Over 1 million tech questions and answers.

Repeat Attacks From \device\harddiskvolume1\program files\mozilla firefox\firefox.exe

Q: Repeat Attacks From \device\harddiskvolume1\program files\mozilla firefox\firefox.exe

Hi I have had repeated attacks. The websites, ports and IP addresses the attacks were coming from varied, but the one message I kept receiving wasTHE ATTACK WAS RESULTED FROM \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE. I'm pretty sure it's from a virus.Any help would be appreciatedNEED HELP'sigh' Hijack-thisLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:43 PM, on 4/19/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kyle\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIFE82~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe

--
End of file - 8409 bytes
And OTLOTL logfile created on: 4/19/2011 8:25:18 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kyle\Documents
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.21 Gb Total Space | 50.52 Gb Free Space | 27.13% Space Free | Partition Type: NTFS
Drive D: | 511.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.91 Gb Total Space | 11.67 Gb Free Space | 78.24% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found -- C:\Users\Kyle\My Documents\OTL.exe
PRC - [2011/04/19 11:03:17 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/03/18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/25 22:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/27 19:49:08 | 000,892,992 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - File not found -- C:\Users\Kyle\My Documents\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2011/04/19 11:03:17 | 002,146,496 | ---- | M] (Lavasoft Limited) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/31 19:57:41 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/01/07 11:10:58 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/26 19:51:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/27 19:49:08 | 000,892,992 | ---- | M] (Connectify) [Auto | Running] -- C:\Program Files\Connectify\Connectifyd.exe -- (Connectify)
SRV - [2010/07/08 08:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Stopped] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/04/01 02:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/01 02:22:01 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/31 22:09:11 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110417.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 22:09:11 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110417.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 13:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110415.003\IDSvix86.sys -- (IDSVix86)
DRV - [2011/02/25 16:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/01/19 14:18:06 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/12/16 11:18:28 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/15 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/15 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/01 14:44:16 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/12/01 14:44:12 | 000,143,248 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/12/01 14:44:12 | 000,111,504 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/12/01 14:44:12 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/12/01 14:44:12 | 000,031,888 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010/10/28 11:32:51 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/10/16 13:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/08/11 08:39:24 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfyMP)
DRV - [2010/08/11 08:39:24 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfy)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2010/01/12 06:19:20 | 000,081,920 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV - [2010/01/07 12:30:48 | 000,070,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NmSerial.sys -- (nmserial)
DRV - [2009/12/31 04:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/09/22 20:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/22 20:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/22 20:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:19:25 | 000,114,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV - [2009/03/02 17:00:46 | 000,095,592 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/06/16 11:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\System32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005/08/03 00:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2003/06/04 09:37:00 | 000,077,463 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\el90Xbc5.SYS -- (EL90Xbc)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 FC D8 C3 10 F9 CB 01 [binary data]
IE - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/12/18 19:19:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/12/16 11:19:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/17 18:31:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/19 18:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 18:11:50 | 000,000,000 | ---D | M]

[2010/12/05 19:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2011/04/19 18:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\a0bjmhrx.default\extensions
[2011/03/27 18:46:34 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\a0bjmhrx.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/04/13 06:57:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\a0bjmhrx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/27 18:46:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\a0bjmhrx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/04/13 06:57:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\a0bjmhrx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/08 11:17:14 | 000,000,000 | ---D | M] (Glasser) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\a0bjmhrx.default\extensions\[email protected]
[2011/03/27 18:46:38 | 000,000,000 | ---D | M] (Personas Expression) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\a0bjmhrx.default\extensions\[email protected]
[2011/03/27 18:46:36 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\a0bjmhrx.default\extensions\[email protected]
[2011/04/19 18:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/03 18:41:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/01 17:43:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/12/18 19:19:40 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\S-1-5-21-1697543012-1633068387-407567442-1001..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1697543012-1633068387-407567442-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1697543012-1633068387-407567442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.177.160.35 216.177.160.36 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 00:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/04/12 12:42:49 | 000,000,165 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{67dc80f4-e2af-11df-b5e7-00e04d9a6be7}\Shell - "" = AutoRun
O33 - MountPoints2\{67dc80f4-e2af-11df-b5e7-00e04d9a6be7}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{d0402557-ebb6-11df-b09b-00e04d9a6be7}\Shell - "" = AutoRun
O33 - MountPoints2\{d0402557-ebb6-11df-b09b-00e04d9a6be7}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009/07/13 21:17:29 | 000,111,880 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ef52c97b-e15d-11df-9fd1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef52c97b-e15d-11df-9fd1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2002/08/28 22:41:20 | 001,310,720 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/04/19 20:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Logs
[2011/04/19 20:04:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Documents\OTL.exe
[2011/04/19 19:57:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kyle\Documents\HijackThis.exe
[2011/04/19 18:08:39 | 012,580,112 | ---- | C] (Mozilla) -- C:\Users\Kyle\Documents\Firefox Setup 4.0.exe
[2011/04/18 18:50:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\Novicorp WinToFlash 0.7.0009 beta
[2011/04/18 18:01:30 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011/04/18 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\New folder (5)
[2011/04/18 17:27:22 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\backup
[2011/04/16 19:19:37 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/04/16 19:19:33 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/04/16 19:19:13 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Sunbelt Software
[2011/04/16 19:08:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2011/04/16 19:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/04/16 19:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/04/16 19:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/12 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\New folder (4)
[2011/04/12 18:21:49 | 000,000,000 | ---D | C] -- C:\New folder
[2011/04/12 07:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTop Software
[2011/04/12 07:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\MTop Software
[2011/04/07 07:15:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\proxy
[2011/04/06 18:49:10 | 000,000,000 | --SD | C] -- C:\Users\Kyle\Documents\My Web Sites
[2011/04/06 18:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2011/04/06 18:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2011/04/01 17:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/01 17:43:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/01 17:43:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/01 17:43:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/31 22:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Self-Extractor
[2011/03/31 22:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipSE
[2011/03/31 22:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Self-Extractor
[2010/11/10 16:20:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Kyle\AppData\Roaming\pcouffin.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/04/19 20:18:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 20:04:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Documents\OTL.exe
[2011/04/19 20:03:53 | 000,133,632 | ---- | M] () -- C:\Users\Kyle\Documents\RKUnhookerLE.EXE
[2011/04/19 19:58:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697543012-1633068387-407567442-1001UA.job
[2011/04/19 19:57:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kyle\Documents\HijackThis.exe
[2011/04/19 19:35:33 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 18:19:56 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 18:19:56 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 18:19:08 | 000,001,994 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/19 18:13:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/19 18:13:53 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 18:12:06 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/19 18:11:00 | 012,580,112 | ---- | M] (Mozilla) -- C:\Users\Kyle\Documents\Firefox Setup 4.0.exe
[2011/04/19 18:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/04/19 17:58:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697543012-1633068387-407567442-1001Core.job
[2011/04/18 18:11:42 | 410,045,559 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/18 18:01:31 | 000,002,496 | ---- | M] () -- C:\Users\Kyle\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011/04/18 17:38:14 | 000,710,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/18 17:38:14 | 000,139,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/16 19:45:54 | 000,001,124 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/16 19:45:54 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/04/16 19:19:32 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/04/13 18:16:11 | 035,671,040 | ---- | M] () -- C:\Users\Kyle\Documents\4.vhd
[2011/04/13 18:09:11 | 000,014,336 | ---- | M] () -- C:\Users\Kyle\Documents\Disk.vhd
[2011/04/13 17:38:39 | 000,000,085 | ---- | M] () -- C:\Windows\StarPort.INI
[2011/04/12 07:34:36 | 000,001,121 | ---- | M] () -- C:\Users\Kyle\Desktop\HTML Password Lock.lnk
[2011/04/11 20:45:21 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/04/09 13:34:19 | 000,009,010 | ---- | M] () -- C:\Users\Kyle\Desktop\request.php
[2011/04/07 07:09:03 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/07 02:59:03 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/04/06 18:21:25 | 000,000,937 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\?Torrent.lnk
[2011/04/06 18:21:25 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\?Torrent.lnk
[2011/04/01 02:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/27 18:42:32 | 000,002,391 | ---- | M] () -- C:\Users\Kyle\Desktop\Google Chrome.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/04/19 20:03:52 | 000,133,632 | ---- | C] () -- C:\Users\Kyle\Documents\RKUnhookerLE.EXE
[2011/04/19 18:12:00 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/18 18:01:31 | 000,002,496 | ---- | C] () -- C:\Users\Kyle\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011/04/17 00:57:14 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/04/16 19:08:15 | 000,001,124 | ---- | C] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/16 19:08:14 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/04/13 18:12:12 | 035,671,040 | ---- | C] () -- C:\Users\Kyle\Documents\4.vhd
[2011/04/13 18:09:09 | 000,014,336 | ---- | C] () -- C:\Users\Kyle\Documents\Disk.vhd
[2011/04/12 07:34:35 | 000,001,121 | ---- | C] () -- C:\Users\Kyle\Desktop\HTML Password Lock.lnk
[2011/03/10 23:15:11 | 000,004,608 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 11:31:18 | 000,000,017 | ---- | C] () -- C:\Users\Kyle\AppData\Local\resmon.resmoncfg
[2011/01/19 13:50:23 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/20 16:33:53 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2010/12/17 18:19:17 | 000,210,695 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010/12/17 18:19:17 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010/11/29 17:19:22 | 000,000,600 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\winscp.rnd
[2010/11/27 13:31:21 | 000,000,000 | ---- | C] () -- C:\Windows\SUF80Design.INI
[2010/11/10 16:21:17 | 000,001,041 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\vso_ts_preview.xml
[2010/11/10 16:20:06 | 000,087,608 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\inst.exe
[2010/11/10 16:20:06 | 000,007,887 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\pcouffin.cat
[2010/11/10 16:20:06 | 000,001,144 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\pcouffin.inf
[2010/11/09 23:23:19 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/11/01 10:22:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/28 21:23:15 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/10/28 11:40:49 | 000,000,085 | ---- | C] () -- C:\Windows\StarPort.INI
[2010/04/02 18:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,788,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,710,784 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,139,576 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/07/26 15:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6866BFC2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
And OTL Extras OTL Extras logfile created on: 4/19/2011 8:25:19 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kyle\Documents
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.21 Gb Total Space | 50.52 Gb Free Space | 27.13% Space Free | Partition Type: NTFS
Drive D: | 511.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.91 Gb Total Space | 11.67 Gb Free Space | 78.24% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1697543012-1633068387-407567442-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993}" = Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SOSHOME309)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31492759-0E89-46B5-9770-F6E5808E3017}" = xImage
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3F60AFEB-B35F-44DD-B6DB-9ECF2F80E41E}" = T Utility Over Clock III
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7770C8-96C7-4705-9A3C-749C37B6E485}" = Switched-On Schoolhouse 2010 - Home Edition Database
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54752A1E-A479-4C19-87D6-5C8EA61CB14F}" = Switched-On Schoolhouse 2010 - Home Edition
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.9
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BC886B8-10EC-465F-8E1E-BE1A3359DCB6}" = Switched-On Schoolhouse 2010 - Home Edition Tutorials
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.100
"{801C2CA5-AE8E-4305-9273-6475795AFF1A}" = gSyncit
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B

RELEVANCY SCORE 200
Preferred Solution: Repeat Attacks From \device\harddiskvolume1\program files\mozilla firefox\firefox.exe

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Repeat Attacks From \device\harddiskvolume1\program files\mozilla firefox\firefox.exe

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

Read other 3 answers
RELEVANCY SCORE 229.6

Today being a bit cautious I did a few general Google Searches and it seems the constant attack warnings had stopped. But then I tried to enter one of my normal sites and it seemed the virus/trogen or whatever it is tried to re-direct me to a Fake App. Again the website and IP address was different than before but once again I recieved this warning

THE ATTACK WAS RESULTED FROM \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE

So now being something at a loss I would very much appreciate any help you guys at Bleeping Computer can offer. I have followed the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help and have pasted the DDS log below plus I have attached the DDS, GMER files and a copy of today's Norton Attack Report.

if I have missed anything out please let me know.

Thanks,
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Head Quartrers at 17:37:04 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.639.96 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Venturi\Client\ventc.exe
C:&... Read more

A:Repeat Attacks From \device\harddiskvolume1\program files\mozilla firefox\firefox.exe

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 3 answers
RELEVANCY SCORE 229.6

Hello, Last night I started receiving repeated attack warnings from my Norton Antivirus. The websites and IP addresses the attacks were coming from varied, but the one message I kept receiving wasTHE ATTACK WAS RESULTED FROM \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXETo get rid of the repeat warnings I ran my Norton Antivirus then downloaded and ran TDSSKILLER,SUPERAntiSpyware Free Edition and Malwarebytes Free Edition. All the programs found and removed suspicious programs.Today being a bit cautious I did a few general Google Searches and it seems the constant attack warnings had stopped. But then I tried to enter one of my normal sites and it seemed the virus/trogen or whatever it is tried to re-direct me to a Fake App. Again the website and IP address was different than before but once again I recieved this warningTHE ATTACK WAS RESULTED FROM \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXESo now being something at a loss I would very much appreciate any help you guys at Bleeping Computer can offer. I have followed the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help and have pasted the DDS log below plus I have attached the DDS, GMER files and a copy of today's Norton Attack Report.if I have missed anything out please let me know.Thanks,jdpex.DDS (Ver_11-03-05.01) - NTFSx86 Run by John O'Shea at 12:46:38.90 on 13/04/2011Internet Explorer: 8.0.6001.... Read more

A:Repeat Attacks From \device\harddiskvolume1\program files\mozilla firefox\firefox.exe

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 18 answers
RELEVANCY SCORE 198.8

I know other users have had issues with this but I didn't know if I could follow the solutions for their problem or not.

(Not sure what information is helpful so I'll start and the top and be brief)
For my job I am required to sometimes go to 'suspect websites' and normally Norton will catch anything before it even has a chance to download. Sadly, two weeks ago I did download a file called Trojan.Gen (or at least that is what Norton called it). Almost immediately Norton caught and removed all threats but I knew I wasn't going to get off that easy.

For a few days everything seemed fine but shortly after I started seeing attack messages from Norton from \device\harddiskvolume1\program files\mozilla firefox\firefox.exe, the IP and web address changes.

I couldn't tell if it was doing anything to my computer and have since been trying to remove it with no luck with Norton. Now, my web pages are being redirected to either a fake search page or a Pay Per Click page, if I click a link in Google.

Norton and Malwarebytes' Anti-Malware Free are telling me that they are not detecting anything.

I did read the preparation guide, so I hope I have all the information that is needed.

I want to thank you in advance for any help that I can get and I understand that this is a process. I appreciate your time!
-Eve



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 0:05:56.00 on Fri 04/29/2011
Internet Explorer: 6.0.2900.551... Read more

A:Attacks From \device\harddiskvolume1\program files\mozilla firefox\firefox.exe

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 12 answers
RELEVANCY SCORE 130.8

Hi there, I just copy and pasted the thread title from another thread in which there appeared to be identicle circumstances to mine, so i'm hoping this forum can help. Norton is registering and blocking attacks every couple of minutes coming from various places, though thynksn0taeg.com crops up a bit. This seemed to start when I started using the PHProxy addon for Firefox. Last night it was throwing up SVCHOST.EXE instead of the Firefox.exe in the message about blocked attacks. Spybot S&D and Norton 360 have removed various things but the attacks are still coming, what can I do to stop this? What details do I need to provide for help with this?
Thanks in advance.

A:Issue with constant attacks coming from \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 130.8

Hi, My computer has been under constant attack (i.e. every two minutes). Norton tells me that it is coming from \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE In addition, it describes the source as usually coming from 91.212.226.179, the attack URL generally being zl00zxcv1.com. However, I've been receiving apparently different trojan attacks across the board. This morning, I noticed for the first time a piece of spyware called Antimalware Doctor, which I could not remove through Norton or Malwarebytes. I eventually manually deleted the source files that RKill found, those being in my application data under temporary files. However, I continue to experience the attacks constantly. I am also suffering from google redirect searches, in which my searches are diverted to a variety of shady sites. Finally, whenever I boot my computer, I get the RUNDLL error "Error loading C:\WINDOWS\usanufeworitulus.dll The specified module could not be found" These symptoms seem very unusual to me. Please let me know what other specifics I can provide. Thank you so much for helping me!DDS (Ver_10-03-17.01) - NTFSx86 Run by Robert at 22:15:35.85 on Wed 07/07/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.234 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW... Read more

A:Issue with constant attacks coming from \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 6 answers
RELEVANCY SCORE 96.4

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

A:the attack was result from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORER.EXE

Hello 48 Hour bumpIt has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!Gringo

Read other 25 answers
RELEVANCY SCORE 94.4

Mozilla has released a test build of Firefox that adds new technology designed to stymie most Web-based attacks, the browser maker said Sunday.
The technology, dubbed "Content Security Policy" (CSP), is a Mozilla-initiated specification targeted at Web site and application developers, who will be able to define which content on the site or in the online application is legitimate. That would block any script or malicious code that's been added by hackers who manage to compromise the site or app. Such attacks are generally tagged with the label of cross-site scripting (XSS).



More -
New Firefox security technology blocks Web attacks, Mozilla claims - Network World

Read other answers
RELEVANCY SCORE 94

I have 4 browsers on my computer: Internet Explorer 8, Google Chrome, Mozilla Firefox, and Opera. I am trying to listen to some MP3 files on a website, and all of the browsers, except for IE 8, told me to download the Realplayer Plugin. So I did, and when I tried to listen to the MP3 file, Realplayer will automatically enable this "Autoupdate Helper" thing and check for updates. So I let it check for updates, but then it'll say "There are no updates..." and just stop there. The file won't play! I click play again, and the same thing happens.

Internet Explorer is the only browser smart enough to open the MP3 files on the web page using Quicktime (the website actually tells you to use Quicktime to open the files) but it doesn't load the Youtube videos that are embedded on the site. There's a X on the top left corner of the section where the video is suppose to be.

Now I'm stuck! I want to view all the contents on one page with one browser! But none of the browsers will actually work properly!

So the main problem is:

1. The MP3 files won't load in Chrome, Firefox, and Opera using Quicktime.

Chrome is the only browser I use frequently, and the others are basically backup. IS THERE ANY SOLUTION TO THIS!?!?!?

Thanks everyone!
 

A:Firefox, Google Chrome, and Mozilla Firefox won't play MP3 files on websites

Read other 7 answers
RELEVANCY SCORE 82.8

Hey guys i don't know what is happening to my computer but all my programs have got a little mozilla firefox on it and when i open my msn messenager for example it takes me to firefox and a box comes up telling to download msnmsgr.exe and when i do the same thing comes up and this is for all m programs can you help me pleaseee!!!!
 

A:I program i try to open takes me to mozilla firefox !!!

Click on the "lnk" in the file association fixes box to download the "lnkfix_vista.zip" file. Follow the rest of the usage instructions at the site for how to use it. This will fix the shortcut associations for you.

File Association Fixes
 

Read other 2 answers
RELEVANCY SCORE 82

FormSpy (aka FireSpy) is a new spyware program designed to integrate into the Mozilla browser environment. It is being spread by spam email spoofed to appear as a billing issue from Walwart. It was launched on July 24th. The attachment contains a downloader malware agent that can install FormSpy as a Firefox plugin. Users should avoid spam email and attachments, plus keep AV protection updated. This new threat is not prevelant in the wild.FormSpy - Spyware program hooks into Mozilla Firefoxhttp://www.avertlabs.com/research/blog/?p=62http://vil.nai.com/vil/content/v_140256.htmUpon execution, it registers Mozilla event listeners to the malware and sends information submitted by the victim in the web browser to a malicious website. These information can include, but is not limited to, credit card numbers, passwords, e-banking pin numbers etc. The main executable is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 trafficFireSpy - Sophos Writeuphttp://www.sophos.com/security/analyses/trojfirespya.htmlTroj/FireSpy-A will then attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms

Read other answers
RELEVANCY SCORE 80.8

So yeah on my pretty brand new HP computer, my mozilla is all of a sudden getting this error. I think it usually happens when I'm visiting websites where I can shop online. Anyways, its Program C:\Program Files (x86)\Mozillafirefox\fierfox.exe.
Abnormal program termination. Anyone know what's wrong and how it can be fixed?
 

A:Mozilla Firefox getting runtime error, abnormal program termination!

Have you tried uninstalling and reinstalling, or checking for FF updates?
 

Read other 1 answers
RELEVANCY SCORE 80

Firefox has been freezing up on me, and when I close it down, I get a bluescreen error. It also happens a lot of the time when I close Firefox down normally. This was happening before I updated to the latest version of FF. I am running Windows XP, and have recently started using ZoneAlarm and Avast on my system.

A:Firefox closes = bluescreen error? (Moved for the mozilla/Firefox Forum)

Hi,

Can you give us the error in full that you are getting. Also, I would check and make sure that ZoneAlarm and Avast are allowing FF to connect to the internet.

Cheers!

Read other 8 answers
RELEVANCY SCORE 79.6

Hello forum

After recently buying a new custom PC, I've yet to find big flaws in the system.
Yet now I found one that is pretty annoying!

I'm not able to download any files (while using Firefox). After a download is ready in the 'download'-tab, it's not openable. The 'open' and 'open file location' buttons are greyed out. So I can't find the file I download nor open it.
This is proving to be a severe problem, since I'd like to install certain programs and download addons for WoW.

Already tried using Internet Explorer, yet when downloading anything it gives me the message: 'Your current security settings do not allow you to download this file' ( or something along these lines ).

Any idea's? I'd like to reinstall Firefox to see if that helps, but I got no current browers who is capable of downloading the files needed!

system:
Windows 7 Home Premium 64 bit

Cheers in advance!

A:Mozilla Firefox, problems with downloading files.

Hello Broxxar, I may be stating the obvious to you but do you have your 'Options' set correctly in Firefox?
I've attached a graphic of the 'Option's in the 'General Tab' and you should nominate where to save your downloaded files to. In Windows 7 it defaults to 'Downloads', however you can 'browse' to a different location that you may prefer. You will also see that you can 'tick' the box to 'Show the Downloads Window when downloading a file should you wish. I don't and a pop-up appears on your Taskbar to show download completed. I only hope this helps.
Regards.

Read other 2 answers
RELEVANCY SCORE 79.6

my wife is big into saving images she finds in the temp inter net files but we cannot find files for mozilla.
if you could help, my wife would appreciate it!

A:temp internet files for mozilla/firefox

It's called the cache in Firefox:-

Documents & Settings/*Your User Name*/Local Settings/Application Data/Mozilla/Firefox/Profiles/*Your Profile Name*/Cache

Read other 3 answers
RELEVANCY SCORE 79.2

Currently I have used Mozilla firefox 3.0 the latest version of firefox. In this version when I have open multiple site on the tab I have find the FIREFOX.exe below error and that time firefox is closing.

Refer the error message
Firefox.exe
Firefox.exe has encountered a problem and need to close. We are sorry for the inconvenience.
So, Plz tell me how to solve this problem
 

A:Error of firefox.exe on Mozilla Firefox 3.0 closing immediately

Have you tried: Standard diagnostic - Firefox?
 

Read other 1 answers
RELEVANCY SCORE 79.2

I don't know if my problem is Firefox or WordPress but I thought I'd try here first.
I use WordPress to publish articles and usually copy and paste from the finished article in the Articles forum to WordPress but since I reinstalled Win 7 this no longer works as paste is no longer an option when I right click in WordPress, or at least in the particular part that I need it to. I can, however, do it in Internet Explorer, but images aren't copied over, which they used to be. I've tried all the usual things like clearing the cache, but nothing has worked. Any suggestions would be much appreciated.

A:Is this Win 7 or Firefox at fault? Moved from Mozilla/Firefox browsers

Hi,
I am using Win-7 too but I haven't used IE. So my suggestion is to, try another browser for the same purpose and then see the effects (I feel firefox is well suited for the purpose). If you are getting same problems then, you are missing with some features of Win-7 otherwise, it is the website issue.

Read other 2 answers
RELEVANCY SCORE 77.6

Hi Guys

I am new to this forum and have limited knowledge of computers.
I was using Firefox version 2 and was very happy until I was requested to download version 3. Now I seem to have endless crashes and keep getting told Firefox has a problem & needs to close. Up to 5 x a day.

This is very frustrating.
This happens with avg, facebook ,all internet functions.

I have spybot running and avg and says there are no problems.

We had a power failure earlier yesterday and when I switched back on Microsoft suggested I check the C drive as there was a problem -but that seems to have sorted itself out.-probably due to not closing down properly.

So can you help me with detailed instructions on how to fix forefox or totally remove it and install from the beginning or is there major problems with that version 3 .1 ?

Thanks
Carol

A:Mozilla Firefox 3 crashes/Firefox has problem

http://kb.mozillazine.org/Standard_diagnostic_(Firefox)

Read other 3 answers
RELEVANCY SCORE 72.8

Hello everyone, I use various web browsers (Firefox, IE, Opera) with Windows (XP professional) at work and use Spybot search and destroy. It is only when I use Firefox and the RSS reader extension, ?newsfox? that Spybot picks up certain bots like websearch, tradedoubler.com and hits etc. is this a factor of newsfox or an actual RSS feed? I've used much the same RSS feed list on opera and there are no bugs picked up. I suspect its an RSS but I?m not sure. Any ideas on how to stop this?

Read other answers
RELEVANCY SCORE 72.8

Hello,

My Mozilla firefox will not open. Each time I try to open it from my desktop, start menu, or program file the same message pops up "Another program is currently using this file." I uninstalled and reinstalled Mozilla and the same message is still appearing. I ran a nod32 scan and it didn't find anything. I'm not sure what to do/how harmful this could be to my computer. I don't know what the first step is to tackling this problem. Any help is greatly appreciated! Thank you.
 

Read other answers
RELEVANCY SCORE 71.6

I have been searching the forums for days looking for answers. On startup, Windows XP pops up a not connected to the internet window. Then Ultimate Cleaner ads pop up, Now it is opening IE and Firefox windows at random with ads...Here's my registry

(I have tried smitfraud, combofix, fixwareout, spyware doctor...)

Here's my registry log from HijackThis..Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:30 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\DellSupport\brkrsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32... Read more

A:Malware, attacks IE and Firefox

Really wondering if anyone has any ideas for me...I can't even do anything on my computer now...The adware opens 100 windows each of IE and Mozilla.

Help
 

Read other 1 answers
RELEVANCY SCORE 70.8

Hello All,
Here's my problem. I've erased my profile from Mozilla Firefox. I HAVE NOT however erased the profile files.

I have since created a profile with a different name. I would like to import the old profile info (bookmarks inparticular) to my new "default" profile.

As well, what if I wanted to import info from another Mozilla Firefox profile?

Can this be done?

I've tried everything but I can't seem to figure it out.

If you do post please be advised that I am not all that familiar with Firefox.

Thank you all for your time.
 

A:Solved: Mozilla Firefox...Erased Profile but not files...trying to import to new profile

I move mine manually all the time. If you just want to add the bookmarks.html, just move the one you saved to the new profile. Here is the official instructions from Firefox on backup and restore of the Profile.
 

Read other 1 answers
RELEVANCY SCORE 70.4

My bookmarks are a huge mess. When I used IE, I would go to the folder on the drive to organize them. Now that I use Firefox, I can't do that. I would like to find a program that gives me ease of organizing and will export the bookmarks as individual files, instead of one.

I'm interested in this: http://bkm.sourceforge.net/en/vbbkm.html but it's old and dead I think. Also I don't think it worked with Firefox.

I'm not interested in online managers and I don't have a real need for portability. I just want to sort and burn the folder.

Thanks.
 

A:Program to organize Firefox bookmarks and export them as individual files?

Really? Nobody?
 

Read other 2 answers
RELEVANCY SCORE 69.2

Hi,

My computer keeps getting attack. My Norton anitvirus says that it is blocking the attack but I would like to remove what every it is that is trying to connect with. The attacks are happening like every 5-10 mins. I ran a full virus scan and a full malaware scan and it has come up with nothing. Here is what my Norton software is saying to me:

An intrusion attemp by 61.61.20.135 was blocked.

Applicationpath\DEVICE\HARDDISJVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE

Can someone please help me? Or should I do a clean install of windows?

Thanks,
Phillip

A:Repeat Attacks

Have you tried rebooting after the virus scan?

Read other 15 answers
RELEVANCY SCORE 68.4

CYBER SECURITY BOFFINS have uncovered a flaw in the way Firefox handles third-party browser extensions that could expose millions of users to sneaky malware.
Researchers from the Northeastern University in Boston discovered a flaw that allows hackers to stealthily execute malicious code hiding behind seemingly innocent extensions, such as NoScript and Firebug. They can then steal personal data or even seize control of a machine's resources.
The flaw stems from a weakness in Firefox’s extension structure, which doesn’t isolate various browser add-ons. This allows them to connect to the capabilities of other popular third-party extensions.   
Edit:
But Firefox users can breathe a little easier because it’s not clear whether the flaw has actually been used in any extensions, as the researchers demonstrated it only as a proof-of-concept. They have supplied the attack framework to Mozilla so that the company can firm up the way it handles security in reviewing extension approvals.

Article

A:Firefox extension flaw exposes millions to cyber attacks

Good find JohnC thanks for sharing!

Read other 4 answers
RELEVANCY SCORE 67.2

I would appreciate some help PLEASE!
AVG Resident Shield throws up this every time computer starts up.

Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"

"Virus found Worm/AutoRun";"\Device\HarddiskVolume1\AutoRun.inf";"Object is inaccessible.";"23/07/2010, 00:51:39";"file";"C:\WINDOWS\Explorer.EXE"
"Virus found Worm/AutoRun";"\Device\HarddiskVolume1\autorun.inf";"Object is inaccessible.";"23/07/2010, 00:51:39";"file";"C:\Program Files\Autorun Eater\billy.exe"

Malwarebytes does not detect anything even doing full scan BUT it did successfully remove worm on a removable HDD which caused the problem in the first place I believe.

I would love to be able to remove this forever as I have spent a long time trying to sort it and have also restored my laptop to factory settings thinking that would help but it didnt.

Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:48, on 23/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsv... Read more

A:device/harddiskvolume1/autorun.inf Worm

Read other 13 answers
RELEVANCY SCORE 67.2

I keep getting this same virus show up in my MSE "VirTool:INF/Autorun.gen!F". I have tried everything to get ride of it and it keeps coming back. There also seems to b a hidden trojan that comes with it that is almost impossible to find. I have downlaod every patch to stop auto runs but I still keep seeing this error. What can I do to stop this from happening again?

I was referred to this web-site from MS answers to try and make it easier to solve this problem. Here is the link that I have been using "http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/i-keep-getting-this/1a6db434-47d8-4e62-8099-0b5729bad7ab"

A:file:\Device\HarddiskVolume1\autorun.inf

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log
Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Post the log

Run a scan with Eset.
http://www.eset.com/us/online-scanner/
When the scan finish list found threats save to clipboard copy to notepad Post the log here.


Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go and post the result.

Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downl... Read more

Read other 4 answers
RELEVANCY SCORE 66.8

Hello,

Slow...my pc should by movin faster than I can think and it's not. Also I get many "port scan attack is logged" and "traffic from ip...is blocked" from sygate ALL the time. (and if I check the "do not show this again" box, it keeps on popping up??)
I know I've got some junk in here just not sure where or what. BTW I just switched over to firefox to surf.

I've followed all the reccomended steps before posting. The internet scans found 16 infections but only could get rid of one. I have the results saved if that would help. Well here is my hijackthis log. Hope you can help, thanks!



Logfile of HijackThis v1.99.1
Scan saved at 10:02:28 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WI... Read more

A:slow pc, repeat port scan attacks

bump.

Read other 10 answers
RELEVANCY SCORE 66

anyone having probs opening this browser? downloaded some extensions then nothing after restarting. os is xp & everything fine til then; tried opening in safe mode & nothing also. last resort uninstalled & then reinstalled firefox again & still won't open? thx...
 

A:mozilla firefox 0.9.2

Start, run, type "C:\Program Files\Mozilla Firefox\firefox.exe" -p , press enter, "Start Firefox".

If doesn't work, try creating another profile.
 

Read other 3 answers
RELEVANCY SCORE 66

Tis difficult to fall in like, let alone love, with Firefox for a browser because as of late, it won't load pages.

Example 1: eBay sites. Certain ones load immediately. Others, such as "View Seller's Other Items" won't load. The page loads and loads and loads and... never loads! Example 2: Pogo games. Just this week it won't load certain rooms.

In both above examples, it's not the web site because I can immediately access via IE.

Question: Is anybody else experiencing slow/non loads of sites?
 

A:Mozilla Firefox

Hi

Yeah you are right about pogo. I just tried chess with mozilla and it said the site is temperarily down. I tried right after that with IE and it came right up. I don't know about the ebay one though. Maybe someone else knows why. People on this site are always saying firefox is better. Maybe someone can explain why? I just like firefox because you can put bookmarked web pages below the address bar for easy access.
 

Read other 12 answers
RELEVANCY SCORE 66

How do I find 'Quick Launch' ?
 

A:Mozilla Firefox 0.9.2

Read other 12 answers
RELEVANCY SCORE 66

Whats the pros and cons of both, and stability is the most important for me

thanks
 

A:IE6 vs Mozilla Firefox

why don't you check them both out for yourself ? they run just fine alongside one another.

stability is not an issue I find.

On a small no of sites, maybe 5% only IE seems to render them properly, but the rest no problem.

The main issue is security - alternative browsers esp. firefox are known to be safer.

Also check out avant browser & k-meleon.

;-)
 

Read other 2 answers
RELEVANCY SCORE 66

I have heard that you are better off connecting to the internet via Mozilla Firefox because there doesn't appear to be as many viral etc problems with these browsers - it this right? Also the last time I downloaded Mozilla and tried to use it I had problems connecting - I'm on dial up and the company I use refused to help me because I was using a bowser other than explorer so I deleted it and kept using explorer. Any comments or suggestions would be greatly appreciated as I'm thinking about downloading and using Firefox.
 

A:Firefox Mozilla

Read other 16 answers
RELEVANCY SCORE 66

I keep getting this little message to update Firefox to 3.5.8. Has anybody done this yet and how well does it work?

A:Mozilla Firefox

I have updated, and there are no problems. Unlike some people who shall remain anonymous, the folks at Mozilla do not issued untested or otherwise problematic updates.Cheers,John

Read other 7 answers
RELEVANCY SCORE 66

I ask could I save my name in forums when I type it in and then go back to it with out retyping it again like it is in IE6 can I just click in the box like I do for IE6 and then the info just comes up like Auto complete in IE6 and dose it also go for Web address and search engines need it for for Mozilla Firefox 0.9.2 ?
 

A:Mozilla Firefox 0.9.2 ?

If it's what I'm thinking of, then you just need to type the first letter. I have a related question though, how do you remove a entry from the pull down you get when you type the first letter? In IE you could just highlight it and press delete, but that doesn't seem to work in Firefox.
 

Read other 1 answers
RELEVANCY SCORE 66

Hi,
I have IE and firefox on my laptop. IE allows me to scroll down the page using the side of the touchpad(automatic scroll strip), but firefox does not. Does anyone know a setting or tweak that will allow firefox to this?
Regular scrolling (pointing the mouse at the scroll button works though)

thanks
 

A:Mozilla firefox

I do not have Firefox but it may have a option in the preferences so look there.
 

Read other 3 answers
RELEVANCY SCORE 66

How do I find 'Quick Launch'? My OS is Windows XP Pro.
 

A:Mozilla Firefox 0.9.2

Read other 8 answers
RELEVANCY SCORE 66

Dear all ,

Whenever i open mozilla , unwanted adds and windows, advertisements will open .

Like some download links will be , when i click some other windows will open .

Is there any way to avoid them ,

pls let me know .

regards
riyaz.

A:regarding Mozilla firefox

That doesn't sound normal. It sounds like you have ad-ware, which is similar to a virus, on your computer. Download, install, update, and run MalwareBytes Anti-Malware (MBAM). If you do have ad-ware or other malware, MBAM should do a good job of finding it.

Read other 3 answers
RELEVANCY SCORE 66

I am using Windows XP. When I open Firefox from Juno Firefox goes into safe mode.It works fine,but I don't like it in safe mode. How do I get out of safe mode?
 

A:Mozilla Firefox

Do you have Firefox listed in your Programs menu? Does it have two entires, one for normal and one for Safe?

I'm not sure what you mean when you say you open if from Juno, nor have I ever used Juno.
 

Read other 2 answers
RELEVANCY SCORE 66

How come when I download google toolbar or yahoo toolbar they will not show up in my new Mozilla Firefox browser. It only shows up in the Internet Explorer browser. Any ideas anyone. I also do not understand why my Comast homepage (Comcast is my ISP) will not show any flash or graphics. I have downloaded the new versions of Macromedia. Any ideas anyone.
 

A:Mozilla Firefox

Read other 6 answers
RELEVANCY SCORE 66

i have recently formatted and nopw mozilla blocks all popups, even onesi want regardless to the settings i have set, (java open in new windows etc...)
i have reinstalled and still ntohing, i know its not zonealarm, any ideas???

Read other answers
RELEVANCY SCORE 66

hey, i just installed mozilla firefox...are there any extentions or plugins i should download?

A:Mozilla Firefox Help!!!!

Here is a reference site for extensions and themes for Firefox:

http://update.mozilla.org/?application=firefox

Read other 1 answers
RELEVANCY SCORE 66

What's your opinion on Mozilla Firefox compared to IE6?
 

A:Mozilla Firefox

Read other 16 answers
RELEVANCY SCORE 66

I'm a newbierunning windows xp home edition version 2002 service pack 3I use mozilla firefox to search, but lately it is extremely slow.In searching online...I've seen people suggesting going to about:config and changing false to true in a couple place (pipelining) and changing max request to a higher number 30....I've tried these (probably foolishly) and they haven't helped. When I search with IE, everything is speedy, but normally I have searched with MF, and I don't know the first thing about cookies, etc.. so I am totally at YOUR mercy. I would appreciate any help. I am so glad I finally found your forum, where I can get some reliable help, hopefully in words an idiot can comprehend.Again thanks for your help, and I apologize for my ignorance, in advance.ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Mozilla firefox

Hello and welcome to BC forums.What is the Firefox version? When in Firefox, from menu, select Help then About.Tell me what version number it shows. The current version is 3.5.2See the following article about clearing cache & temporary files:Clearing cache (temp files) & private datahttp://support.mozilla.com/en-US/kb/Clearing+private+dataCookies are handy in conjunction with remembering some things, for example your favorite sites login & help a bit with making the next login easier. However, cookies are also used for ad-related things from advertisers. Cookies are not harmful. See this article http://www.ufaq.org/navcom/lyncookie.htmlWhile it is a bit dated and refers to Netscape, take that to mean any internet browser.The following will clear all temp files as well as cookies (if you do the Select All or checkmark the Cookies line.Next, Take out the trash (temporary files & temporary internet files) Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.This will take care of both Internet Explorer and FireFox and Opera (if you have it).Close/exit Firefox and also Internet Explorer, then ....Start ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser, do this also:Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved pa... Read more

Read other 5 answers
RELEVANCY SCORE 66

i installed mozilla firefox (a browser, pretty good) on my computer since internet explorer wasnt working at all...(thanks to flrman1 who got it back to work)
but now.....since it's not in my install/remove list...i dont know how to unistall firefox....do i just search windows for firefox files and delete them manually or is there a way to unistall it.....there is no unistall icons either in mozilla firefox's folder ...
 

A:Mozilla firefox ?

Read other 16 answers
RELEVANCY SCORE 66

What's your opinion on Mozilla Firefox compared to IE6?
 

A:Mozilla Firefox

Read other 16 answers