Solved Google redirects in Mozilla

abooga313 · 2009/04/06

[Resolved] Google redirects in Mozilla

Seems to be a problem with links after Google search. Redirects to various websites. Here is the DDS file. Thanks for the help.

DDS (Ver_09-03-16.01) - NTFSx86
Run by alb123 at 14:29:21.68 on Mon 04/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.281 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krdevctl.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\arazfar\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.6.14.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {CAFB2180-BA09-11DC-95FF-0800200C9A66} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [CrossMenu] "c:\program files\toshiba\crossmenu\CrossMenu.exe "
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe "
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [ThpSrv] thpsrv /logon
mRun: [TFNF5] TFNF5.exe
mRun: [TMESRV.EXE] "c:\program files\toshiba\tme3\TMESRV31.EXE" /Logon
mRun: [TMERzCtl.EXE] "c:\program files\toshiba\tme3\TMERzCtl.EXE" /Service
mRun: [TPSMain] TPSMain.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [Kraidman] "c:\program files\toshiba\toshiba raid\console\Kraidman.exe "
mRun: [TRot.exe] "c:\program files\toshiba\toshiba rotation utility\TRot.exe "
mRun: [PINGER] "c:\toshiba\ivp\ism\pinger.exe" /run
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe "
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe "
mRun: [TouchED] "c:\program files\toshiba\touched\TouchED.Exe "
mRun: [TAudEffect] "c:\program files\toshiba\taudeffect\TAudEff.exe" /run
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ppmate] c:\program files\ppmate\ppmate\ppmate.exe -autoplay
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe "
mRun: [<NO NAME>]
mRun: [avp] c:\windows\temp\winBD.tmp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [TabletWizard] %windir%\help\wizard.hta
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs "
StartupFolder: c:\docume~1\arazfar\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\arazfar\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aim.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237260339968
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://netscreen.upmc.com/dana-cached/setup/JuniperSetupSP1.cab
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: mdc - SsoWindows.dll
Notify: psfus - psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
Notify: TSigNP - TSigNP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arazfar\applic~1\mozilla\firefox\profiles\i3se49n0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\arazfar\application data\mozilla\firefox\profiles\i3se49n0.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071302000002.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-1-15 6144]
R1 NEOFLTR_630_13881;Juniper Networks TDI Filter Driver (NEOFLTR_630_13881);c:\windows\system32\drivers\NEOFLTR_630_13881.sys [2009-1-23 64480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-1-15 5888]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 Cisco Secure Services Client;Cisco Secure Services Client;c:\program files\cisco systems\cisco secure services client\ConnectionClient.exe [2007-3-30 3891200]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-12-22 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-12-22 33024]
R2 Mtghouse;Meetinghouse 802.1x Protocol v3.7.1.0;c:\windows\system32\drivers\Mtghouse.sys [2007-9-7 21395]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2005-12-22 3456]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-1-15 126976]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-4 101936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-1-15 35968]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081221.020\naveng.sys [2008-12-21 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081221.020\navex15.sys [2008-12-21 876112]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-1-15 8832]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2006-1-15 595072]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-1-14 13568]
S1 cinemst22;cinemst22;c:\windows\system32\drivers\cinemst22.sys --> c:\windows\system32\drivers\cinemst22.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]

=============== Created Last 30 ================

2009-04-05 14:36 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-04-04 19:37 73,728 a------- C:\pv.exe
2009-04-04 19:37 388,608 a------- c:\windows\system32\cmd.execf
2009-04-03 20:08 <DIR> --d----- C:\fixwareout
2009-03-29 11:43 <DIR> --d----- c:\program files\ImageJ
2009-03-27 16:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-03-27 16:50 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-03-27 16:45 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-03-27 16:45 <DIR> --d----- c:\docume~1\arazfar\applic~1\DAEMON Tools Pro
2009-03-26 22:20 1,089,601 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-26 21:26 94,208 a------- c:\windows\system32\drivers\ezplay.sys
2009-03-26 21:26 94,208 a------- c:\docume~1\arazfar\applic~1\ezplay.sys
2009-03-26 21:26 87,608 a------- c:\docume~1\arazfar\applic~1\inst.exe
2009-03-26 21:26 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-26 21:26 47,360 a------- c:\docume~1\arazfar\applic~1\pcouffin.sys
2009-03-26 21:13 98,304 a------- c:\windows\system32CmdLineExt.dll
2009-03-18 16:47 <DIR> --d----- C:\iSiteLogs
2009-03-17 00:04 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-17 00:04 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-17 00:04 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-17 00:04 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-17 00:04 <DIR> --d----- C:\c0b87eaf5c533ffcea
2009-03-16 23:48 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-03-16 23:48 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-16 23:48 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-03-16 23:48 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-03-16 23:48 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-16 23:48 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-03-16 23:48 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-03-16 23:48 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-03-16 23:48 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-03-16 23:39 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-16 23:30 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-15 13:09 <DIR> --dsh--- c:\documents and settings\arazfar\IETldCache
2009-03-15 12:59 78,336 a------- c:\windows\system32\ieencode.dll

==================== Find3M ====================

2009-03-31 21:20 61,440 a--sh--- c:\windows\system32\mozubolu.exe
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-23 03:27 8,704 a------- c:\windows\system32\sporder.dll
2006-08-25 14:23 132 a------- c:\docume~1\arazfar\applic~1\wklnhst.dat
2003-11-03 16:52 301,321 a------- c:\documents and settings\all users\Office 2003 Editions 60 Day Trial.exe
2007-07-10 23:13 1,856,597 ---sh--- c:\windows\system32\dgjlm.bak2

============= FINISH: 14:30:07.24 ===============

Juliet · 2009/04/08

Hi and welcome

Please download OTMoveIt3 by OldTimer and save it to your desktop

Double-click OTMoveIt3.exe to run it.

Copy the lines in the codebox below. ( Make sure you include rocesses )
Code:
:Processes
explorer.exe
:Files
c:\windows\system32\dgjlm.bak2
c:\windows\system32\mozubolu.exe
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

- Close ALL open windows (especially Internet Explorer!)-

Click the red Moveit! button.

Copy everything in the Results window (under the green bar), and paste it in your next reply.

Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NEXT**

Please download RegQuery by Noviciate to your desktop

Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

Double click RegQuery.exe to run the program

Paste the text you have copied using CRTL and V, into the textbox

Click the Query button

A Notepad file will open. Please paste the contents in your next reply

You may now close the RegQuery program

I can see you have ComboFix on the computer, please post
C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

How about c:\Combofix\combofix.txt <-- is it here?

In your next reply post:
OTMoveIt log
RegQuery log
ComboFix.txt

abooga313 · 2009/04/08

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\dgjlm.bak2 moved successfully.
c:\windows\system32\mozubolu.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\arazfar\LOCALS~1\Temp\~DF716F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\arazfar\LOCALS~1\Temp\~DF896A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\arazfar\LOCALS~1\Temp\~DF95F2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\arazfar\LOCALS~1\Temp\~DFAE30.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\arazfar\LOCALS~1\Temp\~DFAE3D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\arazfar\LOCALS~1\Temp\~DFB0F3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\arazfar\Local Settings\Temporary Internet Files\Content.Word\~WRF0001.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\arazfar\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\arazfar\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\sqlite_5LfthoUABpQjeOe scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04082009_160401

abooga313 · 2009/04/08

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper "= "midimap.dll "
"msacm.imaadpcm "= "imaadp32.acm "
"msacm.msadpcm "= "msadp32.acm "
"msacm.msg711 "= "msg711.acm "
"msacm.msgsm610 "= "msgsm32.acm "
"msacm.trspch "= "tssoft32.acm "
"vidc.cvid "= "iccvid.dll "
"VIDC.I420 "= "lvcodec2.dll "
"vidc.iv31 "= "ir32_32.dll "
"vidc.iv32 "= "ir32_32.dll "
"vidc.iv41 "= "ir41_32.ax "
"VIDC.IYUV "= "iyuv_32.dll "
"vidc.mrle "= "msrle32.dll "
"vidc.msvc "= "msvidc32.dll "
"VIDC.UYVY "= "msyuv.dll "
"VIDC.YUY2 "= "msyuv.dll "
"VIDC.YVU9 "= "tsbyuv.dll "
"VIDC.YVYU "= "msyuv.dll "
"wavemapper "= "msacm32.drv "
"msacm.msg723 "= "msg723.acm "
"vidc.M263 "= "msh263.drv "
"vidc.M261 "= "msh261.drv "
"msacm.msaudio1 "= "msaud32.acm "
"msacm.sl_anet "= "sl_anet.acm "
"msacm.iac2 "= "C:\\WINDOWS\\system32\\iac25_32.ax "
"vidc.iv50 "= "ir50_32.dll "
"msacm.l3acm "= "C:\\WINDOWS\\system32\\l3codeca.acm "
"wave "= "wdmaud.drv "
"midi "= "wdmaud.drv "
"mixer "= "wdmaud.drv "
"wave1 "= "wdmaud.drv "
"midi1 "= "wdmaud.drv "
"mixer1 "= "wdmaud.drv "
"aux "= "wdmaud.drv "
"MSVideo8 "= "VfWWDM32.dll "
"wave2 "= "wdmaud.drv "
"midi2 "= "wdmaud.drv "
"mixer2 "= "wdmaud.drv "
"aux1 "= "wdmaud.drv "
"wave3 "= "wdmaud.drv "
"midi3 "= "wdmaud.drv "
"mixer3 "= "wdmaud.drv "
"aux2 "= "wdmaud.drv "
"MSVideo "= "vfwwdm32.dll "
"wave4 "= "wdmaud.drv "
"midi4 "= "wdmaud.drv "
"mixer4 "= "wdmaud.drv "
"aux3 "= "wdmaud.drv "
"wave5 "= "wdmaud.drv "
"midi5 "= "wdmaud.drv "
"mixer5 "= "wdmaud.drv "
"aux4 "= "wdmaud.drv "
"wave6 "= "wdmaud.drv "
"midi6 "= "wdmaud.drv "
"mixer6 "= "wdmaud.drv "
"aux5 "= "wdmaud.drv "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave "= "rdpsnd.dll "
"mixer "= "rdpsnd.dll "
"MaxBandwidth "=dword:000056b9
"wavemapper "= "msacm32.drv "
"EnableMP3Codec "=dword:00000001
"midimapper "= "midimap.dll "

abooga313 · 2009/04/08

Could not find those combofix.txt files. Here is a combofix.txt that I ran.

ComboFix 09-04-04.01 - arazfar 2009-04-08 16:19:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.357 [GMT -4:00]
Running from: c:\documents and settings\arazfar\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\arazfar\Application Data\inst.exe
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\temp\tn3
c:\windows\system32\biologon.dll
c:\windows\system32\etowuunk.ini
c:\windows\system32\gbchnunv.tmp
c:\windows\system32\gbchnunv.tmp2
c:\windows\system32\kvmofvqb.ini
c:\windows\system32\lcfqkuqt.ini
c:\windows\system32\lsprst7.dll
c:\windows\system32\nobdawbn.ini
c:\windows\system32\nsprs.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\umvrianb.ini

----- BITS: Possible infected sites -----

hxxp://updates.pitt.edu
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_seneka

((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-08 16:04 . 2009-04-08 16:04 <DIR> d-------- C:\_OTMoveIt
2009-04-06 14:43 . 2009-04-06 14:43 <DIR> d-------- c:\program files\Panda Security
2009-04-06 14:43 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-04-05 14:36 . 2009-04-05 14:36 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-03-29 11:43 . 2009-03-29 12:00 <DIR> d-------- c:\program files\ImageJ
2009-03-27 16:50 . 2009-03-27 16:59 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-03-27 16:50 . 2009-03-27 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-27 16:45 . 2009-03-27 16:45 <DIR> d-------- c:\documents and settings\arazfar\Application Data\DAEMON Tools Pro
2009-03-27 16:45 . 2009-03-27 16:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-26 22:20 . 2009-01-09 15:18 1,089,601 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-26 21:26 . 2009-03-26 21:33 <DIR> d-------- c:\documents and settings\arazfar\Application Data\Vso
2009-03-26 21:26 . 2009-03-26 21:26 94,208 --a------ c:\windows\system32\drivers\ezplay.sys
2009-03-26 21:26 . 2009-03-26 21:33 94,208 --a------ c:\documents and settings\arazfar\Application Data\ezplay.sys
2009-03-26 21:26 . 2009-03-26 21:26 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-03-26 21:26 . 2009-03-26 21:33 47,360 --a------ c:\documents and settings\arazfar\Application Data\pcouffin.sys
2009-03-26 21:13 . 2009-03-26 21:13 98,304 --a------ c:\windows\system32CmdLineExt.dll
2009-03-18 16:47 . 2009-03-18 16:47 <DIR> d-------- c:\program files\Stentor
2009-03-18 16:47 . 2009-03-18 16:47 <DIR> d-------- C:\iSiteLogs
2009-03-17 00:04 . 2009-03-17 00:05 <DIR> d-------- C:\c0b87eaf5c533ffcea
2009-03-17 00:04 . 2008-07-06 08:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-17 00:04 . 2008-07-06 06:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-17 00:04 . 2008-07-06 08:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-17 00:04 . 2008-07-06 08:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-16 23:48 . 2008-12-20 19:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-16 23:48 . 2007-04-17 05:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-16 23:48 . 2007-03-08 01:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-16 23:48 . 2008-12-20 19:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-16 23:48 . 2008-12-20 19:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-16 23:48 . 2008-12-20 19:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-16 23:48 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-16 23:48 . 2008-12-20 19:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-16 23:48 . 2008-12-19 05:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-16 23:39 . 2008-06-13 09:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-03-16 23:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-15 13:09 . 2009-03-15 13:09 <DIR> d--hs---- c:\documents and settings\arazfar\IETldCache
2009-03-15 12:59 . 2006-10-17 12:06 78,336 --a------ c:\windows\system32\ieencode.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 22:12 --------- d-----w c:\documents and settings\arazfar\Application Data\U3
2009-04-05 18:35 --------- d-----w c:\program files\MSECache
2009-04-04 17:21 --------- d-----w c:\program files\SUPERAntiSpyware
2009-04-04 03:51 --------- d-----w c:\documents and settings\arazfar\Application Data\Move Networks
2009-04-04 00:18 --------- d-----w c:\documents and settings\arazfar\Application Data\Viewpoint
2009-04-02 19:47 --------- d-----w c:\program files\SPSS
2009-03-27 01:28 --------- d-----w c:\documents and settings\arazfar\Application Data\Juniper Networks
2009-03-22 20:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-22 02:51 --------- d-----w c:\program files\CDex130
2009-03-07 21:25 --------- d-----w c:\documents and settings\arazfar\Application Data\ICAClient
2009-03-07 17:27 --------- d-----w c:\program files\Citrix
2009-03-07 17:06 --------- d-----w c:\program files\Juniper Networks
2009-03-07 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Juniper Networks
2009-02-15 19:20 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2006-08-25 18:23 132 ----a-w c:\documents and settings\arazfar\Application Data\wklnhst.dat
2003-11-03 20:52 301,321 ----a-w c:\documents and settings\All Users\Office 2003 Editions 60 Day Trial.exe
2007-11-09 21:10 30,288 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 21:10 79,440 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 21:10 75,344 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 21:10 140,880 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 21:10 42,576 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 21:10 50,768 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 21:10 34,384 ----a-w c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 21:11 685,648 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 21:11 30,288 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]
"LogitechSoftwareUpdate "= "c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv "= "thpsrv" [X]
"TabletWizard "= "c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
"TabletTip "= "c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 271872]
"00THotkey "= "c:\windows\system32\00THotkey.exe" [2006-01-17 05:00 258048]
"CrossMenu "= "c:\program files\Toshiba\CrossMenu\CrossMenu.exe" [2005-09-20 798720]
"Apoint "= "c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"PSQLLauncher "= "c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"TMESRV.EXE "= "c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TMERzCtl.EXE "= "c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2005-12-20 86016]
"Kraidman "= "c:\program files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-09-30 1126484]
"TRot.exe "= "c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2005-11-29 266240]
"PINGER "= "c:\toshiba\IVP\ISM\pinger.exe" [2005-03-17 151552]
"TosHKCW.exe "= "c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"SmoothView "= "c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-23 122880]
"TouchED "= "c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]
"TAudEffect "= "c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-10-05 344144]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-24 185784]
"LVCOMSX "= "c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair "= "c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray "= "c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"000StTHK "= "000StTHK.exe" [2001-06-24 00:28 24576 c:\windows\system32\000StTHK.exe]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-10-14 c:\windows\agrsmmsg.exe]
"NDSTray.exe "= "NDSTray.exe" [BU]
"TFncKy "= "TFncKy.exe" [BU]
"TFNF5 "= "TFNF5.exe" [2005-11-09 c:\windows\system32\TFNF5.exe]
"TPSMain "= "TPSMain.exe" [2005-12-15 c:\windows\system32\TPSMain.exe]
"TPSODDCtl "= "TPSODDCtl.exe" [2005-12-15 c:\windows\system32\TPSODDCtl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller "= "c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\arazfar\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-01-15 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-04-02 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 08:00 47104 c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdc]
2007-03-30 15:26 466944 c:\windows\system32\SsoWindows.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 01:42 40448 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 07:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2006-11-01 10:18 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TSigNP]
2005-12-28 02:05 53248 c:\windows\system32\TSigNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Program Files\\SopCast\\SopCast.exe "=
"c:\\Documents and Settings\\arazfar\\Application Data\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files\\BitComet\\BitComet.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
"c:\\Documents and Settings\\arazfar\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe "=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe "=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18890:TCP "= 18890:TCP:BitComet 18890 TCP
"18890:UDP "= 18890:UDP:BitComet 18890 UDP

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-04-06 28544]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-01-15 6144]
R1 NEOFLTR_630_13881;Juniper Networks TDI Filter Driver (NEOFLTR_630_13881);c:\windows\system32\drivers\NEOFLTR_630_13881.sys [2009-01-23 64480]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-01-15 5888]
R2 Cisco Secure Services Client;Cisco Secure Services Client;c:\program files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe [2007-03-30 3891200]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-12-22 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-12-22 33024]
R2 Mtghouse;Meetinghouse 802.1x Protocol v3.7.1.0;c:\windows\system32\drivers\Mtghouse.sys [2007-09-07 21395]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2005-12-22 3456]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [2006-01-15 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-04 101936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-01-15 35968]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-01-15 8832]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2006-01-15 595072]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-01-14 13568]
S1 cinemst22;cinemst22;c:\windows\system32\drivers\cinemst22.sys --> c:\windows\system32\drivers\cinemst22.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{249d030f-856b-11dc-bf2d-000e7b5d16f1}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{385581b0-81d7-11dd-803d-001302910f47}]
\Shell\AutoRun\command - e:\wd_windows_tools\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{425f5b39-1bad-11de-8080-001302910f47}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{799f138c-9be1-11dc-bf4a-001302910f47}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6661d82-1212-11dc-be66-001302910f47}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-ppmate - c:\program files\PPMate\PPMate\ppmate.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aim.com\www
FF - ProfilePath - c:\documents and settings\arazfar\Application Data\Mozilla\Firefox\Profiles\i3se49n0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\arazfar\Application Data\Mozilla\Firefox\Profiles\i3se49n0.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 16:25:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3125791079-3450399609-3914623911-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A57C4E64-B349-C5A1-A359-ABE5FD6E5758}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\vrlogon.dll
c:\windows\system32\SsoWindows.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\TSigNP.dll
c:\windows\system32\CLBCATQ.DLL
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\TOSHIBA RAID\Service\krdevctl.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\TME3\TMETEMnu.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-08 16:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-08 20:28:57

Pre-Run: 64,188,043,264 bytes free
Post-Run: 64,072,876,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg

336 --- E O F --- 2009-04-04 21:36:08

Juliet · 2009/04/08

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================

Double click on Malwarebytes_Anti-Malware icon to open the program.

Click on the Update tab
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition
files.

After the files have been downloaded on the left side of the page in the Scan section select My Computer.

This will start the program and scan your system.

The scan will take a while, so be patient and let it run. (At times it may appear to stall)
* Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419

In your next reply post:
MBAM log
Kaspersky log
New HJT log taken after the above scans have run

You may need several replies to post the requested logs, otherwise they might get cut off.

How's your computer now?

abooga313 · 2009/04/08

Malwarebytes found nothing.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, April 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, April 08, 2009 23:38:58
Records in database: 2023536
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 103495
Threat name: 9
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 03:35:26

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01D00000.VBN Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\043C0000.VBN Infected: Trojan.Java.ClassLoader.as 3
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04B00000\46F62770.VBN Infected: Trojan-Downloader.JS.Agent.kd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47D40791.VBN Infected: Exploit.Win32.MS06-006.k 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ACC0000\4ADD04DD.VBN Infected: Trojan-Downloader.JS.Iframe.rw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80000\4EF8FD26.VBN Infected: Trojan-Downloader.JS.Multi.cm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80001\4EF8FD42.VBN Infected: Trojan-Downloader.JS.Agent.bzl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F80000.VBN Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11680000.VBN Infected: Trojan.Java.ClassLoader.as 1
C:\_OTMoveIt\MovedFiles\04082009_160401\windows\system32\mozubolu.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnjh 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:59 PM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krdevctl.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\hh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] "C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe "
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe "
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TMESRV.EXE] "C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE" /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] "C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE" /Service
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [Kraidman] "C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe "
O4 - HKLM\..\Run: [TRot.exe] "c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe "
O4 - HKLM\..\Run: [PINGER] "C:\TOSHIBA\IVP\ISM\pinger.exe" /run
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe "
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe "
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe "
O4 - HKLM\..\Run: [TAudEffect] "C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237260339968
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://netscreen.upmc.com/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\SsoWindows.dll
O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Secure Services Client - Cisco Systems - C:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 14519 bytes

Juliet · 2009/04/09

Welcome back

Navigate to
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine <--you can delete the contents inside this folder.

NEXT**
Your version of Adobe is out of date.

You can obtain the latest version of Adobe Reader from [color= "red"]here[/color], and the latest version of Flash Player from [color= "red"]here[/color].
For more information and links to Adobe updates and downloads click [color= "red"]here[/color].

NEXT**
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [TkBellExe] \ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
(Description: Logitech Image Studio system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\ "
(Description: Adobe reader startup - unnecessarily uses system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \ "C:\Program Files\Java\jre6\bin\jusched.exe\ "
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

Now reboot the computer to set the registry.
~~~~~~~~~~~~~~~~`

How's the computer now?

abooga313 · 2009/04/09

Seems to be working ok. Thanks so much for your help.

Juliet · 2009/04/09

"abooga313 said: ↑

Seems to be working ok. Thanks so much for your help.
Click to expand...

Good deal.

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Click START then RUN

Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below

Next open OTMoveIt, then click on "CleanUp! ". If you receive a warning from your Firewall please allow...In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OTMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.

Then reboot your computer.

Thats it, you should be good to go ......good job!!

Please take the time to read over a few of my preventive tips.

Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.

Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

abooga313 · 2009/04/09

Just did a search in Google using Firefox and it redirected to another website. It seems it only does this in Firefox.

Juliet · 2009/04/09

Dog gone it!

Please download [color= "#FF0000"] GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Double-click GooredFix.exe to run it.

Select 1. Find Goored (no fix) by typing 1 and pressing Enter.

A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

abooga313 · 2009/04/09

GooredFix v1.92 by jpshortstuff
Log created at 19:12 on 09/04/2009 running Option #1
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{E9174E9F-70DB-446C-87B9-1F7AF16D2E3A}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components "= "C:\Program Files\Mozilla Firefox\components "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b} "= "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "

Juliet · 2009/04/09

Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point. <--Important

Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

abooga313 · 2009/04/09

GooredFix v1.92 by jpshortstuff
Log created at 19:19 on 09/04/2009 running Option #2
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{E9174E9F-70DB-446C-87B9-1F7AF16D2E3A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components "= "C:\Program Files\Mozilla Firefox\components "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b} "= "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "

Juliet · 2009/04/09

Tell me how the computer is now.

abooga313 · 2009/04/09

So far, no redirects, will let you know if anything changes. Thanks again.

Juliet · 2009/04/09

Lets get the quarantine folder off of there.

Click Start >> Run and then copy/paste the following into the box and hit Enter:

"%userprofile%\Desktop\GooredFix.exe" /uninstall

If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

I think you should be good to go now.

Log in or Sign up

Solved Google redirects in Mozilla

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

abooga313 Inactive Thread Starter

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

Share This Page

Log in or Sign up

Solved Google redirects in Mozilla

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

abooga313 Inactive Thread Starter

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

abooga313 Inactive Thread Starter

Juliet Well-Known Member

Share This Page

Useful Searches