report.
  11. You will be brought to another page. Click on Save Report. Save it to your desktop. Please post this report in your next reply.

================================

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

================================

Please post the following:
  • The Panda log
  • A fresh HijackThis log
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby thoos » April 11th, 2009, 12:13 am

I was able to follow all of those steps successfully. I have posted the Panda Scan file and the HijackThis log below.

Thanks,

Tim

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:05 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\DOCUME~1\ANASTA~1.ANA\LOCALS~1\Temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://MyDarden.darden.virginia.edu
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9189890156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9190053234
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7077 bytes


PandaScan File

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-04-10 22:57:53
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 8.0.0.506 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Cookies\anastasit08@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Cookies\anastasit08@go[4].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Cookies\anastasit08@go[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location '
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description '
;===================================================================================================================================================================================
;===================================================================================================================================================================================
thoos
Active Member
 
Posts: 8
Joined: April 1st, 2009, 12:43 am

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby Carolyn » April 13th, 2009, 7:36 am

Hi,

I'm sorry for taking so long to reply. Your logs look good. Panda found some cookies that should be deleted, so let's take care of that along with the McAfee left-over.


Open Notepad, paste the following code box contents into the text.
Code: Select all
sc stop McAfeeFramework
sc delete McAfeeFramework


Use Notepad's File, Save As to save it to your desktop as File type All Files (not as text file or it won't work), and file name FixSvc.bat
Exit Notepad and double click on FixSvc.bat
A Command window will flash on and off.

REBOOT your machine. Sign in to your usual account.

Now, enable the Show Hidden Folders option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete them

C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Cookies\anastasit08@go[2].txt <<File
C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Cookies\anastasit08@go[4].txt <<File
C:\Documents and Settings\AnastasiT08.ANASTASIT08-S\Cookies\anastasit08@go[1].txt <<File
C:\Program Files\Network Associates <<Folder

Now empty you’re Recycle Bin.


=================================


This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

    CleanUp! with OTListIt2[/color]
    • Double click OTListIt2.exe to launch the programme.
    • Click on the CleanUp! button.
    • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • When finished exit out of OTListIt2
    • The tool will delete itself once it finishes, if not delete it by yourself.

    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    • Clear Infected System Restore Points
      • Turn System Restore off
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Check Turn off System Restore.
      • Click Apply, and then click OK.
        Restart your computer

      • Turn System Restore on
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Uncheck *Turn off System Restore*.
      • Click Apply, and then click OK.
      Note: only do this once,and not on a regular basis


    • Set correct settings for files
      • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
      • Under Hidden files and folders if necessary select Do not show hidden files and folders.
      • If unchecked please check Hide protected operating system files (Recommended)
      • If necessary check Display content of system folders
      • If necessary Uncheck Hide file extensions for known file types.
      • Click OK


    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

    • Make Internet Explorer More Secure
      You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.

    • Malwarebytes' Anti-Malware or SuperAntiSpyware
      These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
      You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
      You can download SuperAntiSpyware from HERE.

    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

      Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
      If this isn't done first, the next reboot may take a VERY LONG TIME.
      This is how to do it. First be sure you are signed in as a user with administrative privileges:
      Stop and Disable the DNS Client Service
      Go to Start, Run and type Services.msc and click OK.
      Under the Extended Tab, Scroll down and find this service.
      DNS Client
      Right-Click on the DNS Client Service. Choose Properties
      Select the General tab. Click on the Stop button.
      Click the Arrow-down tab on the right-hand side at the Start-up Type box.
      From the drop-down menu, click on Manual
      Click the Apply tab, then click OK


    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby thoos » April 17th, 2009, 8:26 am

Thank you for all of your help and assistance.

Best Regards,

Tim
thoos
Active Member
 
Posts: 8
Joined: April 1st, 2009, 12:43 am

Re: Mozilla FF Crashes & Search Engine Redirects

Unread postby Elrond » April 17th, 2009, 10:39 am

thoos this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 496 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware