Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox Issue

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox Issue

Unread postby LeeAJD » April 21st, 2014, 12:27 pm

Hi. I recently installed Divx on my computer and wasn't very careful in doing so. I ended up with some other software on my PC which I have since removed (sorry I can't remember what it was) but Firefox has not been the same since. Every time I open a new tab it takes me to a website called search.conduit.com and I can't seem to get rid of it. It's leading me to believe i've got some sort of malware issue. I've since installed malwarebytes but nothing has changed. I'd appreciate any help with trying to sort this out. Alex.

DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.51.2
Run by Alex at 17:17:21 on 2014-04-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3001.761 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Windows\system32\lxbccoms.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Alex\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Native Instruments\Traktor 2\Traktor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
uRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\users\alex\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [Spotify Web Helper] "c:\users\alex\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [BitTorrent] "c:\users\alex\appdata\roaming\bittorrent\BitTorrent.exe" /MINIMIZED
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\alex\appdata\local\facebook\messenger\2.1.4814.0\FacebookMessenger.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Turbo%20Pizza/Images/stg_drm.ocx
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{27F5A7FB-F8CB-4CB6-8177-14CA9230B636} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{27F5A7FB-F8CB-4CB6-8177-14CA9230B636}\24279676864724F687D2334356B633E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{27F5A7FB-F8CB-4CB6-8177-14CA9230B636}\4656661657C647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{27F5A7FB-F8CB-4CB6-8177-14CA9230B636}\F66797 : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\4qqrwy1e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\alex\appdata\local\facebook\messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\alex\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\alex\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\alex\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2010-02-12 14:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-12-5 573968]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2014-3-17 214856]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-2 390528]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-8 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-2-18 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-6-28 690720]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2011-12-8 156160]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2011-12-8 125440]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-4-19 281560]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-20 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-20 857912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2014-4-20 118264]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2014-4-19 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-4-19 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-4-19 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-4-19 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-4-19 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2014-4-19 644088]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2014-4-19 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2014-4-19 175480]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-6-15 548264]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2014-3-17 61400]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-2-12 122368]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-12 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-12 107736]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-4-20 51416]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2014-3-17 236480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2014-3-17 367776]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-1-21 330248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-10-6 30192]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-4-19 147912]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-9-29 16896]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2014-3-17 66408]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-1-21 81264]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\24413\RapportIaso.sys [2011-4-23 18872]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-16 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-25 1343400]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-20 05:29:23 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-20 05:29:23 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-20 05:29:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-19 15:51:55 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-04-19 15:50:42 -------- d-----w- c:\program files\McAfee.com
2014-04-19 15:41:21 175480 ----a-w- c:\windows\system32\mfevtps.exe
2014-04-19 15:41:20 -------- d-----w- c:\program files\common files\McAfee
.
==================== Find3M ====================
.
2014-04-21 16:04:57 107736 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-03 08:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-24 14:48:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-24 14:48:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-17 18:45:20 61400 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 18:38:00 214856 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 18:31:40 573968 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 18:29:28 367776 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 18:28:32 66408 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2014-03-17 18:27:36 236480 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 18:26:14 134600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-05-16 21:20:23 4167680 ----a-w- c:\program files\GUT9A2E.tmp
.
============= FINISH: 17:23:39.45 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/02/2010 15:20:57
System Uptime: 21/04/2014 14:43:11 (3 hours ago)
.
Motherboard: Acer | | JM70
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 164.267 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 4.847 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP265: 02/03/2014 15:25:19 - Scheduled Checkpoint
RP266: 10/03/2014 18:45:43 - Scheduled Checkpoint
RP268: 11/04/2014 21:07:17 - Configured AmIcoSingLun
RP269: 19/04/2014 21:06:30 - Scheduled Checkpoint
RP270: 21/04/2014 17:10:03 - Removed Badoo Desktop
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint
Above & Beyond Screensaver
Acer Arcade Deluxe
Acer Backup Manager
Acer Crystal Eye Webcam
Acer GridVista
Acer PowerSmart Manager
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Dreamweaver CS5.5
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS5
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader X (10.1.9)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
Advertising Center
Age of Empires III
Age of Empires III - The WarChiefs
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 3.1.5.3037
ASIO4ALL
Atomix.Atomix MP3 v2.3
AviSynth 2.5
Backup Manager Basic
BBC iPlayer Desktop
BitTorrent
Bonjour
Broadcom Gigabit NetLink Controller
Burger Island 2
BurnAware Free 6.8
C:\Program Files\Acer GameZone\GameConsole
Cake Mania 2
calibre
Compatibility Pack for the 2007 Office system
Connect
Cooking Dash
Cradle of Rome
D3DX10
Dairy Dash
Digital Media Converter Pro 3.2
DolbyFiles
Dropbox
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
EPSON SX235 Series Printer Uninstall
EpsonNet Print
ERUNT 1.1j
eSobi v2
Facebook Messenger 2.1.4814.0
Facebook Plug-In
ffdshow (remove only)
FL Studio 10
Football Manager 2010
Football Manager 2012
Free Mp3 Wma Converter V 2.2
Full Tilt Poker
Galapago
Genting Poker
Google Chrome
Google Desktop
Google Earth
Google Update Helper
HandBrake 0.9.5
Hardcore
iCloud
IL Download Manager
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java 7 Update 51
Java Auto Updater
Jewel Quest Solitaire
Junk Mail filter update
kuler
Ladbrokes Poker
Launch Manager
Lexmark Z500-Z600 Series
Live 8.0.4
Luxor 2
Macromedia Extension Manager
Macromedia Flash MX
MagicDisc 2.7.106
Mahjong Escape Ancient China
Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware version 2.0.1.1004
McAfee AntiVirus Plus
McAfee Virtual Technician
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mixed In Key 2.5
MobileMe Control Panel
Movie Maker
Movie Templates - Starter Kit
Mozilla Firefox 28.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
Native Instruments Traktor 2
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Network Guide EPSON SX235 Series
Network Play System (Patching)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA GAME System Software 2.8.1
Ocean Express
OGA Notifier 2.0.0048.0
OpenAL
Opera 11.50
Orbit Downloader
Orion
Parking Dash
PDF Settings
Photo Common
Photo Gallery
Photoshop Camera Raw
PoiZone
Poker at bet365
PokerStars
PS3 Media Server
PSP Video 9 5.04
Puzzle Express
QuickTime 7
Rainbow Web
Rapport
Rapture3D 2.4.4 Game
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.2.0
Rosetta Stone Version 3
Safari
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Shared C Run-time for x86
Sherlock Holmes versus Jack the Ripper
Sky Poker
SopCast 3.2.9
SoundTrax
Splashtop Streamer
Spotify
SpywareBlaster 4.4
Steam
Suite Shared Configuration CS4
TeamViewer 5
The Settlers 7 - Paths to a Kingdom
The Sims Superstar
Theme Hospital
Toxic Biohazard
Tradewinds 2
Tri-Peaks Solitaire To Go
Turbo Pizza
Turbo Trio
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Upgrade Kit
User's Guide EPSON SX235 Series
VC80CRTRedist - 8.0.50727.6195
Virtual DJ - Atomix Productions
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.1.3
VoiceOver Kit
Wedding Dash
WhiteSmoke
Winamp
WinAVI Video Converter
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol
WinRAR archiver
Xvid 1.2.1 final uninstall
Youda Marina
YouTube Downloader 3.3
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
21/04/2014 17:05:19, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
21/04/2014 17:04:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
20/04/2014 14:10:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv
19/04/2014 16:50:46, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.
.
==== End Of File ===========================
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm
Advertisement
Register to Remove

Re: Firefox Issue

Unread postby Cypher » April 27th, 2014, 5:53 am

Hi and welcome to Malware Removal Forum, sorry you had to wait so long for a reply.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Before we continue i need you to run a quick scan for me.

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox Issue

Unread postby LeeAJD » April 27th, 2014, 12:58 pm

Hi Cypher. Thanks for the reply and for your help. Here are the CKScanner results.

ckfiles
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\poker\genting poker\data\slots_pinkpanther40line\animations\bonus_crack\crack_intro.swf
c:\poker\poker at bet365\data\slots_pinkpanther40line\animations\bonus_crack\crack_intro.swf
c:\poker\poker at bet365\data\slots_safecracker\3d\reel0.slt
c:\poker\poker at bet365\data\slots_safecracker\3d\reel1.slt
c:\poker\poker at bet365\data\slots_safecracker\3d\reel2.slt
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\sawer\presets\ambient\mc cracked.sawer
c:\users\alex\documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 www.adobeereg.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
scanner sequence 3.ZZ.11.WHLBQ0
----- EOF -----
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Firefox Issue

Unread postby Cypher » April 28th, 2014, 5:27 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 336 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware