Inactive Firefox redirects to ad sites

Status
Not open for further replies.

RagnaX

Posts: 7   +0
I'm currently helping my computer illiterate friend via team viewer. Any search engine she uses redirects to ad sites. I was wondering if I could get quick help on how to fix this problem. I attached a link for a scan I did on her pc with HJT.

I also checked out the other threads about redirecting but most of them had to do with IE, so I'm not sure if ti would make a difference. I'm not too good with these things, but I can follow directions easily.
 

Attachments

  • hijackthis.log
    8.4 KB · Views: 1
Hi and welcome to TechSpot forums :).

====

Please read the directions given here and when done, post the requested logs.
Please do not attach the logs unless requested, or they are to large to paste.

If there are any other symptoms that would help diagnose the problem, please let me know.
 
We already did TFC, and I'm currently having her do GMER, waiting for it to finish. Malware Bytes came up clean, so I'm not sure if you'll need the log on that or not. I'll post the logs as soon as I can.
 
DDS (Ver_10-03-17.01) - NTFSX64
Run by Nichol at 2:15:35.78 on 08/11/2010 Wed
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.949.82.1033.18.4094.2170 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\notepad.exe
C:\Users\Nichol\Desktop\l4z6uo41.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nichol\Downloads\dds.scr
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.people.com/people/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files (x86)\lexmark toolbar\toolband.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files (x86)\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [Lexmark Pro200-S500 Series] "c:\program files (x86)\lexmark pro200-s500 series\fm3032.exe" /s
mRun: [Carbonite Backup] "c:\program files (x86)\carbonite\carbonite backup\CarboniteUI.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all by FlashGet3 - c:\users\nichol\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\nichol\appdata\roaming\flashgetbho\GetUrl.htm
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton 360\engine\3.8.0.41\CoIEPlg.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
TB-X64: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [lxebmon.exe] "c:\program files (x86)\lexmark pro200-s500 series\lxebmon.exe"
mRun-x64: [EzPrint] "c:\program files (x86)\lexmark pro200-s500 series\ezprint.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\nichol\appdata\roaming\mozilla\firefox\profiles\oh6b0s1z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://spadow.wordpress.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files (x86)\ahnlab\asp\components\aosmgr\conflict_228\npaosmgr.dll
FF - plugin: c:\program files (x86)\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files (x86)\ahnlab\asp\mykeydefense 2.5\npmkd25sp.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexon\ngm\npNxGame.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\nichol\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0308000.029\SymEFA64.sys [2010-4-20 402992]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\n360x64\0308000.029\BHDrvx64.sys [2010-4-20 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0308000.029\cchpx64.sys [2010-4-20 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100809.001\IDSviA64.sys [2010-8-10 463408]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-4-20 117640]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2008-11-23 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-6 132656]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360x64\0308000.029\symndisv.sys [2010-4-20 56880]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbdax64.sys [2008-11-6 204672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9cd1a95810450;Google Update Service (gupdate1c9cd1a95810450);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-5-4 133104]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\lxebserv.exe [2010-4-7 45736]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2BthF.sys [2010-7-13 99416]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-7-13 106072]
S3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\mkd3kfnt.sys [2010-7-13 182872]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-2 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-11 07:03:25 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-11 01:28:42 0 d-----w- c:\users\nichol\appdata\roaming\ZeroK
2010-08-11 01:28:23 0 d-----w- c:\program files (x86)\ZeroK
2010-08-09 08:53:56 0 d-----w- c:\program files\iPod
2010-08-09 08:53:54 0 d-----w- c:\program files\iTunes
2010-08-09 08:49:57 629 ----a-w- c:\windows\system32\mapisvc.inf
2010-08-03 13:09:00 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-14 21:59:12 25872 ----a-w- c:\windows\syswow64\INIUAC.exe
2010-07-14 21:59:12 214584 ----a-w- c:\windows\syswow64\SCSKLoader.exe
2010-07-14 21:59:12 0 d-----w- c:\program files (x86)\INICIS61
2010-07-14 02:26:47 0 dc----w- C:\Hotspot Shield
2010-07-14 02:26:29 0 d-----w- c:\program files (x86)\Hotspot Shield
2010-07-14 00:11:23 99416 ----a-w- c:\windows\system32\drivers\Mkd2BthF.sys
2010-07-14 00:11:23 182872 ----a-w- c:\windows\system32\drivers\mkd3kfnt.sys
2010-07-14 00:11:23 106072 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2010-07-14 00:07:51 0 d-----w- c:\program files (x86)\AhnLab
2010-07-13 00:36:34 0 d-----w- c:\program files\Bonjour
2010-07-13 00:36:34 0 d-----w- c:\program files (x86)\Bonjour
2010-07-12 10:06:29 248 ----a-w- c:\windows\syswow64\secustat.dat
2010-07-12 09:58:16 0 d-----w- c:\users\nichol\appdata\roaming\uTorrent
2010-07-12 09:48:53 0 d-----w- c:\programdata\Nexon
2010-07-12 09:36:30 0 dc----w- C:\Downloads
2010-07-12 09:36:23 305 ----a-w- c:\windows\syswow64\secushr.dat
2010-07-12 09:35:51 25 ----a-w- c:\windows\libem.INI
2010-07-12 09:35:17 0 d-----w- c:\users\nichol\appdata\roaming\FlashGet
2010-07-12 09:35:16 0 d-----w- c:\users\nichol\appdata\roaming\BITS
2010-07-12 09:35:13 0 d-----w- c:\users\nichol\appdata\roaming\FlashGetBHO
2010-07-12 09:35:11 0 d-----w- c:\program files (x86)\FlashGet Network

==================== Find3M ====================

2010-08-11 08:31:22 70773 ----a-w- c:\programdata\nvModes.dat
2010-08-11 06:59:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-11 06:59:33 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-14 02:30:14 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-16 20:33:40 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 21:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-12-09 15:22:54 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-05 01:05:37 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-05 01:05:37 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-05 01:05:37 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-04-16 02:30:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-16 02:30:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-16 02:30:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-17 12:20:55 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-07 21:07:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040720100408\index.dat
2009-10-17 10:13:54 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-11-06 18:48:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:16:06.73 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2008 11:02:01 AM
System Uptime: 8/11/2010 1:30:40 AM (1 hours ago)

Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | CPU 1 | 3000/1333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 685 GiB total, 301.128 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.862 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
AhnLab Online Security
Apple Application Support
Apple Software Update
BufferChm
Carbonite
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro Photo X2
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
DocProc
DocProcQFolder
Fast Browser Search (My Web Tattoo)
FoxyTunes for Firefox
Fraps (remove only)
Game Booster
GEAR driver installer for x86 and x64
GearDrvs
Google Update Helper
HandBrake 0.9.3
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Driver Diagnostics
HP Product Assistant
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
HPTCSSetup
iTunes Plugin for Windows Live Writer
Java Auto Updater
Java(TM) 6 Update 20
LabelPrint
Lexmark Printable Web
Lexmark Toolbar
LightScribe System Software
LightScribeTemplateLabeler
Malwarebytes' Anti-Malware
MapleStory
MarketResearch
Micro
Microsoft Choice Guard
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Move Media Player
Mozilla Firefox (3.5.11)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Norton 360
Pando Media Booster
Power2Go
PowerDirector
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Roblox for Nichol
RocketDock 1.3.5
Safari
Samsung PC Studio 3 USB Driver Installer
Skype™ 4.2
SolutionCenter
SPORE Creature Creator Trial Edition
System Requirements Lab
TeamViewer 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
Viewpoint Media Player
VoiceOver Kit
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
WinRAR archiver

==== End Of File ===========================


GMER came up as "Gmer hasn't found any system modification", and the log file was empty.
 
OK. I will still need to see MBA_M log please.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

====

How are things now?
 
She had to go to sleep, but I told her to contact me as soon as she was awake and not do anything to the pc. I'll post the next log as soon as I can, and thank you for your help so far.
 
Status
Not open for further replies.
Back