Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

firefox and other problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

firefox and other problems

Unread postby humanerror » December 20th, 2008, 8:04 am

Hello,

I've been having problems for about two weeks with firefox. It shuts down often. Sometimes it works for n hour, sometimes only 5 seconds. Sometimes the whole system restarts itself and I got reports about critical errors. I got Avast antivirus, Zonealarm firewall and Winpatrol. I run CCleaner and let it fix something. Firefox has still the same problems.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:00 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = joensuunelli.fi
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP\wsbho2k0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0251454783f ... xIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7351127093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/a ... Atchmt.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9478 bytes
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am
Advertisement
Register to Remove

Re: firefox and other problems

Unread postby John B. » December 25th, 2008, 8:46 am

Hi! :hello2: and welcome to the Malware Removal forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

These rules are good for you to know:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

These rules are to make my voluntary work more comfortable:
  • Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • Please reply to this thread. Do not start a new topic.
  • Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.

Finally, please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Open The Misc Tool Section button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic. Also post a fresh HijackThis log.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: firefox and other problems

Unread postby humanerror » December 25th, 2008, 9:16 am

ABITEQ
Acrobat.com
Acrobat.com
Adobe Acrobat 5.0
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 8.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agfa ScanWise 2.00
Ahead Nero BurnRights
Ahead NeroMIX
Apple Mobile Device Support
Apple Software Update
ASAPI Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Antivirus
Avid DIO Runtime
Avid DNADiags
Avid Free DV
Brother HL-1430
Browser Mouse Browser Mouse 1.0
CCleaner (remove only)
Connect
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Creative WebCam Instant User's Guide (English)
DiscWizard for Windows
DivX Converter
DivX Player
DivX Web Player
Evrsoft First Page 2006
FLAC Installer 1.1.3b (remove only)
Font Creator Program 3.1.3
Football Manager 2007
FruityLoops Studio Producer Edition v4.01
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
Hotfix-päivitys Windows XP:lle (KB952287)
InterVideo DirectShow Filter 2.6
Ipswitch WS_FTP Pro
Java(TM) 6 Update 11
kuler
Last.fm 1.5.1.29527
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.5
MobileMe Control Panel
Mozilla Firefox (3.0.5)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
MusicBrainz Tagger 0.10.5
OpenOffice.org 3.0
Päivitys Windows XP:lle (KB951072-v2)
Päivitys Windows XP:lle (KB951978)
Päivitys Windows XP:lle (KB955839)
Panasonic DVC USB Driver
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Samsung USB Driver
SopCast 3.0.0
Spelling Dictionaries Support For Adobe Reader 8
Suite Shared Configuration CS4
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)
Suojauspäivitys Windows Internet Explorer 7:lle (KB956390)
Suojauspäivitys Windows Internet Explorer 7:lle (KB958215)
Suojauspäivitys Windows Internet Explorer 7:lle (KB960714)
Suojauspäivitys Windows Media Player 10:lle (KB911565)
Suojauspäivitys Windows Media Player 10:lle (KB917734)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows Media Player 11:lle (KB954154)
Suojauspäivitys Windows Media Playerille (KB952069)
Suojauspäivitys Windows XP:lle (KB938464)
Suojauspäivitys Windows XP:lle (KB946648)
Suojauspäivitys Windows XP:lle (KB950760)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB950974)
Suojauspäivitys Windows XP:lle (KB951066)
Suojauspäivitys Windows XP:lle (KB951376)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Suojauspäivitys Windows XP:lle (KB951748)
Suojauspäivitys Windows XP:lle (KB952954)
Suojauspäivitys Windows XP:lle (KB953839)
Suojauspäivitys Windows XP:lle (KB954211)
Suojauspäivitys Windows XP:lle (KB954459)
Suojauspäivitys Windows XP:lle (KB954600)
Suojauspäivitys Windows XP:lle (KB955069)
Suojauspäivitys Windows XP:lle (KB956391)
Suojauspäivitys Windows XP:lle (KB956802)
Suojauspäivitys Windows XP:lle (KB956803)
Suojauspäivitys Windows XP:lle (KB956841)
Suojauspäivitys Windows XP:lle (KB957095)
Suojauspäivitys Windows XP:lle (KB957097)
Suojauspäivitys Windows XP:lle (KB958644)
TBS WMP Plug-in
TeleWell TW-EA100B ADSL USB LAN Adapter
TL Audio EQ-1 VST v1.0
TVAnts 1.0
VC 9.0 Runtime
Veetle TV Player 0.9.7
Veetle TV Player 0.9.7
VideoLAN VLC media player 0.6.2
VideoLAN VLC media player 0.8.6b
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8)
Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0)
WinMPG Video Convert 5.6
WinPatrol 2008
WinRAR archiver
WinZip
Xvid 1.1.2 final uninstall
ZoneAlarm




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:40 PM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = joensuunelli.fi
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP\wsbho2k0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0251454783f ... xIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7351127093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/a ... Atchmt.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9445 bytes
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: firefox and other problems

Unread postby John B. » December 25th, 2008, 3:17 pm

Hi,

No problem at first sight, looks great. Let's find out some more.

Step 1: Stop WinPatrol
Please disable WinPatrol as it may interfere with the fix.
  • Right click on the Scotty Dog near the clock and select Options.... A window will open.
  • Select the Options tab.
  • Uncheck (untick) this box: Automatically run Winpatrol when computer starts.
  • Close the Winpatrol window.
  • Right click on the Scotty Dog again and select Exit Program.
Once your log is clean you can start using WinPatrol again.

Step 2: Download and Run ComboFix
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
http://www.bleepingcomputer.com/forums/topic114351.html

If your have Avast as anti virus an additional thing has to be changed to make ComboFix work properly:
Image

Go on with the ComboFix guide when it opens its log please close it.

Remember that the ComboFix log is saved here: C:\ComboFix.txt

Step 3: Post logs
Please post the following logs in a reply to this topic:
  • New HijackThis log
  • ComboFix log

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: firefox and other problems

Unread postby humanerror » December 25th, 2008, 4:09 pm

ComboFix 08-12-24.01 - Vesku 2008-12-25 21:55:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.1535.1077 [GMT 2:00]
Sijainti: c:\documents and settings\Vesku\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ati2evxx.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-25 to 2008-12-25 )))))))))))))))))
.

2008-12-20 14:10 . 2008-12-20 14:10 <KANSIO> d-------- C:\rsit
2008-12-20 14:02 . 2008-12-20 14:03 63,054 --a------ c:\documents and settings\Vesku\cc_20081220_140230.reg
2008-12-20 12:52 . 2008-12-20 12:53 1,824,108 --a------ c:\documents and settings\Vesku\cc_20081220_125242.reg
2008-12-20 12:50 . 2008-12-20 12:50 <KANSIO> d-------- c:\program files\CCleaner
2008-12-20 12:49 . 2008-12-20 12:48 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-20 12:39 . 2008-12-20 12:39 <KANSIO> d-------- c:\documents and settings\Vesku\JavaRa
2008-12-16 13:01 . 2002-09-17 11:55 3,548 --a------ c:\windows\system32\drivers\WinFlash.sys
2008-12-06 15:02 . 2008-12-06 15:02 <KANSIO> d-------- c:\documents and settings\Vesku\Hellstone
2008-12-05 19:31 . 2008-12-05 19:32 <KANSIO> d-------- c:\documents and settings\All Users\AdobeTemp
2008-12-05 19:14 . 2008-12-05 19:14 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-12-05 18:54 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-04 23:04 . 2008-12-04 23:04 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-12-04 22:44 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll
2008-12-04 22:44 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2008-12-04 22:06 . 2008-12-04 22:06 <KANSIO> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-04 20:41 . 2008-12-04 20:41 <KANSIO> d-------- c:\documents and settings\Vesku\Omat tiedostot
2008-12-04 17:45 . 2008-12-04 17:45 <KANSIO> d-------- c:\documents and settings\Vesku\Application Data\com.adobe.ExMan
2008-12-03 19:22 . 2008-12-03 19:22 <KANSIO> d-------- C:\_OTMoveIt
2008-12-03 18:40 . 2008-12-03 22:15 <KANSIO> d-------- c:\documents and settings\Vesku\Contacts
2008-12-03 17:14 . 2008-12-03 17:14 <KANSIO> d-------- c:\program files\Common Files\Adobe AIR
2008-12-03 16:05 . 2008-12-03 16:05 <KANSIO> d-------- c:\documents and settings\NetworkService\Työpöytä
2008-12-02 14:58 . 2008-12-02 14:58 <KANSIO> d-------- c:\documents and settings\Vesku\Application Data\OpenOffice.org
2008-12-02 14:53 . 2008-12-02 14:53 <KANSIO> d-------- c:\program files\OpenOffice.org 3
2008-11-25 22:34 . 2008-12-20 12:48 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 16:04 --------- d-----w c:\program files\Evrsoft First Page 2006
2008-12-22 11:29 --------- d-----w c:\program files\WS_FTP
2008-12-20 10:48 --------- d-----w c:\program files\Java
2008-12-17 20:54 --------- d-----w c:\program files\DivX
2008-12-16 11:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-16 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-16 11:03 --------- d-----w c:\program files\ABIT
2008-12-16 10:57 --------- d-----w c:\program files\DNA
2008-12-13 22:45 --------- d-----w c:\program files\TVAnts
2008-12-05 17:31 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 17:11 --------- d-----w c:\program files\InterVideo
2008-12-05 13:56 --------- d-----w c:\program files\Ahead DVD Ripper
2008-12-04 22:05 --------- d-----w c:\program files\Macromedia
2008-12-04 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-03 17:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 17:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-03 14:07 --------- d-----w c:\program files\Common Files\Ahead
2008-12-03 14:07 --------- d-----w c:\program files\ahead
2008-12-03 13:53 --------- d-----w c:\program files\PHP Designer 2005
2008-12-03 11:15 21 ---ha-w C:\qpmd8378.bin
2008-12-02 12:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-24 22:45 --------- d-----w c:\documents and settings\Vesku\Application Data\Azureus
2008-11-24 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-11-06 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-28 12:48 --------- d-----w c:\program files\ICQLite
2008-10-02 20:14 48,397 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2005-11-02 22:09 784 ----a-w c:\documents and settings\Vesku\Application Data\mpauth.dat
2005-04-27 22:33 56 --sh--r c:\windows\system32\45AE4373B3.sys
2008-08-23 07:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008082320080824\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 335872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-15 10:40 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0620 STISvc]
-ra------ 2005-05-10 19:03 36864 c:\windows\system32\P0620Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\DRIVERS\bsstor.sys [2005-05-02 9088]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2006-01-10 10240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-06 20560]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2005-05-02 329728]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys []
S1 PDIDRV;PDIDRV; []
S3 AC2003;AC2003;c:\windows\system32\Drivers\AC2003.sys [2005-04-26 3584]
S3 BCM42U;SMC2821USB USB 10M HomePNA Adapter;c:\windows\system32\DRIVERS\BCM42U.SYS [2001-12-07 71262]
S3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2005-06-06 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2005-06-06 642944]
S3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2005-06-06 103366]
S3 Memctl;Memctl;\??\c:\program files\ABIT\FlashMenu\Memctl.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe


.
------- Täydentävä tarkistus -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Vesku\Application Data\Mozilla\Firefox\Profiles\kygm1md9.vesku\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 21:58:34
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\BRSS01A.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Valmistumisajankohta: 2008-12-25 22:03:08 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-12-25 20:03:04

Ennen ajoa: 33,288,486,912 tavua vapaana
Ajon jälkeen: 33,848,627,200 tavua vapaana

WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

187 --- E O F --- 2008-12-18 04:06:53


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:37 PM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = joensuunelli.fi
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP\wsbho2k0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7351127093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/a ... Atchmt.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8559 bytes
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: firefox and other problems

Unread postby John B. » December 25th, 2008, 6:59 pm

Hi,

There are a couple of things I saw in the ComboFix log:
  • You have a couple of advanced tools installed. For example JavaRa and OTMoveIt. Can you tell me why you have them?
  • I see signs of Azureus. I hope you have noted that we do not help people who use peer-to-peer programs. If you still have peer-to-peer software on your system please remove it.

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=37817

Suspect::
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.dll.vir


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
http://www.bleepingcomputer.com/forums/topic114351.html

If your have Avast as anti virus an additional thing has to be changed to make ComboFix work properly:
Image

After doing that close any open browsers.

Image

Refering to the picture above, drag CFScript into ComboFix.exe

ComboFix will start scannning and when it opens its log please post it.

Remember that the ComboFix log is saved here: C:\ComboFix.txt

Note: When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: firefox and other problems

Unread postby humanerror » December 25th, 2008, 10:55 pm

Should I remove JavaRa and OTMoveIt? I just downloaded them to learn about them, but they have remained useless to me...


ComboFix 08-12-25.02 - Vesku 2008-12-26 4:46:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.1535.1117 [GMT 2:00]
Sijainti: c:\documents and settings\Vesku\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Vesku\Desktop\CFScript.txt
* Uusi palautuspiste luotu
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-26 to 2008-12-26 )))))))))))))))))
.

2008-12-20 14:10 . 2008-12-20 14:10 <KANSIO> d-------- C:\rsit
2008-12-20 14:02 . 2008-12-20 14:03 63,054 --a------ c:\documents and settings\Vesku\cc_20081220_140230.reg
2008-12-20 12:52 . 2008-12-20 12:53 1,824,108 --a------ c:\documents and settings\Vesku\cc_20081220_125242.reg
2008-12-20 12:50 . 2008-12-20 12:50 <KANSIO> d-------- c:\program files\CCleaner
2008-12-20 12:49 . 2008-12-20 12:48 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-20 12:39 . 2008-12-20 12:39 <KANSIO> d-------- c:\documents and settings\Vesku\JavaRa
2008-12-16 13:01 . 2002-09-17 11:55 3,548 --a------ c:\windows\system32\drivers\WinFlash.sys
2008-12-06 15:02 . 2008-12-06 15:02 <KANSIO> d-------- c:\documents and settings\Vesku\Hellstone
2008-12-05 19:31 . 2008-12-05 19:32 <KANSIO> d-------- c:\documents and settings\All Users\AdobeTemp
2008-12-05 19:14 . 2008-12-05 19:14 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-12-05 18:54 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-04 23:04 . 2008-12-04 23:04 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-12-04 22:44 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll
2008-12-04 22:44 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2008-12-04 22:06 . 2008-12-04 22:06 <KANSIO> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-04 20:41 . 2008-12-04 20:41 <KANSIO> d-------- c:\documents and settings\Vesku\Omat tiedostot
2008-12-04 17:45 . 2008-12-04 17:45 <KANSIO> d-------- c:\documents and settings\Vesku\Application Data\com.adobe.ExMan
2008-12-03 19:22 . 2008-12-03 19:22 <KANSIO> d-------- C:\_OTMoveIt
2008-12-03 18:40 . 2008-12-03 22:15 <KANSIO> d-------- c:\documents and settings\Vesku\Contacts
2008-12-03 17:14 . 2008-12-03 17:14 <KANSIO> d-------- c:\program files\Common Files\Adobe AIR
2008-12-03 16:05 . 2008-12-03 16:05 <KANSIO> d-------- c:\documents and settings\NetworkService\Työpöytä
2008-12-02 14:58 . 2008-12-02 14:58 <KANSIO> d-------- c:\documents and settings\Vesku\Application Data\OpenOffice.org
2008-12-02 14:53 . 2008-12-02 14:53 <KANSIO> d-------- c:\program files\OpenOffice.org 3

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 18:42 302,080 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-12-23 10:47 67,201 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_12_23_12_40_00_small.dmp.zip
2008-12-22 16:08 954,368 ----a-w c:\windows\Internet Logs\xDBA.tmp
2008-12-22 16:08 1,907,712 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-12-22 16:07 139,794 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_22_18_07_08_small.dmp.zip
2008-12-22 16:04 --------- d-----w c:\program files\Evrsoft First Page 2006
2008-12-22 11:29 --------- d-----w c:\program files\WS_FTP
2008-12-20 21:22 65,912 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_12_20_22_04_48_small.dmp.zip
2008-12-20 10:48 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-20 10:48 --------- d-----w c:\program files\Java
2008-12-17 20:54 --------- d-----w c:\program files\DivX
2008-12-16 18:49 2,483,080 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2008-12-16 11:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-16 11:22 113,940 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_16_13_21_05_small.dmp.zip
2008-12-16 11:21 511,488 ----a-w c:\windows\Internet Logs\xDB9.tmp
2008-12-16 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-16 11:03 --------- d-----w c:\program files\ABIT
2008-12-16 10:57 --------- d-----w c:\program files\DNA
2008-12-15 13:11 121,519 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_15_15_11_00_small.dmp.zip
2008-12-13 22:45 --------- d-----w c:\program files\TVAnts
2008-12-13 15:28 683,008 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-12-13 15:28 1,807,872 ----a-w c:\windows\Internet Logs\xDB8.tmp
2008-12-08 20:30 3,158,528 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-12-08 20:30 112,544 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_08_22_30_07_small.dmp.zip
2008-12-08 18:15 120,194 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_08_20_15_18_small.dmp.zip
2008-12-08 14:53 129,318 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_08_16_53_11_small.dmp.zip
2008-12-06 14:15 35,601 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_06_16_14_50_small.dmp.zip
2008-12-05 20:59 1,768,448 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-12-05 20:48 1,759,744 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-12-05 17:31 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 17:11 --------- d-----w c:\program files\InterVideo
2008-12-05 13:56 --------- d-----w c:\program files\Ahead DVD Ripper
2008-12-04 22:05 --------- d-----w c:\program files\Macromedia
2008-12-04 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-03 17:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 17:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-03 14:07 --------- d-----w c:\program files\Common Files\Ahead
2008-12-03 14:07 --------- d-----w c:\program files\ahead
2008-12-03 13:53 --------- d-----w c:\program files\PHP Designer 2005
2008-12-03 11:15 21 ---ha-w C:\qpmd8378.bin
2008-12-03 11:12 2,957,824 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-12-02 12:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-24 22:45 --------- d-----w c:\documents and settings\Vesku\Application Data\Azureus
2008-11-24 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-06 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-28 12:48 --------- d-----w c:\program files\ICQLite
2008-10-24 12:43 2,243,072 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-18 12:32 89,600 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-02 20:14 48,397 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2005-11-02 22:09 784 ----a-w c:\documents and settings\Vesku\Application Data\mpauth.dat
2001-03-28 09:02 122,880 ----a-w c:\windows\inf\AGFA\message.exe
2005-04-27 22:33 56 --sh--r c:\windows\system32\45AE4373B3.sys
2008-08-23 07:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-25_22.02.32.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-26 02:37:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_218.dat
+ 2008-12-26 02:36:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_74c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 335872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-15 10:40 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0620 STISvc]
-ra------ 2005-05-10 19:03 36864 c:\windows\system32\P0620Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\DRIVERS\bsstor.sys [2005-05-02 9088]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2006-01-10 10240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-06 20560]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2005-05-02 329728]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys []
S1 PDIDRV;PDIDRV; []
S3 AC2003;AC2003;c:\windows\system32\Drivers\AC2003.sys [2005-04-26 3584]
S3 BCM42U;SMC2821USB USB 10M HomePNA Adapter;c:\windows\system32\DRIVERS\BCM42U.SYS [2001-12-07 71262]
S3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2005-06-06 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2005-06-06 642944]
S3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2005-06-06 103366]
S3 Memctl;Memctl;\??\c:\program files\ABIT\FlashMenu\Memctl.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Täydentävä tarkistus -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Vesku\Application Data\Mozilla\Firefox\Profiles\kygm1md9.vesku\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 04:49:45
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-12-26 4:51:11
ComboFix-quarantined-files.txt 2008-12-26 02:50:52

Ennen ajoa: 33,825,464,320 tavua vapaana
Ajon jälkeen: 33,811,222,528 tavua vapaana

208 --- E O F --- 2008-12-18 04:06:53
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: firefox and other problems

Unread postby John B. » December 26th, 2008, 6:12 am

Hi,

Step 1: Show your hidden files
To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon (or click Start, then select My Computer)
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.

Step 2: Upload malware for scanning
I'd like you to check a file for malware.
c:\windows\system32\45AE4373B3.sys

  • Copy/Paste the file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programs.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.

[color=blue]Step 3: Post VirusTotal/Jotti results
Also tell me about any problems you still have.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: firefox and other problems

Unread postby humanerror » December 26th, 2008, 6:38 am

I copied this info straight out of the results page:

File 45AE4373B3.sys received on 12.26.2008 11:30:55 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/38 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.26 -
AhnLab-V3 2008.12.25.0 2008.12.26 -
AntiVir 7.9.0.45 2008.12.25 -
Authentium 5.1.0.4 2008.12.25 -
Avast 4.8.1281.0 2008.12.26 -
AVG 8.0.0.199 2008.12.25 -
BitDefender 7.2 2008.12.26 -
CAT-QuickHeal 10.00 2008.12.26 -
ClamAV 0.94.1 2008.12.26 -
Comodo 819 2008.12.26 -
DrWeb 4.44.0.09170 2008.12.26 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.26 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.26 -
Fortinet 3.117.0.0 2008.12.26 -
GData 19 2008.12.26 -
Ikarus T3.1.1.45.0 2008.12.26 -
K7AntiVirus 7.10.566 2008.12.25 -
Kaspersky 7.0.0.125 2008.12.26 -
McAfee 5474 2008.12.24 -
McAfee+Artemis 5474 2008.12.24 -
Microsoft 1.4205 2008.12.26 -
NOD32 3717 2008.12.25 -
Norman 5.80.02 2008.12.24 -
Panda 9.0.0.4 2008.12.26 -
PCTools 4.4.2.0 2008.12.25 -
Prevx1 V2 2008.12.26 -
Rising 21.09.42.00 2008.12.26 -
Sophos 4.37.0 2008.12.26 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.26 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.25 -
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.25 -
Additional information
File size: 56 bytes
MD5...: 3880157f4e680614b76039fa142b15c9
SHA1..: a7bcdd3efbe750cdcb4153d90f679828ec05ab0d
SHA256: 46791de9761675e8611ec5ab1ba346f7ee47a34733dce18bc8d72fb481380c29
SHA512: 31a02dba363c3d4eb25c0e47ebcd685d113336cc48359aa9aee4b73d3f00f91c
8d9d1123dfb03a3f555ae413a2e990898c940248e7273a83ae07c502d42780bf
ssdeep: 3:/ldEVLTrl:Arl
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: firefox and other problems

Unread postby John B. » December 26th, 2008, 9:05 am

Hi,

Should I remove JavaRa and OTMoveIt? I just downloaded them to learn about them, but they have remained useless to me...

JavaRa is not really dangerous and quite useful. You can keep it if you want to. OTMoveIt on the other hand can be dangerous if used wrong and I will give instructions later on how to remove it correctly from your system.

Still I do not see any malware. Let's run one last scanner.

Step 1: Remove HijackThis entry
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside the item listed below (if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 2: Run CFScript
Open Notepad and copy/paste the text in the box into the window:

Code: Select all
DEQUARANTINE::
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.dll.vir

QUIT::


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
http://www.bleepingcomputer.com/forums/topic114351.html

If your have Avast as anti virus an additional thing has to be changed to make ComboFix work properly:
Image

After doing that close any open browsers.

Image

Refering to the picture above, drag CFScript into ComboFix.exe

ComboFix will stop earlier than it normally does and open a log called DeQuarantine_log.txt. Please save it to your desktop.

Step 3: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

Step 4: Run Malwarebytes' Anti-Malware
  • Make sure you update first so that you have the latest definitions and no bugs.
  • After that, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Close the Notepad file.
  • The log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 5: Post logs
Please post the following logs in a reply to this topic:
  • Tell me if you still have the problems you originally had, and if you have other problems
  • New HijackThis log
  • DeQuarantine_log.txt
  • MBAM log

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: firefox and other problems

Unread postby humanerror » December 26th, 2008, 1:03 pm

After yesterday, I haven't encountered the problems I had (firefox and system crashing). Looks good..!

edit: right after writing the previous line, firefox crashed:(

here's the logs (hihjack log has been created after the crash, if it matters)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:12 PM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = joensuunelli.fi
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP\wsbho2k0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7351127093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/a ... Atchmt.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8413 bytes


C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.dll.vir -> C:\WINDOWS\system32\Ati2evxx.dll ( 86016 bytes )


Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1550
Windows 5.1.2600 Service Pack 3

12/26/2008 6:57:20 PM
mbam-log-2008-12-26 (18-57-20).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|)
Tarkistetut kohteet: 238602
Kulunut aika: 1 hour(s), 43 minute(s), 18 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: firefox and other problems

Unread postby John B. » December 26th, 2008, 1:13 pm

Hi,

Everything looks great. Let's start with non-malware troubleshooting.

By viewing the Event Viewer logs we could maybe find out what is wrong.
  • Go to Start
  • Click on Run
  • In the box, type eventvwr
  • Look at the System and Application log files and note any that are red and ones created at the time something crashes.
  • We need to know the Event ID and Source.

Please structure your post, so I know what source and id belong together, etc.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: firefox and other problems

Unread postby humanerror » December 26th, 2008, 3:26 pm

Ok, I gathered the red ones here chronologically, in the same order as they appeared on the list. I noticed there are lotsa similar errors, but i went through the whole list anyway. I'm not sure, if I got your idea right, so please advice me, if you need something else. Thanks lot for the help this far.

SYSTEM:

After each RED error, there appear either "Service Control Manager 7035", "Service Control Manager 7036" or "eventlog 6009". I didn't list these.

These appeared a couple of times simultaneously or a little later than "Service Control Manager 7031": "WMPNetworkSvc 14204", "WMPNetworkSvc 14206"

Here's list of the RED ones, chronologically.

Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7016
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7016
Service Control Manager 7000
Service Control Manager 7028
Service Control Manager 7016
Service Control Manager 7000
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7031
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7031
Service Control Manager 7016
Service Control Manager 7031
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7016
Service Control Manager 7031
Service Control Manager 7031
Service Control Manager 7000
Service Control Manager 7031
Service Control Manager 7031
System Error 1003
Service Control Manager 7000
Service Control Manager 7016
System Error 1003
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7000
Service Control Manager 7016
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7016
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7016
System Error 1003
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7016
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7031
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7000
Service Control Manager 7000
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7031
System Error 1003
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7000
Service Control Manager 7000
System Error 1003
Service Control Manager 7000
Service Control Manager 7034
Service Control Manager 7000




APPLICATION:

Before each of the RED logs in "APPLICATION" list, there seems to be "ESENT 100", "ESENT 101" "ESENT 102", "ESENT 103", "ESENT 105", "ESENT 300" "ESENT 301", "ESENT 302"ESENT 700", "ESENT 701" and/or "ESENT 704".

"Source: ColdFusion MX 7 Application Server, ID: 7" seems to come always before RED "PerfNet 2004"

Application Error 1000
Application Error 1000
Application Error 1000
Application Error 1000
Application Error 1000
Application Error 1000
Windows Live Messenger 1000
Application Error 1000
Application Error 1000
Application Error 1000
Application Error 1000
Application Error 1000
Application Hang 1002
Application Error 1000
Application Error 1000
Application Hang 1002
Application Error 1000
Application Error 1000
MsiInstaller 11330
Application Error 1000
Application Error 1000
Application Error 1000
Application Hang 1002
Application Hang 1001
Application Hang 1002
Application Error 1000
Application Error 1001
Application Error 1000
Windows Live Messenger 5000
Application Error 1000
ESENT 474
Application Error 1000
Application Error 1000
Windows Live Messenger 1000
Application Hang 1002
Application Error 1000
Windows Live Messenger 1000
Application Error 1000
Application Error 1000
Windows Live Messenger 1000
Windows Live Messenger 1000
Application Error 1000
Windows Live Messenger 1000
Application Error 1000
Application Error 1000
Application Error 1000
Windows Live Messenger 1000
Application Error 1000
Application Error 1000
Application Error 1000
Windows Live Messenger 1000
Application Error 1000
Application Error 1000
Application Error 1000
PerfNet 2004
PerfNet 2004
PerfNet 2004
PerfNet 2004
PerfNet 2004
MsiInstaller 11905
PerfNet 2004
PerfNet 2004
PerfNet 2004
PerfNet 2004
MsiInstaller 11931
PerfNet 2004
EventSystem 4609
PerfNet 2004
PerfNet 2004
PerfNet 2004
PerfNet 2004
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am

Re: firefox and other problems

Unread postby John B. » December 27th, 2008, 1:11 pm

Hi,

All those Service Control Manager events are related to services which you do not have any longer (parts of programs which are used to start the program at startup) and is not fully removed or is just faulty. Do you have any problems with programs not wanting to work (except Firefox)?

When did you start having problems with Firefox? Right after installing any new software/drivers/hardware?

Are you using the most up-to-date version of Firefox?

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: firefox and other problems

Unread postby humanerror » December 27th, 2008, 2:29 pm

Hi,

I got the latest version of Firefox.
I forgot to tell you that I installed more memory on 5th December (1GB->1,5GB). The problems started in the following days, I don't remember exactly. Before 5th Dec I installed Adobe CS4.
Usually only firefox crashes. If it crashes many times in a row, computer gets slower and some other applications have then crashed as well. Windows Media player and Photoshop...
humanerror
Regular Member
 
Posts: 54
Joined: October 14th, 2008, 8:36 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware