Jump to content

Browser opens random pages


Recommended Posts

Windows XP

Running AVG AntiVirus

My first problem was AV Security Suite appearing - realised it was fake and killed it. Nonetheless Firefox and opera keep opening random tabs - some are genuine pages like request to sign up for myspace, others are blank ie http://199.80.55.80/go.php. Sometimes Firefox wont go to home page (google), instead goes to a site recently visited instead rather than google. Chrome wont work at all. I've also had Firefox and Opera using 99% of cpu. I've had random virus warnings - I assume fake - although Spybot has found Fraud.sysguard and virtumonde at different times. MBAM and Spybot return clean results, but next day or so will show a problem . Random pages still opening in browser. Tried to run GMER but system crashes.

Got following message on one of the crashes at the blue screen

DRIVER_IRQL_NOT_LESS_OR_EQUAL

STOP : 0x000000D1 (0x6A1D0CAD, 0x0000001C,0x00000000,0x886CC000)

Can you help please?

Thanks

DDS (Ver_10-03-17.01) - NTFSx86

Run by Stewart at 23:13:59.92 on Sun 18/07/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.469 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe

C:\Program Files\Portrait Displays\Pivot Software\floater.exe

C:\Documents and Settings\Stewart\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\System32\svchost.exe -k getPlusHelper

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Stewart\Desktop\dds.scr

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/

uDefault_Page_URL = hxxp://www.iprimus.com.au

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=127.0.0.1:5577

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

BHO: {c451c08a-ec37-45df-aaad-18b51ab5e837} - PDFCreator Toolbar Helper

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} -

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [Google Update] "c:\documents and settings\stewart\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"

mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek usb wireless lan driver and utility\RtWLan.exe

IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html

IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: intersystems.com\elearning

Trusted Zone: mater.org.au\access1

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://elearning.intersystems.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab

DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - hxxps://www.plaxo.com/down/latest/PlaxoInstall.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://access1.mater.org.au/dana-cached/setup/JuniperSetupSP1.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stewart\applic~1\mozilla\firefox\profiles\frv2ezw9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.ftp - proxy.iprimus.com.au

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - proxy.iprimus.com.au

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - proxy.iprimus.com.au

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - proxy.iprimus.com.au

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - proxy.iprimus.com.au

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\stewart\application data\mozilla\firefox\profiles\frv2ezw9.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\stewart\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\stewart\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll

FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\picasa2\npPicasa2.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {31695C71-A6DA-47EC-85E5-03CEF02D5B32} - c:\documents and settings\stewart\local settings\application data\{31695C71-A6DA-47EC-85E5-03CEF02D5B32}

FF - HiddenExtension: XULRunner: {31FF31E1-4DC6-44EA-A23E-5EB75073CE49} - c:\documents and settings\lise\local settings\application data\{31ff31e1-4dc6-44ea-a23e-5eb75073ce49}\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-24 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-19 29584]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-24 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-6-17 38144]

R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2010-6-3 109168]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-6-17 235648]

R3 WSUSBDMAN;VMware VDM Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [2008-11-5 21504]

S2 gupdate1c988177519f7d2;Google Update Service (gupdate1c988177519f7d2);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-8-9 16512]

S3 MasterIO;Master USB Driver (MasterIO.sys);c:\windows\system32\drivers\MasterIO.sys [2008-5-14 20641]

S4 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2008-11-5 147456]

=============== Created Last 30 ================

2010-07-18 13:04:57 0 ----a-w- c:\documents and settings\stewart\defogger_reenable

2010-07-18 10:08:09 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-07-18 09:17:22 0 d-----r- c:\program files\Skype

2010-07-16 22:07:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-16 13:47:00 0 d-----w- c:\program files\iPod

2010-07-16 13:46:52 0 d-----w- c:\program files\iTunes

2010-07-16 13:43:30 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-07-16 13:43:30 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-07-16 13:42:41 0 d-----w- c:\program files\Bonjour

2010-07-12 21:08:12 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-07-10 12:45:30 0 d-----w- c:\program files\Trend Micro

2010-07-09 12:34:14 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-07-09 12:34:09 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-07-09 12:34:08 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-07-09 12:34:03 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-07-09 12:33:59 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-07-09 12:33:48 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2010-07-09 12:33:41 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-07-09 12:33:38 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-07-09 12:33:27 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-07-09 12:33:24 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-07-09 12:32:58 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-07-09 12:32:50 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-07-09 12:32:46 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-07-09 12:32:27 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys

2010-07-09 12:32:20 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-07-09 12:32:15 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-07-09 12:32:14 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-07-09 12:32:13 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-07-09 12:32:07 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys

2010-07-09 12:32:06 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2010-07-09 12:32:05 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

2010-07-09 12:32:01 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys

2010-07-09 12:30:57 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys

2010-07-09 12:29:57 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll

2010-07-09 12:28:58 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll

2010-07-09 12:27:58 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll

2010-07-09 12:27:51 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll

2010-07-09 12:27:47 103936 ----a-w- c:\windows\system32\dllcache\sx.sys

2010-07-09 12:27:43 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys

2010-07-09 12:27:39 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll

2010-07-09 12:27:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll

2010-07-09 12:27:32 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll

2010-07-09 12:27:28 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll

2010-07-09 12:27:22 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-07-09 12:27:19 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-07-09 12:27:15 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys

2010-07-09 12:27:11 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys

2010-07-09 12:27:03 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-07-09 12:25:58 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2010-07-09 12:24:56 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys

2010-07-09 12:24:55 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys

2010-07-09 12:24:51 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll

2010-07-09 12:24:47 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys

2010-07-09 12:24:43 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll

2010-07-09 12:24:39 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys

2010-07-09 12:24:35 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll

2010-07-09 12:24:32 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys

2010-07-09 12:24:31 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll

2010-07-09 12:24:04 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys

2010-07-09 12:24:01 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys

2010-07-09 12:22:57 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll

2010-07-09 12:22:45 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys

2010-07-09 12:22:42 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll

2010-07-09 12:22:38 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys

2010-07-09 12:20:57 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys

2010-07-09 12:20:53 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys

2010-07-09 12:20:46 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2010-07-09 12:20:41 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys

2010-07-09 12:20:36 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys

2010-07-09 12:20:29 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys

2010-07-09 12:20:21 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll

2010-07-09 12:20:16 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe

2010-07-09 12:20:15 14848 ----a-w- c:\windows\system32\dllcache\register.exe

2010-07-09 12:19:48 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys

2010-07-09 12:19:34 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-07-09 12:19:30 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2010-07-09 12:19:26 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll

2010-07-09 12:19:21 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys

2010-07-09 12:19:20 16384 ----a-w- c:\windows\system32\dllcache\quser.exe

2010-07-09 12:19:19 9728 ----a-w- c:\windows\system32\dllcache\query.exe

2010-07-09 12:19:07 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys

2010-07-09 12:17:56 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys

2010-07-09 12:16:57 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll

2010-07-09 12:15:44 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys

2010-07-09 12:15:24 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2010-07-09 12:15:20 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll

2010-07-09 12:15:07 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys

2010-07-09 12:15:06 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2010-07-09 12:15:02 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys

2010-07-09 12:13:59 13664 ----a-w- c:\windows\system32\dllcache\n9i128.sys

2010-07-09 12:13:56 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll

2010-07-09 12:13:53 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys

2010-07-09 12:13:49 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys

2010-07-09 12:13:46 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys

2010-07-09 12:13:42 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll

2010-07-09 12:13:39 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys

2010-07-09 12:13:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll

2010-07-09 12:13:33 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys

2010-07-09 12:13:27 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys

2010-07-09 12:12:24 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2010-07-09 12:12:11 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-07-09 12:11:53 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-07-09 12:11:47 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2010-07-09 12:11:09 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys

2010-07-09 12:11:05 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys

2010-07-09 12:11:05 56832 ----a-w- c:\windows\system32\dllcache\msdvbnp.ax

2010-07-09 12:11:04 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys

2010-07-09 12:10:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2010-07-09 12:10:36 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys

2010-07-09 12:10:26 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys

2010-07-09 12:10:23 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe

2010-07-09 12:10:19 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys

2010-07-09 12:10:16 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll

2010-07-09 12:10:15 92416 ----a-w- c:\windows\system32\dllcache\mga.sys

2010-07-09 12:10:14 92032 ----a-w- c:\windows\system32\dllcache\mga.dll

2010-07-09 12:10:13 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys

2010-07-09 12:10:10 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll

2010-07-09 12:10:07 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys

2010-07-09 12:10:03 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys

2010-07-09 12:08:59 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-07-09 12:08:55 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys

2010-07-09 12:08:52 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys

2010-07-09 12:08:47 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll

2010-07-09 12:08:42 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll

2010-07-09 12:08:41 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll

2010-07-09 12:08:39 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll

2010-07-09 12:08:06 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll

2010-07-09 12:08:00 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys

2010-07-09 12:07:57 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys

2010-07-09 12:07:55 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-07-09 12:07:53 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys

2010-07-09 12:07:52 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-07-09 12:07:51 88192 ----a-w- c:\windows\system32\dllcache\irda.sys

2010-07-09 12:07:40 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys

2010-07-09 12:07:37 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll

2010-07-09 12:07:34 38784 ----a-w- c:\windows\system32\dllcache\io8.sys

2010-07-09 12:07:29 13056 ----a-w- c:\windows\system32\dllcache\inport.sys

2010-07-09 12:05:57 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys

2010-07-09 12:05:54 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll

2010-07-09 12:05:19 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2010-07-09 12:05:17 50751 ----a-w- c:\windows\system32\dllcache\hsf_tone.sys

2010-07-09 12:05:14 73279 ----a-w- c:\windows\system32\dllcache\hsf_spkp.sys

2010-07-09 12:05:11 44863 ----a-w- c:\windows\system32\dllcache\hsf_soar.sys

2010-07-09 12:05:08 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys

2010-07-09 12:05:06 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys

2010-07-09 12:05:03 391199 ----a-w- c:\windows\system32\dllcache\hsf_k56k.sys

2010-07-09 12:05:00 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll

2010-07-09 12:03:56 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys

2010-07-09 12:02:58 444416 ----a-w- c:\windows\system32\dllcache\fpcibase.sys

2010-07-09 12:01:58 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys

2010-07-09 12:00:59 44103 ----a-w- c:\windows\system32\dllcache\el515.sys

2010-07-09 11:59:59 31305 ----a-w- c:\windows\system32\dllcache\disrvpp.dll

2010-07-09 11:58:59 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys

2010-07-09 11:57:57 20736 ----a-w- c:\windows\system32\dllcache\cmbp0wdm.sys

2010-07-09 11:56:59 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll

2010-07-09 11:55:59 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll

2010-07-09 11:54:59 17152 ----a-w- c:\windows\system32\dllcache\atitunep.sys

2010-07-09 11:53:50 24576 ----a-w- c:\windows\system32\dllcache\agcgauge.ax

2010-07-09 11:51:31 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-07-08 12:23:41 0 d-----w- C:\waterwheel

2010-07-07 13:51:43 120 ----a-w- c:\windows\Choloqiqurih.dat

2010-07-07 13:51:43 0 ----a-w- c:\windows\Szatapanuvaz.bin

2010-07-07 12:32:05 0 d-----w- c:\docume~1\stewart\applic~1\Malwarebytes

2010-07-07 12:31:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-07 12:31:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-07 12:31:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-07 12:31:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-07 11:49:29 2724 ----a-w- c:\windows\evehiyesu.dll

2010-06-19 05:30:11 135168 ----a-w- c:\windows\system32\igfxres.dll

==================== Find3M ====================

2010-07-18 10:07:44 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-18 09:57:23 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-07-18 09:57:12 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2010-07-16 22:07:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-16 22:06:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-12 22:57:56 62009 ----a-w- c:\windows\system32\wpfb_ialmrnt5.dll

2010-06-05 05:45:51 62009 ----a-w- c:\windows\system32\wpfb_igxprd32.dll

2010-05-18 06:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 06:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-05-18 06:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 06:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2008-03-21 11:42:21 14290 ----a-w- c:\program files\settings.dat

2008-09-04 11:56:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 23:15:33.07 ===============

Attach.zip

Link to post
Share on other sites

  • 3 weeks later...

I think I still have a problem.

Since posting, I installed Ad-Aware and it found Trojan.Win32.Hiloti.gen.i(v) and quarantined it. Firefox and Opera were opening random pages - advertisements. And at one point, using Opera, links returned by Google were going to advertising pages rather than desired destination. Since Ad-Aware found Hiloti both Firefox and Opera had been working well.

However, Chrome would not work at all. I have just re-installed Chrome and it still wont work - but Firefox has now just started opening random advertising pages on its own again (based on previous google search criteria I think). I suspect there is something still lurking with Chrome.

Any help or guidance would be most welcome.

Link to post
Share on other sites

  • Staff

Hi,

Looks like the infection is still present.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\drivers\lvuvc.hs

Post the results in your reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

1. the file c:\windows\system32\drivers\lvuvc.hs has zero bytes so there is no analysis

2. the ESET online scanner didnt run. I got as far as point 2 on the instructions. I was able to accept the terms of use and click Start. After a couple of minutes the window just closes or returns to the terms of use prompt.

3. Ran your security check okay. Log is attached.

Chrome now seems to be working and I have had no random tabs popping up for a day or so. Do you reckon its all good now? I have avoided internet banking for the last couple of weeks. Is it okay to start again?

Thanks for all your help.

Link to post
Share on other sites

  • Staff

Hi,

Please hold off on online banking until I give the all clear.

3. Ran your security check okay. Log is attached.
I don't see it. Could you please post it directly into your reply?

Delete these files please:

c:\windows\system32\drivers\logiflt.iad

c:\windows\system32\drivers\lvuvc.hs

Try this online scanner instead. I just want to be sure that nothing was missed.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

-screen317

Link to post
Share on other sites

1) The 2 files mentioned deleted

2) Security Check results

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 9.0

AVG9 successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

Eusing Free Registry Cleaner

Java 6 Update 21

Adobe Flash Player 10.1.53.64

Adobe Reader 9.3.3

Mozilla Firefox (3.6.7) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Stewart LOCALS~1 Temp OnlineScanner\Anti-Virus\fsgk32.exe

Stewart LOCALS~1 Temp OnlineScanner\Anti-Virus\fssm32.exe

Stewart LOCALS~1 Temp fsonlinescanner.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

3) F-Secure On line scan results

Scanning Report

Thursday, August 12, 2010 18:29:41 - 21:51:18

Computer name: EDC5684

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ E:\

10 malware found

Suspicious:W32/Malware!Gemini (spyware)

* System (Disinfected)

TrackingCookie.Xiti (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

Trojan.FakeAV.KZQ (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1474\A0229279.DLL (Renamed & Submitted)

Gen:Trojan.Heur.GZ.ny0abudjvAii (virus)

* C:\PROGRAM FILES\IPRIMUS\ICONNECTDSL\REBOOTER.EXE (Renamed & Submitted)

Gen:Trojan.Heur.GZ.iuWabG4037e (virus)

* C:\PROGRAM FILES\IPRIMUS\ICONNECTDSL\TOOL.EXE (Renamed & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\GOOGLE\GOOGLE VIDEO PLAYER\GOOGLEVIDEOPLAYER.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\ANYREADER\UNINSHS.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

* C:\DOCUMENTS AND SETTINGS\STEWART\LOCAL SETTINGS\TEMP\485.TMP\EVP.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

* C:\DOCUMENTS AND SETTINGS\LISE\IGLOADER FILES\SUPERGERBALL\IGUNINST.EXE (Not cleaned & Submitted)

Statistics

Scanned:

* Files: 121725

* System: 5169

* Not scanned: 8

Actions:

* Disinfected: 3

* Renamed: 3

* Deleted: 0

* Not cleaned: 4

* Submitted: 4

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\DOCUMENTS AND SETTINGS\STEWART\LOCAL SETTINGS\TEMP\HSPERFDATA_STEWART\13228

* C:\DOCUMENTS AND SETTINGS\STEWART\LOCAL SETTINGS\TEMP\HSPERFDATA_STEWART\14196

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

Copyright

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don

Link to post
Share on other sites

Hi

I have uninstalled Combifix, deleted Security Check and ran CCleaner.

After restarting pc I have used Chrome, Opera, Firefox and briefly IE. So far everything looks good. No random tabs appearing and Google searches are behaving. Do you reckon its all good now?

Dhalgren

Link to post
Share on other sites

Hmmm

I may have spoken too soon.

My wife logged on earlier today (she is a different User). She got a message about a problem running a Chrome script when logging on, and no, she didn't make a detailed note of what the message was. She has Chrome on her taskbar so I surmised/hoped that the problem could have been as a result of running Ccleaner before. I re-ran Ccleaner to test this theory, but I couldn't replicate the message about the Chrome script.

I ran F-Secure Online Scanner from her account and got the following results:

Scanning Report

Sunday, August 15, 2010 12:51:23 - 16:32:55

Computer name: EDC5684

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ E:\

2 malware found

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

* C:\DOCUMENTS AND SETTINGS\LISE\IGLOADER FILES\SUPERGERBALL\IGUNINST.EXE (Not cleaned & Submitted)

Statistics

Scanned:

* Files: 107899

* System: 5095

* Not scanned: 8

Actions:

* Disinfected: 1

* Renamed: 0

* Deleted: 0

* Not cleaned: 1

* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\DOCUMENTS AND SETTINGS\LISE\LOCAL SETTINGS\TEMP\HSPERFDATA_LISE\880

* C:\DOCUMENTS AND SETTINGS\LISE\LOCAL SETTINGS\TEMP\HSPERFDATA_LISE\420

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

Also, at some point later in the day an additional Firefox window (not just tab) appeared promoting a dodgy weight loss supplement - it was a version of a well-known scam for 'acai' berries.

Are the above just red herrings? Could the acai berry Firefox window have been launched from a site she had already visited?

Again, thanks for your help.

Link to post
Share on other sites

My wife got the Chrome script message again

"A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: chrome://fvd/content/fvd.js:266

Don't ask me again

continue Stop Script"

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

The Chrome error is odd. I would try uninstalling it and reinstalling it. Something within it may be corrupted.

As for the Firefox popup, it is likely that it was a result of a page that was loaded and does not appear to be malware-related.

Use the computer normally and see if any issues persist.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.