Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Removed Firefox as default and displays Microsoft security

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Removed Firefox as default and displays Microsoft security

Unread postby zlus » March 29th, 2011, 12:33 am

Malware replaced Firefox with IE and now continually pops what I would believe to be fake microsoft security scans and "hijack" bubbles

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:36 PM, on 3/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldwcoms.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Documents and Settings\Jeff\Local Settings\Application Data\tuw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dldwmon.exe] "C:\Program Files\Dell V505\dldwmon.exe"
O4 - HKLM\..\Run: [dldwamon] "C:\Program Files\Dell V505\dldwamon.exe"
O4 - HKLM\..\Run: [Dell V505 Fax Server] "C:\Program Files\Dell V505\fm3032.exe" /s
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8611002625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3677494400
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/po ... der_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldwCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe
O23 - Service: dldw_device - - C:\WINDOWS\system32\dldwcoms.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 9072 bytes
zlus
Active Member
 
Posts: 4
Joined: March 29th, 2011, 12:27 am
Advertisement
Register to Remove

Re: Removed Firefox as default and displays Microsoft securi

Unread postby Elrond » March 29th, 2011, 8:58 pm

Hello... Welcome to the forum.
My name is Elrond, and I'll be helping you with any malware problems.
As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.
The logs I request need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.
Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.


Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched and can make the cleanup more dificult..
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"
    REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.

  • Please note that you should have Administrator rights to perform the fixes. (XP accounts are Administrator by default)
    Also note that multiple identity PC's (family PC's) present a different problem; please tell me if your PC has more than one individual's setting, but continue with the fix.Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please Note:
    In Vista and Windows 7 you hopefully are not running as administrator and therefore will need to get into Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.
    Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
    When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.


Please note that I will be off line for about 26 hours (sundown Friday until nightfall Saturday my local time) every week.


End of preliminaries. What follows is related to analyzing what is on your computer and cleaning it up.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Please read through the following http://malwareremoval.com/forum/viewtop ... 81#p491381 and then post a DDS log according to the instructions and I will be happy to try and help you.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Removed Firefox as default and displays Microsoft securi

Unread postby zlus » March 29th, 2011, 11:15 pm

Thanks Elrond, I appreciate any work you put in on my behalf!
You do not have the required permissions to view the files attached to this post.
zlus
Active Member
 
Posts: 4
Joined: March 29th, 2011, 12:27 am

Re: Removed Firefox as default and displays Microsoft securi

Unread postby Elrond » March 30th, 2011, 12:51 am

Please do not attache the logs but post them in a regular post if I do not specifically ask you to do something else.
Please do repost the DDS logs in your next post. The attached logs makes my work more difficult and makes it impossible for us to find them later on.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Removed Firefox as default and displays Microsoft securi

Unread postby zlus » March 30th, 2011, 10:40 am

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jeff at 21:12:16.32 on Tue 03/29/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2505 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\tuw.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jeff\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\jeff\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [dldwmon.exe] "c:\program files\dell v505\dldwmon.exe"
mRun: [dldwamon] "c:\program files\dell v505\dldwamon.exe"
mRun: [Dell V505 Fax Server] "c:\program files\dell v505\fm3032.exe" /s
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Control Center] c:\program files\asus\wlan card utilities\Center.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 8611002625
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 3677494400
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/po ... der_v6.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jeff\applic~1\mozilla\firefox\profiles\9ic7r17o.default\
FF - plugin: c:\documents and settings\jeff\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\jeff\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jeff\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\jeff\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-10-3 30576]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2011-2-28 1013888]
S1 26a15312;26a15312;c:\windows\system32\drivers\26a15312.sys --> c:\windows\system32\drivers\26a15312.sys [?]
S1 80e76c4b;80e76c4b;c:\windows\system32\drivers\80e76c4b.sys --> c:\windows\system32\drivers\80e76c4b.sys [?]
S1 crtwrnbm;crtwrnbm;\??\c:\windows\system32\drivers\crtwrnbm.sys --> c:\windows\system32\drivers\crtwrnbm.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
S2 dldwCATSCustConnectService;dldwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldwserv.exe [2010-11-11 99568]
S3 gkmixern;gkmixern;\??\c:\docume~1\jeff\locals~1\temp\gkmixern.sys --> c:\docume~1\jeff\locals~1\temp\gkmixern.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 EAMWKTZY;EAMWKTZY;c:\docume~1\admini~1\locals~1\temp\EAMWKTZY.exe [2008-11-15 441216]
S4 MHAVARGJQEAZ;MHAVARGJQEAZ;c:\docume~1\admini~1\locals~1\temp\MHAVARGJQEAZ.exe [2008-11-15 367488]
S4 uvnc_service;uvnc_service;"c:\program files\ultravnc\winvnc.exe" -service --> c:\program files\ultravnc\winvnc.exe [?]
.
=============== Created Last 30 ================
.
2011-03-29 03:46:13 335872 --sha-w- c:\docume~1\jeff\locals~1\applic~1\tuw.exe
2011-03-29 03:46:13 335872 --sha-w- c:\docume~1\jeff\locals~1\applic~1\iif.exe
2011-03-27 02:31:49 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-27 02:31:49 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-26 23:54:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\pKfMoDbCoKc28601
2011-03-14 21:44:39 -------- d-----w- c:\program files\iPod
2011-03-14 21:44:35 -------- d-----w- c:\program files\iTunes
2011-03-01 03:21:08 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-03-01 03:20:39 1013888 ----a-w- c:\windows\system32\drivers\rt2860.sys
2011-03-01 03:20:38 546304 ----a-w- c:\windows\system32\ASWL2K.exe
2011-03-01 03:20:38 52800 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-03-01 03:20:38 496640 ----a-w- c:\windows\system32\ASWLSVC.exe
2011-03-01 03:20:38 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-03-01 03:20:38 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2011-03-01 03:20:38 159827 ----a-w- c:\windows\system32\RemSvc.exe
2011-03-01 03:20:37 61440 ----a-w- c:\windows\system32\ASUSW32N50.dll
2011-03-01 03:20:37 16269 ----a-w- c:\windows\system32\ASNDIS5.sys
2011-03-01 03:20:37 15577 ----a-w- c:\windows\system32\ASNDIS3.vxd
2011-03-01 03:20:34 -------- d-----w- c:\program files\ASUS
.
==================== Find3M ====================
.
2011-03-13 21:24:01 7388 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:12:52.87 ===============

ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2008 10:17:40 PM
System Uptime: 3/29/2011 8:35:46 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz | Microprocessor | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 51.592 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&1B02CB0B&0&18F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&1B02CB0B&0&18F0
Service:
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet Pro L7500
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet Pro L7500
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7500
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7500
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7500
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro L7500
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP773: 3/18/2011 9:00:19 PM - System Checkpoint
RP774: 3/19/2011 8:12:32 AM - Software Distribution Service 3.0
RP775: 3/20/2011 8:29:02 AM - Software Distribution Service 3.0
RP776: 3/21/2011 6:44:36 PM - Software Distribution Service 3.0
RP777: 3/22/2011 7:11:48 PM - Software Distribution Service 3.0
RP778: 3/24/2011 7:25:22 PM - System Checkpoint
RP779: 3/26/2011 4:07:14 PM - System Checkpoint
RP780: 3/26/2011 6:15:09 PM - Software Distribution Service 3.0
RP781: 3/26/2011 8:29:54 PM - Restore Operation
RP782: 3/26/2011 8:51:08 PM - Software Distribution Service 3.0
RP783: 3/27/2011 8:07:26 AM - Software Distribution Service 3.0
RP784: 3/27/2011 9:27:37 PM - Software Distribution Service 3.0
RP785: 3/28/2011 10:08:18 PM - Removed Microsoft Silverlight
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
AAC Decoder
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
ASUS WLAN Card Utilities/Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
Bonjour
BPD_Scan
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
CM 03-04
Dell Toolbar
Dell V505
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
Download Updater (AOL LLC)
ESPN Java Check
File Uploader
filehippo.com Update Checker
FlipShare
Google Talk Plugin
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Officejet Pro All-In-One Series
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
jZip
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Move Media Player
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetDeviceManager
Nikon Message Center
Nikon Transfer
OneTouch Version 3.0
OpenOffice.org 2.4
Picasa 3
Picture Control Utility
QuickTime
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skins
Skype™ 5.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
ViewNX
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Win32Pad 1.5.10
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WordPerfect Office 11
Xvid 1.2.1 final uninstall
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/29/2011 8:34:12 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
3/29/2011 8:34:08 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
3/29/2011 8:33:26 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
3/28/2011 10:08:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/26/2011 8:36:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
3/26/2011 8:36:45 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/26/2011 8:36:44 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/26/2011 8:34:34 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/26/2011 8:26:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/26/2011 8:26:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/26/2011 8:25:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Beep Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip WS2IFSL
3/26/2011 8:25:28 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2011 8:25:28 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2011 8:25:28 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2011 8:25:28 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2011 8:25:28 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2011 8:25:28 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2011 8:25:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/26/2011 7:16:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
3/26/2011 7:16:24 PM, error: Service Control Manager [7022] - The Fax service hung on starting.
3/26/2011 7:13:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect.
3/26/2011 7:13:51 PM, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/26/2011 7:11:21 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
3/26/2011 7:11:02 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 3 time(s).
3/26/2011 7:01:32 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/26/2011 7:00:53 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 2 time(s).
3/26/2011 7:00:24 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/26/2011 6:58:50 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/26/2011 6:58:41 PM, error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
3/26/2011 6:58:22 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:58:06 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/26/2011 6:54:45 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:54:31 PM, error: Service Control Manager [7034] - The dldw_device service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:53:58 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:53:37 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/26/2011 6:53:24 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/26/2011 6:53:20 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/26/2011 6:53:17 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:53:14 PM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:53:11 PM, error: Service Control Manager [7034] - The ASWLSVC service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:53:08 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/26/2011 6:46:45 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:44:58 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:33:24 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 6:33:24 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
.
==== End Of File ===========================
zlus
Active Member
 
Posts: 4
Joined: March 29th, 2011, 12:27 am

Re: Removed Firefox as default and displays Microsoft securi

Unread postby Elrond » March 30th, 2011, 2:56 pm

There is some oddities in your log and I would like you to
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix!!
. If you don't know how to disable your antivirus, stop and ask.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Disable ALL antivirus/antimalware programs before proceeding!
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • Do not touch the computer AT ALL while ComboFix is running!
  • When finished, the report will open. Reenable your protection software and post the log in your next reply
A copy of the log will be located here -> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Removed Firefox as default and displays Microsoft securi

Unread postby zlus » March 31st, 2011, 12:00 am

ComboFix 11-03-30.01 - Jeff 03/30/2011 21:45:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2455 [GMT -6:00]
Running from: c:\documents and settings\Jeff\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bold.log
c:\documents and settings\Jeff\Local Settings\Application Data\{E6A09853-0D0D-4723-BEF3-6DE53D63B77D}
c:\documents and settings\Jeff\Local Settings\Application Data\{E6A09853-0D0D-4723-BEF3-6DE53D63B77D}\chrome.manifest
c:\documents and settings\Jeff\Local Settings\Application Data\{E6A09853-0D0D-4723-BEF3-6DE53D63B77D}\chrome\content\_cfg.js
c:\documents and settings\Jeff\Local Settings\Application Data\{E6A09853-0D0D-4723-BEF3-6DE53D63B77D}\chrome\content\c.js
c:\documents and settings\Jeff\Local Settings\Application Data\{E6A09853-0D0D-4723-BEF3-6DE53D63B77D}\chrome\content\overlay.xul
c:\documents and settings\Jeff\Local Settings\Application Data\{E6A09853-0D0D-4723-BEF3-6DE53D63B77D}\install.rdf
c:\documents and settings\Jeff\Local Settings\Application Data\iif.exe
c:\documents and settings\Jeff\Local Settings\Application Data\tuw.exe
c:\program files\Internet Explorer\SET188.tmp
c:\program files\Internet Explorer\SET18D.tmp
c:\program files\Internet Explorer\SET297.tmp
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\_005185_.tmp.dll
c:\windows\system32\_005186_.tmp.dll
c:\windows\system32\_005187_.tmp.dll
c:\windows\system32\_005188_.tmp.dll
c:\windows\system32\_005195_.tmp.dll
c:\windows\system32\_005197_.tmp.dll
c:\windows\system32\_005198_.tmp.dll
c:\windows\system32\_005200_.tmp.dll
c:\windows\system32\_005201_.tmp.dll
c:\windows\system32\_005204_.tmp.dll
c:\windows\system32\_005205_.tmp.dll
c:\windows\system32\_005207_.tmp.dll
c:\windows\system32\_005208_.tmp.dll
c:\windows\system32\_005209_.tmp.dll
c:\windows\system32\_005211_.tmp.dll
c:\windows\system32\_005214_.tmp.dll
c:\windows\system32\_005215_.tmp.dll
c:\windows\system32\_005219_.tmp.dll
c:\windows\system32\_005220_.tmp.dll
c:\windows\system32\_005222_.tmp.dll
c:\windows\system32\_005225_.tmp.dll
c:\windows\system32\_005227_.tmp.dll
c:\windows\system32\_005229_.tmp.dll
c:\windows\system32\_005230_.tmp.dll
c:\windows\system32\_005231_.tmp.dll
c:\windows\system32\_005234_.tmp.dll
c:\windows\system32\_005235_.tmp.dll
c:\windows\system32\_005236_.tmp.dll
c:\windows\system32\_005237_.tmp.dll
c:\windows\system32\_005238_.tmp.dll
c:\windows\system32\_005243_.tmp.dll
c:\windows\system32\_005245_.tmp.dll
c:\windows\system32\_005246_.tmp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_icf
-------\Legacy_TDSSSERV.SYS
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-27 02:31 . 2011-03-27 02:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-27 01:07 . 2011-03-27 01:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-03-26 23:54 . 2011-03-27 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\pKfMoDbCoKc28601
2011-03-14 21:44 . 2011-03-14 21:44 -------- d-----w- c:\program files\iPod
2011-03-14 21:44 . 2011-03-14 21:45 -------- d-----w- c:\program files\iTunes
2011-03-04 02:14 . 2011-03-04 02:14 -------- d-----w- c:\program files\Common Files\Skype
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 21:24 . 2009-04-01 18:54 7388 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-01 03:21 . 2011-03-01 03:21 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-02-09 13:53 . 2003-07-16 20:43 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-07-16 20:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-06-17 04:10 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-06-17 04:10 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-07-16 20:44 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-07-16 20:24 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2003-07-16 20:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Google Update"="c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-04 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"dldwmon.exe"="c:\program files\Dell V505\dldwmon.exe" [2008-10-02 677104]
"dldwamon"="c:\program files\Dell V505\dldwamon.exe" [2008-10-02 16624]
"Dell V505 Fax Server"="c:\program files\Dell V505\fm3032.exe" [2008-10-02 312560]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-08-27 135536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2009-09-02 1790464]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDTSysTrayApp]
2007-09-06 04:24 405504 ----a-w- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 00:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Jeff\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Jeff\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dldwcoms.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/3/2009 11:50 AM 30576]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2/28/2011 9:20 PM 1013888]
S1 26a15312;26a15312;c:\windows\system32\drivers\26a15312.sys --> c:\windows\system32\drivers\26a15312.sys [?]
S1 80e76c4b;80e76c4b;c:\windows\system32\drivers\80e76c4b.sys --> c:\windows\system32\drivers\80e76c4b.sys [?]
S1 crtwrnbm;crtwrnbm;\??\c:\windows\system32\drivers\crtwrnbm.sys --> c:\windows\system32\drivers\crtwrnbm.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 dldwCATSCustConnectService;dldwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldwserv.exe [11/11/2010 9:38 PM 99568]
S3 gkmixern;gkmixern;\??\c:\docume~1\Jeff\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Jeff\LOCALS~1\Temp\gkmixern.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 EAMWKTZY;EAMWKTZY;c:\docume~1\ADMINI~1\LOCALS~1\Temp\EAMWKTZY.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\EAMWKTZY.exe [?]
S4 MHAVARGJQEAZ;MHAVARGJQEAZ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\MHAVARGJQEAZ.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\MHAVARGJQEAZ.exe [?]
S4 uvnc_service;uvnc_service;"c:\program files\UltraVNC\winvnc.exe" -service --> c:\program files\UltraVNC\winvnc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-261478967-839522115-1004Core.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-04 22:17]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-261478967-839522115-1004UA.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-04 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\9ic7r17o.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-brastk - brastk.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-30 21:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3044)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldwcoms.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Dell V505\dldwMsdMon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-03-30 21:56:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-31 03:56
.
Pre-Run: 55,683,002,368 bytes free
Post-Run: 55,795,294,208 bytes free
.
- - End Of File - - 7B4C608CE30A223270ED2E0E6900D86D
zlus
Active Member
 
Posts: 4
Joined: March 29th, 2011, 12:27 am

Re: Removed Firefox as default and displays Microsoft securi

Unread postby Elrond » March 31st, 2011, 12:33 pm

I would like you to run

TDSSKiller
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Next double-click the tdsskiller Folder on your desktop.
  • Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply


VirSCAN Suspicious File Upload
I need to get more information on a number of files... please perform the following:

Note: Internet Explorer should be used... for best results.
    Please go to VirSCAN.org... a free on-line file scanning service.
  1. Copy / paste the complete path and file name (below) into the "Suspicious files to scan" box... at the top of the page.

    c:\windows\system32\drivers\26a15312.sys

  2. Click on the Upload button. Once the file is uploaded, the scanning process will begin.
  3. Once the Scan completes... (scroll down) click on the "Copy to Clipboard" button.
  4. Open Notepad... then paste (Ctrl &V) the contents of the Clipboard into the open Notepad window.
  5. Save the Notepad file as "VirScan1.txt"... save it to your desktop.
  6. Repeat the process for the following files but name the files "VirScan2.txt", "VirScan3.txt" and so on.

    c:\windows\system32\drivers\80e76c4b.sys
    c:\windows\system32\drivers\crtwrnbm.sys
    c:\docume~1\jeff\locals~1\temp\gkmixern.sys
    c:\docume~1\admini~1\locals~1\temp\EAMWKTZY.exe
    c:\docume~1\admini~1\locals~1\temp\MHAVARGJQEAZ.exe
  7. Paste the contents of the VirScan.txt files (2-6), in your next reply. If needed please divide them into more than one post. However I hope that they fit within one post.

What I need in your next post is the log from TDSkiller and the 6 reports from VirScan.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Removed Firefox as default and displays Microsoft securi

Unread postby Elrond » April 4th, 2011, 2:03 am

Do you still need help? If so answer within the next 24 hours.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Removed Firefox as default and displays Microsoft securi

Unread postby Elrond » April 5th, 2011, 2:32 am

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 330 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware