Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Install Add-on" tabs auto-generated in Firefox

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Install Add-on" tabs auto-generated in Firefox

Unread postby muziris » June 23rd, 2013, 10:04 am

Hi,
Need help! :scratch:

For the past few days I am having two tabs automatically appearing when I open my Firefox 22.0 browser. It does not go away with scans by Malwarebytes Anti-Malware Pro 1.75.0.1300 and Avira Free Antivirus 13.0.0.3640. Latest scan reports have infections reported but by removing these the problem does not go away.

I ran dds.scr as required here. Appending DDS.txt and Attach.txt logs as well here.

Another observation is that Avira has produced a warning since 7th June on all my hard drives as well as for a USB Flash drive. Here is an e.g. of that warning for the G drive
[Real-Time Protection] Autorun blocked
In accordance with security guidelines, the Administrator has blocked access to file 'G:\AUTORUN.INF'.


Not sure if it is related to all this but my machine restarts unpredictably as well, sometimes even before the Windows loads, and has been happening pretty regularly for the past week.

All log details provided below. Really appreciate any assistance in sorting this out.

Thanks in advance... :)

Both these tabs have the same name "Install Add-on".

The 1st tab says :
Another program on your computer would like to modify Firefox with the following add-on:

mysearchdial.com 1.6.0
By mysearchdial.com
Location: C:\Documents and Settings\Rajesh\Application

Data\Mozilla\Firefox\Profiles\qr5y908i.default\extensions\ffxtlbr@mysearchdial.com

Install add-ons only from authors whom you trust:

Allow this installation [a check box - deselected]

You can always change your mind at any time by going to the Add-ons Manager.

[Continue button]



The 2nd tab says :
Another program on your computer would like to modify Firefox with the following add-on:

MySearchDial 7.0
By mysearchdial.com
Location: C:\Documents and Settings\Rajesh\Application

Data\Mozilla\Firefox\Profiles\qr5y908i.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

Install add-ons only from authors whom you trust:

Allow this installation [a check box - deselected]

You can always change your mind at any time by going to the Add-ons Manager.

[Continue button]



Malwarebytes AntiMalware Pro Scan Report

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
http://www.malwarebytes.org

Database version: v2013.06.22.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Rajesh :: ADMIN-PC [administrator]

Protection: Enabled

6/23/2013 4:44:54 PM
MBAM-log-2013-06-23 (17-41-40).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 515069
Time elapsed: 56 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\AbhiAnya.ADMIN-PC\My Documents\Downloads\gta_mod_installer_v5.0_beta.zip (Trojan.Dropper) -> No action taken.
G:\New Folder (2)\Downloads\nfmwtrn19.zip (Trojan.Dropper) -> No action taken.

(end)


Avira Free Antivirus 13.0.0.3640 Scan Report


Avira Free Antivirus
Report file date: Sunday, June 23, 2013 17:48


The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3, v.3264) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ADMIN-PC

Version information:
BUILD.DAT : 13.0.0.3640 54852 Bytes 4/18/2013 13:36:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 5/19/2013 02:46:25
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 3/22/2013 02:39:14
LUKE.DLL : 13.6.0.1262 65080 Bytes 5/19/2013 02:47:11
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 5/19/2013 02:46:25
AVREG.DLL : 13.6.0.1262 247864 Bytes 5/19/2013 02:46:23
avlode.dll : 13.6.2.1262 432184 Bytes 5/19/2013 02:46:22
avlode.rdf : 13.0.1.18 26349 Bytes 6/21/2013 12:34:33
VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 19:56:32
VBASE001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 02:45:27
VBASE002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 06:25:57
VBASE003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 12:34:10
VBASE004.VDF : 7.11.85.215 2048 Bytes 6/21/2013 12:34:13
VBASE005.VDF : 7.11.85.216 2048 Bytes 6/21/2013 12:34:13
VBASE006.VDF : 7.11.85.217 2048 Bytes 6/21/2013 12:34:14
VBASE007.VDF : 7.11.85.218 2048 Bytes 6/21/2013 12:34:14
VBASE008.VDF : 7.11.85.219 2048 Bytes 6/21/2013 12:34:15
VBASE009.VDF : 7.11.85.220 2048 Bytes 6/21/2013 12:34:17
VBASE010.VDF : 7.11.85.221 2048 Bytes 6/21/2013 12:34:17
VBASE011.VDF : 7.11.85.222 2048 Bytes 6/21/2013 12:34:18
VBASE012.VDF : 7.11.85.223 2048 Bytes 6/21/2013 12:34:18
VBASE013.VDF : 7.11.85.224 2048 Bytes 6/21/2013 12:34:24
VBASE014.VDF : 7.11.85.225 2048 Bytes 6/21/2013 12:34:24
VBASE015.VDF : 7.11.85.226 2048 Bytes 6/21/2013 12:34:25
VBASE016.VDF : 7.11.85.227 2048 Bytes 6/21/2013 12:34:25
VBASE017.VDF : 7.11.85.228 2048 Bytes 6/21/2013 12:34:25
VBASE018.VDF : 7.11.85.229 2048 Bytes 6/21/2013 12:34:26
VBASE019.VDF : 7.11.85.230 2048 Bytes 6/21/2013 12:34:26
VBASE020.VDF : 7.11.85.231 2048 Bytes 6/21/2013 12:34:26
VBASE021.VDF : 7.11.85.232 2048 Bytes 6/21/2013 12:34:27
VBASE022.VDF : 7.11.85.233 2048 Bytes 6/21/2013 12:34:27
VBASE023.VDF : 7.11.85.234 2048 Bytes 6/21/2013 12:34:29
VBASE024.VDF : 7.11.85.235 2048 Bytes 6/21/2013 12:34:29
VBASE025.VDF : 7.11.85.236 2048 Bytes 6/21/2013 12:34:29
VBASE026.VDF : 7.11.85.237 2048 Bytes 6/21/2013 12:34:30
VBASE027.VDF : 7.11.85.238 2048 Bytes 6/21/2013 12:34:31
VBASE028.VDF : 7.11.85.239 2048 Bytes 6/21/2013 12:34:31
VBASE029.VDF : 7.11.85.240 2048 Bytes 6/21/2013 12:34:32
VBASE030.VDF : 7.11.85.241 2048 Bytes 6/21/2013 12:34:32
VBASE031.VDF : 7.11.86.72 164352 Bytes 6/23/2013 11:12:58
Engine version : 8.2.12.66
AEVDF.DLL : 8.1.3.4 102774 Bytes 6/13/2013 16:06:09
AESCRIPT.DLL : 8.1.4.124 487806 Bytes 6/20/2013 16:32:57
AESCN.DLL : 8.1.10.4 131446 Bytes 3/28/2013 03:56:39
AESBX.DLL : 8.2.5.12 606578 Bytes 8/28/2012 11:28:06
AERDL.DLL : 8.2.0.128 688504 Bytes 6/13/2013 16:06:07
AEPACK.DLL : 8.3.2.24 749945 Bytes 6/20/2013 16:32:54
AEOFFICE.DLL : 8.1.2.60 205181 Bytes 6/19/2013 06:04:56
AEHEUR.DLL : 8.1.4.426 5951866 Bytes 6/20/2013 16:32:48
AEHELP.DLL : 8.1.27.2 266617 Bytes 6/7/2013 01:09:01
AEGEN.DLL : 8.1.7.4 442741 Bytes 5/19/2013 02:45:50
AEEXP.DLL : 8.4.0.34 201079 Bytes 6/7/2013 01:09:46
AEEMU.DLL : 8.1.3.2 393587 Bytes 9/19/2012 09:12:55
AECORE.DLL : 8.1.31.2 201080 Bytes 3/21/2013 17:19:01
AEBB.DLL : 8.1.1.4 53619 Bytes 11/5/2012 09:30:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 3/22/2013 02:38:41
AVPREF.DLL : 13.6.0.480 51056 Bytes 3/22/2013 02:39:11
AVREP.DLL : 13.6.0.480 178544 Bytes 3/21/2013 17:19:41
AVARKT.DLL : 13.6.0.1262 258104 Bytes 5/19/2013 02:46:09
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 5/19/2013 02:46:17
SQLITE3.DLL : 3.7.0.1 397088 Bytes 9/19/2012 12:47:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 3/22/2013 02:39:17
NETNT.DLL : 13.6.0.480 16240 Bytes 3/22/2013 02:40:53
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 3/22/2013 02:38:41
RCTEXT.DLL : 13.6.0.976 67296 Bytes 3/28/2013 14:47:23

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Ignore
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:, G:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Sunday, June 23, 2013 17:48

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '44' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '94' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '26' Module(s) have been scanned
Scan process 'notepad.exe' - '26' Module(s) have been scanned
Scan process 'avcenter.exe' - '108' Module(s) have been scanned
Scan process 'mbam.exe' - '78' Module(s) have been scanned
Scan process 'notepad.exe' - '66' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '26' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '26' Module(s) have been scanned
Scan process 'plugin-container.exe' - '61' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '40' Module(s) have been scanned
Scan process 'unsecapp.exe' - '37' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '50' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '67' Module(s) have been scanned
Scan process 'WebCakeDesktop.Updater.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'mbamgui.exe' - '37' Module(s) have been scanned
Scan process 'PandoraService.exe' - '53' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '39' Module(s) have been scanned
Scan process 'mbamservice.exe' - '39' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '27' Module(s) have been scanned
Scan process 'BCUService.exe' - '21' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'firefox.exe' - '124' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'BCU.exe' - '56' Module(s) have been scanned
Scan process 'avgnt.exe' - '77' Module(s) have been scanned
Scan process 'Explorer.EXE' - '122' Module(s) have been scanned
Scan process 'OptimizerPro.exe' - '20' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'spoolsv.exe' - '57' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '166' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'lsass.exe' - '68' Module(s) have been scanned
Scan process 'services.exe' - '31' Module(s) have been scanned
Scan process 'winlogon.exe' - '74' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '2052' files ).


Starting the file scan:

Begin scan in 'C:\'
[0] Archive type: NSIS
--> ProgramFilesDir/WUDFUpdate_01007.dll
[1] Archive type: RSRC
--> C:\Documents and Settings\AbhiAnya.ADMIN-PC\My Documents\Downloads\128764_pspdisp06.rar
[2] Archive type: RAR
--> pspdisp06\PSPdisp_v0.6_setup_all_platforms.exe
[3] Archive type: NSIS
--> C:\Documents and Settings\AbhiAnya.ADMIN-PC\My Documents\Downloads\PSPdisp_v0.6_setup_all_platforms.exe
[4] Archive type: NSIS
--> ProgramFilesDir/WUDFUpdate_01007.dll
[5] Archive type: RSRC
--> C:\Documents and Settings\AbhiAnya.ADMIN-PC\My Documents\Downloads\RemoteJoy Lite.rar
[6] Archive type: RAR
--> RemoteJoy Lite\drivers\usb_driver\PSPDriver.EXE
[7] Archive type: Portable Executable Resource
--> CABINET
[8] Archive type: CAB (Microsoft)
--> pspicon.ico
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Graybird.1.81 back-door program
[WARNING] Infected files in archives cannot be repaired
C:\Documents and Settings\AbhiAnya.ADMIN-PC\My Documents\Downloads\RemoteJoy Lite.rar
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Graybird.1.81 back-door program
[WARNING] The file was ignored.
Begin scan in 'D:\'
Begin scan in 'E:\'
Begin scan in 'F:\'
Begin scan in 'G:\'
--> C:\Documents and Settings\Rajesh\My Documents\Downloads\JavaSetup7u9.exe
[6] Archive type: Runtime Packed
--> C:\Program Files\The KMPlayer\KMPlayer.exe
[7] Archive type: RSRC
--> C:\WINDOWS\system32\WudfUpdate_01007.dll
[8] Archive type: RSRC
--> D:\Abhi\PSP\PSPdisp\bin\driver_usb_type_c_winusb\x86\WUDFUpdate_01007.dll
[9] Archive type: RSRC
--> D:\Abhi\PSP\PSPdisp\bin\driver_usb_type_c_winusb\x64\WUDFUpdate_01007.dll
[10] Archive type: RSRC
--> E:\Backup-29-Nov-2012\My Documents\Downloads\jxpiinstall.exe
[11] Archive type: Runtime Packed
--> G:\New Folder (2)\Downloads\ikesim15win.exe
[12] Archive type: LZH (+.LHA) SFX (self extracting)
--> data/m01.swf
[WARNING] The file could not be read!
G:\New Folder (2)\Downloads\ikesim15win.exe
[WARNING] The file could not be read!


End of the scan: Sunday, June 23, 2013 19:08
Used time: 1:20:21 Hour(s)

The scan has been done completely.

20727 Scanned directories
1002401 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1002399 Files not concerned
9404 Archives were scanned
3 Warnings
0 Notes
326409 Objects were scanned with rootkit scan
0 Hidden objects were found


DDS Log
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.21.2
Run by Rajesh at 15:43:53 on 2013-06-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2233 [GMT 5.5:30]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Documents and Settings\All Users\Application Data\BetterSoft\OptimizerPro\OptimizerPro.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\WebCake\WebCakeDesktop.Updater.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN102 ... cale=en_IN
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\documents and settings\abhianya.admin-pc\application data\complitly\Complitly.dll
BHO: privitize Helper Object: {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - c:\program files\industriya\privitize\1.8.21.6\bh\privitize.dll
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - c:\program files\webcake\WebCakeIEClient.dll
BHO: BRowse2save: {6BCEC96A-41B5-EEDE-F37D-1655A3C8CD79} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://xwebmain.eyme.net/,DanaInfo=ino ... /dwa8W.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: Interfaces\{AD8D227E-5EDE-4781-BE06-3CF097A487F8} : NameServer = 218.248.255.141 218.248.245.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - <no file>
AppInit_DLLs= c:\progra~1\browse~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rajesh\application data\mozilla\firefox\profiles\qr5y908i.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=co ... 397408&ir=
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=co ... 397408&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=co ... 397408&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=co ... 408&ir=&q=
FF - user.js: extensions.mysearchdial.id - E0CB4EE9A4CC0A3D
FF - user.js: extensions.mysearchdial.instlDay - 15874
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 16:12:20
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - coolmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 953397408
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0Ezy0AyE0C0CtD0AtA0DtN0D0Tzu0CyDtAyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q
FF - user.js: extensions.irmysearch.aflt - coolmsd
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 953397408
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0Ezy0AyE0C0CtD0AtA0DtN0D0Tzu0CyDtAyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-21 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-3-21 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-3-21 110816]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-3-21 562744]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-21 84744]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-3-5 235752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-21 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-21 701512]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-11-29 578264]
R2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\webcake\WebCakeDesktop.Updater.exe [2013-6-18 23552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-21 22856]
R3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [2011-3-19 3072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-11-29 1691480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys --> c:\windows\system32\drivers\clwvd.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-10-2 35392]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-19 40776]
S3 RHDISK;RHDISK;\??\j:\_rohos\rhdisk.sys --> j:\_rohos\RHDISK.SYS [?]
S3 u302bus;HSPADataCard WMC Bus Driver (WDM);c:\windows\system32\drivers\u302bus.sys [2013-1-5 119112]
S3 u302mdfl;HSPADataCard Modem Filter;c:\windows\system32\drivers\u302mdfl.sys [2013-1-5 14920]
S3 u302mdm;HSPADataCard Modem Driver;c:\windows\system32\drivers\u302mdm.sys [2013-1-5 135880]
S3 u302mgmt;HSPADataCard USB Device Management Drivers (WDM);c:\windows\system32\drivers\u302mgmt.sys [2013-1-5 129992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-23 07:36:01 -------- d-----w- c:\program files\DownLite
2013-06-23 07:35:02 -------- d-----w- c:\program files\Industriya
2013-06-22 10:12:27 -------- d-----w- c:\windows\pss
2013-06-21 05:28:19 -------- d-----w- c:\program files\BetterAds
2013-06-19 06:10:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-18 10:41:56 -------- d-----w- c:\program files\WebCake
2013-06-18 10:41:20 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2013-06-18 10:40:55 -------- d-----w- c:\program files\TornTV.com
2013-06-18 10:23:27 -------- d-----w- c:\program files\Vittalia
2013-06-10 17:01:49 -------- d-----w- c:\program files\USB Disk Security
2013-06-10 16:40:22 1516496 ----a-w- C:\ij.exe
2013-06-10 16:36:07 -------- d-----w- c:\program files\KASHU
2013-06-10 15:10:21 -------- d-----w- c:\program files\TrueCrypt
2013-06-10 14:20:55 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-06-09 08:45:05 -------- d-----w- c:\documents and settings\all users\application data\StarApp
2013-06-09 08:44:51 -------- d-----w- c:\program files\ContinueToSave
2013-06-09 08:44:42 -------- d-----w- c:\documents and settings\all users\application data\cOOntiinuetoosave
2013-06-09 05:37:21 270336 ----a-w- c:\windows\system32\cximagecrt.dll
2013-06-09 05:37:20 -------- d-----w- c:\program files\Rohos
2013-06-09 04:20:25 -------- d-----w- c:\program files\Any to Icon
2013-06-08 16:30:01 -------- d-----w- c:\program files\Delta
2013-06-08 16:29:49 -------- d-----w- c:\program files\Image Converter
2013-06-08 16:29:24 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-05-28 09:13:13 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-28 09:13:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-28 06:58:19 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-05-25 09:29:22 -------- d-----w- c:\windows\system32\SoftwareDistribution
.
==================== Find3M ====================
.
2013-06-13 17:36:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 17:36:23 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-28 09:12:59 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-28 09:12:59 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-19 23:02:58 1094820 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-05-19 23:02:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-05-19 23:02:55 1094820 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-04-04 09:20:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-28 14:50:48 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-28 14:50:48 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
============= FINISH: 15:44:13.48 ===============

Attach.txt log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2012 12:13:40 PM
System Uptime: 6/23/2013 2:52:05 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KPL-AM/PS
Processor: Intel Pentium III Xeon processor | Socket 775 | 2699/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 3.714 GiB free.
D: is FIXED (FAT32) - 28 GiB total, 7.131 GiB free.
E: is FIXED (FAT32) - 28 GiB total, 11.616 GiB free.
F: is FIXED (FAT32) - 28 GiB total, 6.541 GiB free.
G: is FIXED (FAT32) - 42 GiB total, 5.045 GiB free.
H: is CDROM (CDFS)
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP112: 6/8/2013 4:48:36 PM - System Checkpoint
RP113: 6/9/2013 11:31:14 AM - Removed ATI Catalyst Control Center
RP114: 6/10/2013 4:30:38 PM - System Checkpoint
RP115: 6/11/2013 6:30:27 PM - System Checkpoint
RP116: 6/13/2013 11:13:50 PM - System Checkpoint
RP117: 6/17/2013 6:05:19 PM - System Checkpoint
RP118: 6/18/2013 5:28:24 PM - Installed Windows NLSDownlevelMapping.
RP119: 6/18/2013 5:28:40 PM - Installed Windows IDNMitigationAPIs.
RP120: 6/18/2013 5:28:50 PM - Installed Windows Internet Explorer 7.
RP121: 6/19/2013 8:07:13 PM - System Checkpoint
RP122: 6/23/2013 2:19:39 PM - System Checkpoint
.
==== Installed Programs ======================
.
toolbar
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe PageMaker 7.0
Adobe Photoshop 7.0
Adobe Reader X (10.1.7)
AGEIA PhysX v8.01.18
Ahead Nero Burning ROM
Ask Toolbar
Ask Toolbar Updater
ATI - Software Uninstall Utility
Avira Free Antivirus
BRowse2save
Browser Configuration Utility
BrowseToSave 1.74
Cheat Engine 6.2
Cheatbook Database 2013
Complitly
DownLite
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan Assistant
EPSON Stylus T11 Manual
EPSON Stylus T11 Series Printer Uninstall
EPSON Web-To-Page
Facebook Video Calling 1.2.0.287
Free YouTube Downloader 3.5.134
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Java 7 Update 21
Java Auto Updater
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Flight Simulator X
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
Optimizer Pro v3.0
OptimizerPro
Pandora Service
PowerDVD
PSPdisp v0.6
RAR Password Recovery Magic v6.1.1.232
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Search Assistant WebSearch 1.74
The KMPlayer (remove only)
Touchstone Installer
TrueCrypt
Turok
Update for Windows XP (KB942763)
USB Flash Security Ver.4.1.6
VISIONTEK 82GH 3G Modem version 2.0
Vittalia Installer
VLC media player 0.9.2
WebCake 3.00
WebFldrs XP
Winamp
Windows Driver Package - Sony PSP Type B (11/20/2005 20051120)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Rights Management Client with Service Pack 2
WinRAR 4.00 (32-bit)
WinZip
.
==== Event Viewer Messages From Past Week ========
.
6/22/2013 5:49:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address E0CB4EE9A4CC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/19/2013 9:42:03 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
6/19/2013 9:41:27 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
6/19/2013 9:41:27 PM, error: Service Control Manager [7000] - The ASInsHelp service failed to start due to the following error: The system cannot find the file specified.
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 9:21:31 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/19/2013 9:21:31 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/19/2013 9:21:31 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/19/2013 9:21:31 AM, error: Service Control Manager [7000] - The Network Location Awareness (NLA) service failed to start due to the following error: The pipe state is invalid.
6/19/2013 3:45:15 PM, error: Service Control Manager [7022] - The PandoraService service hung on starting.
6/19/2013 12:14:50 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 12:14:50 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 12:14:50 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 12:14:50 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 12:14:50 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
6/19/2013 12:14:50 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/19/2013 12:14:50 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
6/19/2013 12:14:50 PM, error: Service Control Manager [7022] - The Workstation service hung on starting.
6/19/2013 12:14:50 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
6/19/2013 12:14:50 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: After starting, the service hung in a start-pending state.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Logical Disk Manager service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:14:50 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The pipe state is invalid.
6/19/2013 12:06:03 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/19/2013 12:06:03 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
6/18/2013 6:23:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address E0CB4EE9A4CC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/16/2013 6:34:19 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
.
==== End Of File ===========================
muziris
Active Member
 
Posts: 2
Joined: June 23rd, 2013, 6:06 am
Advertisement
Register to Remove

Re: "Install Add-on" tabs auto-generated in Firefox

Unread postby wannabeageek » June 23rd, 2013, 8:55 pm

Hello muziris, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: "Install Add-on" tabs auto-generated in Firefox

Unread postby wannabeageek » June 23rd, 2013, 11:53 pm

Hi muziris,

Q. I notice you have Microsoft Office Enterprise 2007 installed. Please tell me how this software was obtained.

Download and run MGA Diagnostic Tool
This tool will aid us in determining what additional steps will need to be performed.
  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
  2. Double-click the MGADiag.exe icon on your Desktop. The tools' window will be displayed.
  3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  4. Click the Copy button.
  5. Open Notepad and paste the contents of the report into the Notepad window.
  6. Save the report and paste the contents into your reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: "Install Add-on" tabs auto-generated in Firefox

Unread postby muziris » June 24th, 2013, 2:44 pm

Dear wannabegeek,
Thanks for your quick response and taking up my problem. MS Office was provided pre-installed on the computer.

Here is the report from executing MGADiag.exe as required.

Thanks again

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid Product Key
Validation Code: 8
Cached Validation Code: N/A
Windows Product Key: *****-*****-MW847-XMF6Q-XHYXK
Windows Product Key Hash: GIO6fVN4GXWBJ8/WZtjcGlQtG3E=
Windows Product ID: 55274-645-7962792-23407
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {F338C82B-AD12-44C9-A478-8B2242DA3B01}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F338C82B-AD12-44C9-A478-8B2242DA3B01}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XHYXK</PKey><PID>55274-645-7962792-23407</PID><PIDType>1</PIDType><SID>S-1-5-21-1202660629-2025429265-682003330</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0414 </Version><SMBIOSVersion major="2" minor="5"/><Date>20090826000000.000000+000</Date></BIOS><HWID>9285345F0184E078</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65795</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13F20:ASUSTeK Computer Inc|15625:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
muziris
Active Member
 
Posts: 2
Joined: June 23rd, 2013, 6:06 am

Re: "Install Add-on" tabs auto-generated in Firefox

Unread postby Gary R » June 25th, 2013, 1:43 am

Your log shows you have a cracked/illegal copy of Windows and Microsoft Office installed on your computer.

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 270 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware