Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

FireFox Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

FireFox Problem

Unread postby RTaRTiculate » June 20th, 2009, 1:30 am

My FireFox keeps freezing when a download finishes. Is there anything wrong?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:27 PM, on 6/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Security\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Security\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Security\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Security\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\Security\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\Security\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\Security\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\Security\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9f15d3cfa5aa4) (gupdate1c9f15d3cfa5aa4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Security\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6830 bytes
RTaRTiculate
Active Member
 
Posts: 10
Joined: June 11th, 2009, 9:54 pm
Top
Advertisement
Register to Remove

Re: FireFox Problem

Unread postby jmw3 » June 23rd, 2009, 7:16 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is postedis ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.
DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: FireFox Problem

Unread postby RTaRTiculate » June 26th, 2009, 10:09 am

Sorry for the slow reply, I will post back ASAP.
RTaRTiculate
Active Member
 
Posts: 10
Joined: June 11th, 2009, 9:54 pm
Top

Re: FireFox Problem

Unread postby RTaRTiculate » June 26th, 2009, 10:12 am

DDS.txt


DDS (Ver_09-06-26.01) - NTFSx86
Run by Kevin (Home PC) at 7:10:46.00 on Fri 06/26/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.463 [GMT -7:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Security\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Security\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Security\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AIMP2\AIMP2.exe
C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin (Home PC)\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinPatrol] c:\program files\security\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [egui] "c:\program files\security\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: S&end to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin(~1\applic~1\mozilla\firefox\profiles\yex5soqm.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\kevin (home pc)\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\tracker software\pdf-xchange\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R2 ekrn;ESET Service;c:\program files\security\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-11 210216]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848]
R2 osppsvc;Office Software Protection Platform;c:\windows\system32\OSPPSVC.EXE [2009-4-8 4319136]
S2 gupdate1c9f15d3cfa5aa4;Google Update Service (gupdate1c9f15d3cfa5aa4);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-11 19096]
S3 MBAMService;MBAMService;c:\program files\security\malwarebytes' anti-malware\mbamservice.exe [2009-6-11 194832]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-4-25 33480048]

=============== Created Last 30 ================

2009-06-23 20:16 <DIR> --d----- c:\windows\StartHtmico
2009-06-23 20:15 8,704 a------- c:\windows\system32\CNMVS75.DLL
2009-06-23 20:15 139,776 a------- c:\windows\system32\CNMLM75.DLL
2009-06-23 20:15 90,112 a----r-- c:\windows\system32\CNMCP75.exe
2009-06-23 20:15 <DIR> --d----- c:\program files\Canon
2009-06-20 17:58 <DIR> --d----- c:\program files\AIMP2
2009-06-20 17:49 32 a------- c:\windows\plugin.ini
2009-06-20 10:49 129,520 -------- c:\windows\system32\pxafs.dll
2009-06-19 21:09 <DIR> --d----- c:\program files\Pidgin
2009-06-17 16:47 <DIR> --d----- c:\program files\Unlocker
2009-06-14 15:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-06-14 15:11 <DIR> --d----- c:\program files\AIM6
2009-06-14 12:13 64,752 a---h--- c:\windows\system32\mlfcache.dat
2009-06-13 16:19 <DIR> --d----- c:\windows\pss
2009-06-12 19:49 <DIR> --d----- c:\program files\Yahoo!
2009-06-11 16:33 218,624 a------- c:\windows\system32\uxtheme.uxtender
2009-06-11 16:32 <DIR> --d----- c:\docume~1\kevin(~1\applic~1\Character Creator
2009-06-11 16:23 <DIR> --d----- c:\program files\common files\McAfee
2009-06-11 16:21 <DIR> --d----- c:\program files\McAfee
2009-06-11 15:31 <DIR> --d----- c:\docume~1\kevin(~1\applic~1\Malwarebytes
2009-06-11 15:30 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-11 15:30 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-11 15:10 <DIR> --d----- c:\documents and settings\all users\Microsoft
2009-06-11 14:57 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-06-11 14:54 <DIR> --d----- c:\program files\Microsoft Analysis Services
2009-06-10 19:36 <DIR> --d----- c:\docume~1\kevin(~1\applic~1\TeamViewer
2009-06-10 19:35 <DIR> --d----- c:\documents and settings\kevin (home pc)\temp
2009-06-01 20:54 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-01 20:52 14,048 -------- c:\windows\system32\spmsg2.dll
2009-06-01 18:27 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-01 18:24 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-01 17:45 <DIR> --d----- c:\program files\iPod
2009-06-01 17:44 <DIR> --d----- c:\program files\iTunes
2009-05-29 18:29 <DIR> --d----- c:\program files\VideoLAN
2009-05-28 23:28 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-05-28 23:28 36,864 a------- c:\windows\system32\trayicon_handler.ocx
2009-05-28 23:17 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-05-28 23:17 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-28 23:10 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-05-28 22:17 <DIR> --d----- c:\docume~1\kevin(~1\applic~1\Ashampoo
2009-05-28 22:14 <DIR> --d----- c:\program files\Ashampoo
2009-05-27 18:49 <DIR> --d----- c:\docume~1\kevin(~1\applic~1\Windows Live Writer

==================== Find3M ====================

2009-06-11 16:33 218,624 a------- c:\windows\system32\uxtheme.dll
2009-05-26 19:27 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-14 15:49 55,768 a------- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 15:49 33,096 a------- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 15:49 133,000 a------- c:\windows\system32\drivers\epfw.sys
2009-05-14 15:47 107,256 a------- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 15:41 114,472 a------- c:\windows\system32\drivers\eamon.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-28 21:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 21:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 13:53 40,960 a------- c:\windows\system32\VBAME.DLL
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-08 15:49 1,064,296 a------- c:\windows\system32\WebServices.dll
2009-04-08 15:37 4,319,136 a------- c:\windows\system32\OSPPSVC.EXE
2009-04-08 15:37 1,423,256 a------- c:\windows\system32\OSPPOBJS.DLL
2009-04-08 15:37 1,156,016 a------- c:\windows\system32\OSPPCEXT.DLL
2009-04-08 15:37 192,432 a------- c:\windows\system32\OSPPRUN.EXE
2009-04-08 15:37 110,472 a------- c:\windows\system32\OSPPC.DLL
2009-04-08 15:37 114,568 a------- c:\windows\system32\wbem\OSPPWMI.DLL
2009-04-08 15:26 1,204,072 a------- c:\windows\system32\FM20.DLL
2009-04-08 15:26 31,616 a------- c:\windows\system32\FM20ENU.DLL

============= FINISH: 7:11:53.15 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/25/2009 5:37:15 PM
System Uptime: 6/25/2009 11:55:30 PM (8 hours ago)

Motherboard: | | 741GX-M2
Processor: AMD Athlon(tm) XP | Socket A | 1002/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 38.636 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 41.629 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 39 GiB total, 38.996 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: PCI Modem
Device ID: PCI\VEN_134D&DEV_2189&SUBSYS_1002134D&REV_04\3&61AAA01&0&58
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_134D&DEV_2189&SUBSYS_1002134D&REV_04\3&61AAA01&0&58
Service:

==== System Restore Points ===================

RP44: 5/28/2009 10:22:02 PM - Installed Vegas Movie Studio Platinum 9.0
RP45: 5/31/2009 10:10:04 AM - System Checkpoint
RP46: 6/1/2009 6:23:13 PM - Installed Windows Media Player 11
RP47: 6/1/2009 6:24:26 PM - Installed Windows XP Wudf01000.
RP48: 6/1/2009 6:27:48 PM - Installed Windows XP MSCompPackV1.
RP49: 6/1/2009 8:52:54 PM - Installed %1 %2.
RP50: 6/1/2009 8:53:05 PM - Printer Driver Microsoft XPS Document Writer Installed
RP51: 6/1/2009 9:10:43 PM - Installed DVD Architect Pro 5.0
RP52: 6/2/2009 6:32:28 AM - Software Distribution Service 3.0
RP53: 6/2/2009 3:25:24 PM - Software Distribution Service 3.0
RP54: 6/3/2009 6:59:10 PM - System Checkpoint
RP55: 6/5/2009 2:55:19 PM - Installed Vegas Pro 9.0
RP56: 6/5/2009 3:06:49 PM - Removed Vegas Movie Studio Platinum 9.0b
RP57: 6/6/2009 6:35:36 PM - System Checkpoint
RP58: 6/9/2009 4:06:07 PM - System Checkpoint
RP59: 6/11/2009 6:38:31 AM - Software Distribution Service 3.0
RP60: 6/11/2009 2:38:43 PM - Removed Vegas Pro 9.0
RP61: 6/11/2009 2:40:36 PM - Removed DVD Architect Pro 5.0
RP62: 6/11/2009 2:51:34 PM - Installed Microsoft Office Professional Plus 2010 (Technical Preview)
RP63: 6/11/2009 2:52:36 PM - Installed Microsoft Office Professional Plus 2010 (Technical Preview)
RP64: 6/11/2009 3:27:19 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP65: 6/13/2009 4:26:49 PM - Software Distribution Service 3.0
RP66: 6/13/2009 6:01:28 PM - Installed Windows XP KB942288-v3.
RP67: 6/14/2009 12:10:22 PM - Installed Safari
RP68: 6/15/2009 6:34:13 PM - System Checkpoint
RP69: 6/18/2009 6:36:25 PM - Software Distribution Service 3.0
RP70: 6/20/2009 12:35:32 PM - Removed Safari
RP71: 6/23/2009 3:50:21 PM - System Checkpoint
RP72: 6/23/2009 8:15:51 PM - Printer Driver Canon iP1600 Installed
RP73: 6/25/2009 2:42:59 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
AIMP2
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 9.03
Bonjour
Canon iP1600
CCleaner (remove only)
Choice Guard
Critical Update for Windows Media Player 11 (KB959772)
Foxit PDF Editor
Google Apps
Google Chrome
Google Update Helper
Google Updater
GTK+ Runtime 2.14.7 rev a (remove only)
Guifications Plugin (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
iTunes
Junk Mail filter update
KONICA MINOLTA PagePro 1350W
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 14
Microsoft Office Excel MUI (English) 14
Microsoft Office Groove MUI (English) 14
Microsoft Office Groove Setup Metadata MUI (English) 14
Microsoft Office InfoPath MUI (English) 14
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 14
Microsoft Office Outlook MUI (English) 14
Microsoft Office PowerPoint MUI (English) 14
Microsoft Office Professional Plus 14
Microsoft Office Professional Plus 2010 (Technical Preview)
Microsoft Office Proof (English) 14
Microsoft Office Proof (French) 14
Microsoft Office Proof (Spanish) 14
Microsoft Office Proofing (English) 14
Microsoft Office Publisher MUI (English) 14
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 14
Microsoft Office Shared Setup Metadata MUI (English) 14
Microsoft Office Word MUI (English) 14
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 6.0 Parser (KB925673)
Picasa 3
Pidgin
QuickTime
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SpywareBlaster 4.2
Unlocker 1.8.7
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinPatrol 2009
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

6/26/2009 7:10:50 AM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
6/24/2009 5:40:57 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/22/2009 4:26:00 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
6/22/2009 4:25:39 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
6/22/2009 4:11:03 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.GdiPlus. Reference error message: The referenced assembly is not installed on your system. .
6/22/2009 4:11:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll. Reference error message: The operation completed successfully. .
6/22/2009 4:11:03 PM, error: SideBySide [32] - Dependent Assembly Microsoft.Windows.GdiPlus could not be found and Last Error was The referenced assembly is not installed on your system.
6/21/2009 7:50:28 PM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 2 time(s).
6/20/2009 9:21:08 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
6/20/2009 12:40:04 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/19/2009 7:26:50 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

==== End Of File ===========================
RTaRTiculate
Active Member
 
Posts: 10
Joined: June 11th, 2009, 9:54 pm
Top

Re: FireFox Problem

Unread postby jmw3 » June 26th, 2009, 10:21 am

And Gmer? How did you go with that?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: FireFox Problem

Unread postby RTaRTiculate » June 26th, 2009, 10:22 am

GMER is scanning right now :P

I have summer school in a few minutes, I'll post the log for you in the afternoon (5-6 hours or so?). Sorry!
RTaRTiculate
Active Member
 
Posts: 10
Joined: June 11th, 2009, 9:54 pm
Top

Re: FireFox Problem

Unread postby jmw3 » June 26th, 2009, 10:38 am

OK.. no worries

Just a small favour if you don't mind when you get time. This line from your DDS log:
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

I was wondering if you'd mind taking a trip to this webpage: http://www.systemlookup.com/search.php? ... DIR.DLL&s= & have a read. You will see that a request for the URLREDIR.DLL file be emailed for analysis. Could you make a copy of the file, zip it up & attach it in an email to the requested address. In the body of the text put a link to this topic:
Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=43777
& state you were requested to submit the file.

Thanks
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: FireFox Problem

Unread postby RTaRTiculate » June 26th, 2009, 10:43 am

I will post back in the afternoon. and submit the file.
RTaRTiculate
Active Member
 
Posts: 10
Joined: June 11th, 2009, 9:54 pm
Top

Re: FireFox Problem

Unread postby jmw3 » June 26th, 2009, 11:16 am

One more quick question; the copy of Office 2010 (or Office 14) - where did you get that from?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: FireFox Problem

Unread postby RTaRTiculate » June 26th, 2009, 5:38 pm

The Office 2010 was from my dad; he wanted to try it out on my computer because his is too old.

For uploading the file to systemlook, is there an email address I can send it to? I can't seem to upload it on Windows Live Mail, but it keeps opening Windows Live Mail when I click on the link to send it to them.

Here is the GMER log:GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-26 14:36:10
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 86344630 ZwAssignProcessToJobObject
SSDT 86343A60 ZwOpenProcess
SSDT 86343E80 ZwOpenThread
SSDT 86344460 ZwSuspendProcess
SSDT 86344280 ZwSuspendThread
SSDT 86343C90 ZwTerminateProcess
SSDT 863440B0 ZwTerminateThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:460] 86342790

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Kevin (Home PC)\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000786 21652 bytes
RTaRTiculate
Active Member
 
Posts: 10
Joined: June 11th, 2009, 9:54 pm
Top

Re: FireFox Problem

Unread postby jmw3 » June 26th, 2009, 7:01 pm

Hi
The Office 2010 was from my dad; he wanted to try it out on my computer because his is too old.
Yes but where was it downloaded from?

For uploading the file to systemlook, is there an email address I can send it to? I can't seem to upload it on Windows Live Mail, but it keeps opening Windows Live Mail when I click on the link to send it to them.
You are clicking the email link that says "Do email us"? That should open a new message window. You will then need to attach the zip file & send it.

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes' Anti-Malware
  • Open Malwarebytes Anti-Malware, click the Update tab then Check for Updates
  • If an update is found, it will download and install the latest version & data base version
  • Once the program has updated click the Scanner tab, select Perform full scan then click Scan
  • When the scan is complete, click OK, then Show Results to view the results
  • Be sure that everything is checked, and click Remove Selected
  • When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
    Note:
  • The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tab
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once & does not need to be reported unless it returns on future reboots.

Kaspersky Online Scan
Please make sure that all programs are closed when installing Java.

  • Click here to visit Java's website
  • Scroll down to Java Runtime Environment (JRE) 6 Update 14. Click on Download
  • Select Windows from the drop-down list for Platform
  • Select Multi-language from the drop-down list for Language
  • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue
  • Click on jre-6u14-windows-i586-p.exe link to download it and save this to a convenient location
  • Double click on jre-6u14-windows-i586-p.exe to install Java
  • After the Java installation has finished, go to Kaspersky website and perform an online antivirus scan
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
To post in next reply:
Malwarebytes log
Kaspersky Scan log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: FireFox Problem

Unread postby NonSuch » July 1st, 2009, 5:15 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 457 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index