Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search redirects and Firefox crashes

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Search redirects and Firefox crashes

Unread postby melboy » May 3rd, 2010, 3:43 am

Hi

Thanks for that.



COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
    c:\docume~1\Heinrich\LOCALS~1\Temp\pfsvgae.sys
    
    Folder::
    c:\documents and settings\Heinrich\Application Data\uTorrent
    c:\program files\uTorrent
    
    Driver:: 
    pfsvgae
    
    Registry:: 
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » May 4th, 2010, 7:09 pm

Here it is

ComboFix 10-05-04.01 - Heinrich 05/04/2010 15:41:18.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1386 [GMT -7:00]
Running from: c:\documents and settings\Heinrich\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Heinrich\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\docume~1\Heinrich\LOCALS~1\Temp\pfsvgae.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Heinrich\Application Data\uTorrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Cage The Elephant-Cage The Elephant (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Company of Thieves.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Dead Confederate - Wrecking Ball 2008.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\dht.dat
c:\documents and settings\Heinrich\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Ella Set 085.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 083.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 084.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 087.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 39.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 41.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Frank The Baptist.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Haujobb.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Kates Playground - My Hoodie.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Kirlian_Camera.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\LS Ukrainian (Gentle) Angels Sets 151-175.zip.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\LS Ukrainian (Gentle) Angels Sets 176-200.zip.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Lush - All LP Albums (FLAC).torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Medicine - Shot Forth Self Living [1992].torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\MGMT - Oracular Spectacular [2008].torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\My Bloody Valentine - Discography.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Pics.rar.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\resume.dat
c:\documents and settings\Heinrich\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Heinrich\Application Data\uTorrent\Ride - Nowhere [Mp3-vrb-Remastered].torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\rss.dat
c:\documents and settings\Heinrich\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Heinrich\Application Data\uTorrent\settings.dat
c:\documents and settings\Heinrich\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Heinrich\Application Data\uTorrent\The Cruxshadows.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\The.Airborne.Toxic.Event-The.Airborne.Toxic.Event.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Tipi Model set 17-2.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Heinrich\Application Data\uTorrent\Virginia 131-136.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Virginia Sets 128-130.torrent
c:\program files\uTorrent
c:\program files\WindowsUpdate

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PFSVGAE
-------\Service_pfsvgae


((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-04-23 21:03 . 2010-04-23 21:03 -------- d-----w- c:\program files\Trend Micro
2010-04-23 01:51 . 2010-04-23 01:56 -------- d-----w- c:\program files\CCleaner
2010-04-22 23:36 . 2010-04-26 05:27 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-22 23:35 . 2010-04-22 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-22 23:35 . 2010-04-22 23:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-22 23:04 . 2010-05-02 19:48 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-22 19:24 . 2010-04-22 19:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-22 19:20 . 2010-04-22 19:20 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-08 08:40 . 2010-05-02 21:21 0 ----a-w- c:\documents and settings\Heinrich\Local Settings\Application Data\prvlcl.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 22:50 . 2009-06-26 22:42 -------- d-----w- c:\program files\Steam
2010-05-02 19:49 . 2010-01-03 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 19:21 . 2009-09-22 21:52 1 ----a-w- c:\documents and settings\Heinrich\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-29 22:39 . 2010-01-03 20:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-01-03 20:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 02:43 . 2004-08-04 12:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-27 09:28 . 2009-11-22 00:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 07:46 . 2010-03-31 05:40 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-23 05:43 . 2009-02-22 19:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-23 01:54 . 2009-02-22 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-20 16:18 . 2009-02-22 19:16 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 04:01 . 2009-02-22 21:40 -------- d-----w- c:\program files\World of Warcraft
2010-03-31 22:53 . 2010-03-31 22:53 -------- d-----w- c:\documents and settings\Heinrich\Application Data\My Games
2010-03-31 22:50 . 2004-08-04 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-31 22:20 . 2009-02-22 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 22:20 . 2010-03-31 22:20 -------- d-----w- c:\program files\Firaxis Games
2010-03-31 20:47 . 2010-03-31 20:47 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 20:46 . 2010-03-31 20:46 503808 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\msvcp71.dll
2010-03-31 20:46 . 2010-03-31 20:46 61440 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ed28572-n\decora-sse.dll
2010-03-31 20:46 . 2010-03-31 20:46 499712 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\jmc.dll
2010-03-31 20:46 . 2010-03-31 20:46 348160 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\msvcr71.dll
2010-03-31 20:46 . 2010-03-31 20:46 12800 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ed28572-n\decora-d3d.dll
2010-03-31 20:45 . 2009-09-22 21:47 -------- d-----w- c:\program files\Java
2010-03-27 21:39 . 2010-03-27 21:39 -------- d-----w- c:\program files\Sierra
2010-03-24 22:43 . 2010-03-24 22:43 272384 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Modules\curl.exe
2010-03-24 22:43 . 2010-03-24 22:43 258048 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2010-03-24 22:43 . 2010-03-24 22:43 196608 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2010-03-24 22:43 . 2010-03-24 22:43 -------- d-----w- c:\documents and settings\Heinrich\Application Data\Acreon
2010-03-10 08:02 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 17:26 . 2009-11-24 06:06 -------- d-----w- c:\program files\Warcraft III
2010-03-09 16:31 . 2009-02-22 19:16 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:31 . 2009-02-22 19:16 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-09 16:31 . 2009-02-22 19:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 16:31 . 2010-03-09 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-09 16:31 . 2009-02-22 19:16 -------- d-----w- c:\program files\AVG
2010-03-09 11:28 . 2009-03-07 00:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 06:12 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2003-12-18 18:33 . 2010-03-31 05:39 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 14:46 . 2010-03-31 05:39 10960 ----a-w- c:\program files\EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\Steam\Steam.exe" [2010-04-26 1238352]
"Google Update"="c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-28 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"SkyTel"="SkyTel.EXE" [2009-02-22 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-22 16262656]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-09 16:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Heinrich^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Heinrich\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/22/2009 12:16 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/22/2009 12:16 PM 242896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2/22/2009 12:52 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [7/22/2009 8:28 PM 78848]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/9/2010 9:31 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/9/2010 9:31 AM 308064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2/22/2009 12:52 PM 65576]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2/22/2009 1:14 PM 5824]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2/18/2010 8:14 PM 25832]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-507921405-839522115-1004Core.job
- c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 20:58]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-507921405-839522115-1004UA.job
- c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Heinrich\Application Data\Mozilla\Firefox\Profiles\h3bblgkv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 15:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-05-04 15:58:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 22:58
ComboFix2.txt 2010-04-29 04:03

Pre-Run: 6,713,634,816 bytes free
Post-Run: 6,653,059,072 bytes free

- - End Of File - - 695EEAFD9B2F338085F34063357D5BFE
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm

Re: Search redirects and Firefox crashes

Unread postby melboy » May 4th, 2010, 7:16 pm

Hi


Good - Any problems?


Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 9.2
  • Install the new downloaded updated software.
  • Then using the internal updater update the software to the current increment 9.3.2
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • If updates are found click Show Details and check the boxes to click to download and install any necessary updates.



Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 20.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u20-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java(TM) 6 Update 19
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

    (You should still have this on your desktop)
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » May 5th, 2010, 1:40 pm

Things seem to be pretty stable now. AVG doesn't run on start-up anymore though, not really sure why. Here's the log.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ec6ee1dcfdbea043a4582d5d54495152
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-05 06:36:50
# local_time=2010-05-04 11:36:50 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=256 16777215 100 0 37616470 37616470 0 0
# compatibility_mode=512 16777215 100 0 892233 892233 0 0
# compatibility_mode=1024 16777191 100 0 3964924 3964924 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73708
# found=1
# cleaned=0
# scan_time=6199
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\pciide.sys.vir Win32/Patched.EQ trojan 00000000000000000000000000000000 I
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm

Re: Search redirects and Firefox crashes

Unread postby melboy » May 5th, 2010, 1:57 pm

hjohn23 wrote:Things seem to be pretty stable now. AVG doesn't run on start-up anymore though, not really sure why.


Hi


Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.


In your next reply:
  1. DDS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search redirects and Firefox crashes

Unread postby melboy » May 7th, 2010, 12:25 pm

Hi hjohn23

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search redirects and Firefox crashes

Unread postby Dakeyras » May 8th, 2010, 7:49 pm

Due to lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 314 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware