TechSpot

Firefox redirects to ad sites

By RagnaX
Aug 11, 2010
  1. I'm currently helping my computer illiterate friend via team viewer. Any search engine she uses redirects to ad sites. I was wondering if I could get quick help on how to fix this problem. I attached a link for a scan I did on her pc with HJT.

    I also checked out the other threads about redirecting but most of them had to do with IE, so I'm not sure if ti would make a difference. I'm not too good with these things, but I can follow directions easily.
     

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 728

    Hi and welcome to TechSpot forums :).

    ====

    Please read the directions given here and when done, post the requested logs.
    Please do not attach the logs unless requested, or they are to large to paste.

    If there are any other symptoms that would help diagnose the problem, please let me know.
     
  3. RagnaX

    RagnaX TS Rookie Topic Starter

    We already did TFC, and I'm currently having her do GMER, waiting for it to finish. Malware Bytes came up clean, so I'm not sure if you'll need the log on that or not. I'll post the logs as soon as I can.
     
  4. RagnaX

    RagnaX TS Rookie Topic Starter

    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Nichol at 2:15:35.78 on 08/11/2010 Wed
    Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.949.82.1033.18.4094.2170 [GMT -7:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxebcoms.exe
    C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SysWOW64\PSIService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\notepad.exe
    C:\Users\Nichol\Desktop\l4z6uo41.exe
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Nichol\Downloads\dds.scr
    C:\Windows\SysWOW64\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.people.com/people/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\syswow64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files (x86)\lexmark toolbar\toolband.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\3.8.0.41\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
    TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files (x86)\lexmark toolbar\toolband.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\3.8.0.41\coIEPlg.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
    uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
    mRun: [Lexmark Pro200-S500 Series] "c:\program files (x86)\lexmark pro200-s500 series\fm3032.exe" /s
    mRun: [Carbonite Backup] "c:\program files (x86)\carbonite\carbonite backup\CarboniteUI.exe"
    mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office\OSA9.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all by FlashGet3 - c:\users\nichol\appdata\roaming\flashgetbho\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\nichol\appdata\roaming\flashgetbho\GetUrl.htm
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton 360\engine\3.8.0.41\CoIEPlg.dll
    BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
    TB-X64: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
    TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
    mRun-x64: [lxebmon.exe] "c:\program files (x86)\lexmark pro200-s500 series\lxebmon.exe"
    mRun-x64: [EzPrint] "c:\program files (x86)\lexmark pro200-s500 series\ezprint.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\nichol\appdata\roaming\mozilla\firefox\profiles\oh6b0s1z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://spadow.wordpress.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files (x86)\ahnlab\asp\components\aosmgr\conflict_228\npaosmgr.dll
    FF - plugin: c:\program files (x86)\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
    FF - plugin: c:\program files (x86)\ahnlab\asp\mykeydefense 2.5\npmkd25sp.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\programdata\nexon\ngm\npNxGame.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\nichol\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0308000.029\SymEFA64.sys [2010-4-20 402992]
    R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\n360x64\0308000.029\BHDrvx64.sys [2010-4-20 334384]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0308000.029\cchpx64.sys [2010-4-20 583296]
    R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100809.001\IDSviA64.sys [2010-8-10 463408]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
    R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
    R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-4-20 117640]
    R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2008-11-23 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-6 132656]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360x64\0308000.029\symndisv.sys [2010-4-20 56880]
    R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbdax64.sys [2008-11-6 204672]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1c9cd1a95810450;Google Update Service (gupdate1c9cd1a95810450);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-5-4 133104]
    S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\lxebserv.exe [2010-4-7 45736]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    S3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2BthF.sys [2010-7-13 99416]
    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-7-13 106072]
    S3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\mkd3kfnt.sys [2010-7-13 182872]
    S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
    S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-2 89920]

    ============== File Associations ===============

    JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

    =============== Created Last 30 ================

    2010-08-11 07:03:25 0 d-----w- c:\program files (x86)\Trend Micro
    2010-08-11 01:28:42 0 d-----w- c:\users\nichol\appdata\roaming\ZeroK
    2010-08-11 01:28:23 0 d-----w- c:\program files (x86)\ZeroK
    2010-08-09 08:53:56 0 d-----w- c:\program files\iPod
    2010-08-09 08:53:54 0 d-----w- c:\program files\iTunes
    2010-08-09 08:49:57 629 ----a-w- c:\windows\system32\mapisvc.inf
    2010-08-03 13:09:00 11584512 ----a-w- c:\windows\syswow64\shell32.dll
    2010-07-14 21:59:12 25872 ----a-w- c:\windows\syswow64\INIUAC.exe
    2010-07-14 21:59:12 214584 ----a-w- c:\windows\syswow64\SCSKLoader.exe
    2010-07-14 21:59:12 0 d-----w- c:\program files (x86)\INICIS61
    2010-07-14 02:26:47 0 dc----w- C:\Hotspot Shield
    2010-07-14 02:26:29 0 d-----w- c:\program files (x86)\Hotspot Shield
    2010-07-14 00:11:23 99416 ----a-w- c:\windows\system32\drivers\Mkd2BthF.sys
    2010-07-14 00:11:23 182872 ----a-w- c:\windows\system32\drivers\mkd3kfnt.sys
    2010-07-14 00:11:23 106072 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
    2010-07-14 00:07:51 0 d-----w- c:\program files (x86)\AhnLab
    2010-07-13 00:36:34 0 d-----w- c:\program files\Bonjour
    2010-07-13 00:36:34 0 d-----w- c:\program files (x86)\Bonjour
    2010-07-12 10:06:29 248 ----a-w- c:\windows\syswow64\secustat.dat
    2010-07-12 09:58:16 0 d-----w- c:\users\nichol\appdata\roaming\uTorrent
    2010-07-12 09:48:53 0 d-----w- c:\programdata\Nexon
    2010-07-12 09:36:30 0 dc----w- C:\Downloads
    2010-07-12 09:36:23 305 ----a-w- c:\windows\syswow64\secushr.dat
    2010-07-12 09:35:51 25 ----a-w- c:\windows\libem.INI
    2010-07-12 09:35:17 0 d-----w- c:\users\nichol\appdata\roaming\FlashGet
    2010-07-12 09:35:16 0 d-----w- c:\users\nichol\appdata\roaming\BITS
    2010-07-12 09:35:13 0 d-----w- c:\users\nichol\appdata\roaming\FlashGetBHO
    2010-07-12 09:35:11 0 d-----w- c:\program files (x86)\FlashGet Network

    ==================== Find3M ====================

    2010-08-11 08:31:22 70773 ----a-w- c:\programdata\nvModes.dat
    2010-08-11 06:59:33 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-08-11 06:59:33 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-07-14 02:30:14 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-06-16 20:33:40 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
    2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
    2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
    2010-05-21 21:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-18 23:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 23:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-18 23:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
    2010-05-18 23:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
    2009-12-09 15:22:54 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
    2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-03-05 01:05:37 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2010-03-05 01:05:37 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
    2010-03-05 01:05:37 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
    2010-04-16 02:30:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-04-16 02:30:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-04-16 02:30:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2009-10-17 12:20:55 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-04-07 21:07:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040720100408\index.dat
    2009-10-17 10:13:54 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2008-11-06 18:48:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 2:16:06.73 ===============
     
  5. RagnaX

    RagnaX TS Rookie Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/6/2008 11:02:01 AM
    System Uptime: 8/11/2010 1:30:40 AM (1 hours ago)

    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | CPU 1 | 3000/1333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 685 GiB total, 301.128 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.862 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.3
    AhnLab Online Security
    Apple Application Support
    Apple Software Update
    BufferChm
    Carbonite
    CCleaner (remove only)
    Compatibility Pack for the 2007 Office system
    Corel Paint Shop Pro Photo X2
    CustomerResearchQFolder
    CyberLink DVD Suite Deluxe
    DocProc
    DocProcQFolder
    Fast Browser Search (My Web Tattoo)
    FoxyTunes for Firefox
    Fraps (remove only)
    Game Booster
    GEAR driver installer for x86 and x64
    GearDrvs
    Google Update Helper
    HandBrake 0.9.3
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Driver Diagnostics
    HP Product Assistant
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Update
    HPProductAssistant
    HPSSupply
    HPTCSSetup
    iTunes Plugin for Windows Live Writer
    Java Auto Updater
    Java(TM) 6 Update 20
    LabelPrint
    Lexmark Printable Web
    Lexmark Toolbar
    LightScribe System Software
    LightScribeTemplateLabeler
    Malwarebytes' Anti-Malware
    MapleStory
    MarketResearch
    Micro
    Microsoft Choice Guard
    Microsoft Office 2000 SR-1 Disc 2
    Microsoft Office 2000 SR-1 Professional
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Move Media Player
    Mozilla Firefox (3.5.11)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    Norton 360
    Pando Media Booster
    Power2Go
    PowerDirector
    Python 2.5.2
    QuickTime
    Realtek High Definition Audio Driver
    Roblox for Nichol
    RocketDock 1.3.5
    Safari
    Samsung PC Studio 3 USB Driver Installer
    Skype™ 4.2
    SolutionCenter
    SPORE Creature Creator Trial Edition
    System Requirements Lab
    TeamViewer 5
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Ventrilo Client
    Viewpoint Media Player
    VoiceOver Kit
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Upload Tool
    WinRAR archiver

    ==== End Of File ===========================


    GMER came up as "Gmer hasn't found any system modification", and the log file was empty.
     
  6. crunchie

    crunchie Malware Helper Posts: 728

    OK. I will still need to see MBA_M log please.

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

    ====

    How are things now?
     
  7. RagnaX

    RagnaX TS Rookie Topic Starter

    She had to go to sleep, but I told her to contact me as soon as she was awake and not do anything to the pc. I'll post the next log as soon as I can, and thank you for your help so far.
     
  8. crunchie

    crunchie Malware Helper Posts: 728

    No worries :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...