Inactive Freezing computer

Status
Not open for further replies.
P

Peoplezz

Posts: 65   +0
mozilla firefox keep freezing on me and wont restart
something is not right (again)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7474

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

17/08/2011 03:21:15
mbam-log-2011-08-17 (03-21-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 224243
Time elapsed: 56 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------
 
am waiting for gmer to run and its been a wjhile, any chance my computer could been attacked when i didnt have any firewall or AV enabled?
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-17 03:49:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.DE11
Running: 7ridfuwc.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kfriapod.sys


---- System - GMER 1.0.15 ----

SSDT 86E535B0 ZwAlertResumeThread
SSDT 86E53690 ZwAlertThread
SSDT 86E53F80 ZwAllocateVirtualMemory
SSDT 8660F2E0 ZwAlpcConnectPort
SSDT 86F10D40 ZwAssignProcessToJobObject
SSDT 86E53300 ZwCreateMutant
SSDT 86F10A60 ZwCreateSymbolicLinkObject
SSDT 86761480 ZwCreateThread
SSDT 86F10E20 ZwDebugActiveProcess
SSDT 86761188 ZwDuplicateObject
SSDT 86E53DC0 ZwFreeVirtualMemory
SSDT 86E533F0 ZwImpersonateAnonymousToken
SSDT 86E534D0 ZwImpersonateThread
SSDT 865F24D0 ZwLoadDriver
SSDT 86E53CC0 ZwMapViewOfSection
SSDT 86E53220 ZwOpenEvent
SSDT 86761368 ZwOpenProcess
SSDT 867610A8 ZwOpenProcessToken
SSDT 86E53060 ZwOpenSection
SSDT 86761278 ZwOpenThread
SSDT 86F10C50 ZwProtectVirtualMemory
SSDT 86E53770 ZwResumeThread
SSDT 86E53A10 ZwSetContextThread
SSDT 86E53AF0 ZwSetInformationProcess
SSDT 86F10F00 ZwSetSystemInformation
SSDT 86E53140 ZwSuspendProcess
SSDT 86E53850 ZwSuspendThread
SSDT 86761560 ZwTerminateProcess
SSDT 86E53930 ZwTerminateThread
SSDT 86E53BE0 ZwUnmapViewOfSection
SSDT 86E53EB0 ZwWriteVirtualMemory
SSDT 86F10B50 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81AFE8A0 8 Bytes [B0, 35, E5, 86, 90, 36, E5, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81AFE8B4 4 Bytes [80, 3F, E5, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 81AFE8C0 4 Bytes [E0, F2, 60, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 81AFE914 4 Bytes [40, 0D, F1, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81AFE978 4 Bytes [00, 33, E5, 86] {ADD [EBX], DH; IN EAX, 0x86}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\real\realplayer\Update\realsched.exe[1384] kernel32.dll!SetUnhandledExceptionFilter 76CCA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2120] ntdll.dll!LdrLoadDll 772193A8 5 Bytes JMP 00D91410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2704] USER32.dll!SetWindowLongA 75D8E7CD 5 Bytes JMP 6E40F0D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2704] USER32.dll!SetWindowLongW 75D913B4 5 Bytes JMP 6E40F069 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2704] USER32.dll!GetWindowInfo 75D9428E 5 Bytes JMP 6E2256CB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2704] USER32.dll!TrackPopupMenu 75DA14F3 5 Bytes JMP 6E225CE7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Chris at 3:50:17 on 2011-08-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1485 [GMT 1:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\wsqmcons.exe
C:\PROGRA~1\Java\jre7\bin\jp2launcher.exe
C:\Program Files\Java\jre7\bin\java.exe
C:\Users\Chris\Downloads\7ridfuwc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.visagecomputers.co.uk/
uStart Page = hxxp://www.visagecomputers.co.uk/
uWindow Title = Visage Computers
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DhcpNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\3jxbff1v.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-8-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-8-17 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-17 815736]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110812.030\IDSvix86.sys [2011-8-12 367736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-8-17 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys [2011-8-17 331384]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-17 366640]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-8-17 130008]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-17 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-17 22712]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-17 00:00:41 -------- d-----w- c:\program files\common files\xing shared
2011-08-16 23:46:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 23:42:49 -------- d-----w- c:\users\chris\appdata\local\Secunia PSI
2011-08-16 23:42:43 -------- d-----w- c:\program files\Secunia
2011-08-16 23:42:37 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2011-08-16 23:42:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 23:42:23 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 23:42:19 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 23:42:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-16 23:26:41 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-16 23:24:37 -------- d-----w- c:\users\chris\appdata\local\Adobe
2011-08-16 23:22:26 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 23:18:32 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-08-16 23:18:32 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-08-16 23:18:31 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-08-16 23:18:31 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-08-16 23:18:31 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-08-16 23:18:31 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-08-16 23:18:31 -------- d-----w- c:\program files\FileHippo.com
2011-08-16 23:18:30 136312 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-08-16 23:18:10 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-08-15 23:46:58 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-08-15 23:45:59 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-15 23:45:59 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-08-15 23:45:57 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-15 23:45:57 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-15 23:45:57 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-15 23:45:54 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-15 23:45:51 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-08-15 23:45:51 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-15 23:45:47 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-15 23:45:46 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-15 23:45:46 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-15 23:40:40 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-15 23:36:55 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-15 23:36:55 -------- d-----w- c:\program files\Symantec
2011-08-15 23:36:55 -------- d-----w- c:\program files\common files\Symantec Shared
2011-08-15 23:36:16 -------- d-----w- c:\windows\system32\drivers\NIS
2011-08-15 23:36:14 -------- d-----w- c:\program files\Norton Internet Security
2011-08-15 23:36:13 -------- d-----w- c:\programdata\Norton
2011-08-15 23:36:04 -------- d-----w- c:\program files\NortonInstaller
2011-08-15 23:36:03 -------- d-----w- c:\programdata\NortonInstaller
.
==================== Find3M ====================
.
2011-08-17 00:00:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-08-17 00:00:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 3:50:38.55 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 17/08/2011 02:14:34 (1 hours ago)
.
Motherboard: Dell Inc. | | 0K216C
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2664/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 260.57 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP16: 16/08/2011 00:33:37 - Windows Update
RP17: 16/08/2011 00:47:13 - Windows Update
RP18: 17/08/2011 00:09:23 - Windows Update
RP19: 17/08/2011 00:21:37 - Installed Java(TM) 7
RP20: 17/08/2011 00:23:53 - Installed Adobe Reader X (10.1.0).
RP21: 17/08/2011 00:25:56 - Windows Update
RP22: 17/08/2011 00:40:20 - Windows Update
RP23: 17/08/2011 00:46:10 - Windows Update
RP24: 17/08/2011 00:55:51 - Installed Java(TM) 6 Update 26
RP25: 17/08/2011 01:09:29 - Installed Windows Media Player Firefox Plugin
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
EasyBCD 1.7
ffdshow [rev 2180] [2008-10-04]
FileHippo.com Update Checker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 7
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0.1 (x86 en-GB)
Nero 7 Lite 7.10.1.2
Norton Internet Security
PowerDVD
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live installer
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
17/08/2011 02:15:12, Error: EventLog [6008] - The previous system shutdown at 02:13:55 on 17/08/2011 was unexpected.
17/08/2011 00:25:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
17/08/2011 00:25:39, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/08/2011 00:25:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17/08/2011 00:03:29, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows Vista (KB2509553).
16/08/2011 23:58:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2509553 (Security Update) into Resolved(Resolved) state
.
==== End Of File ===========================
 
Same computer as the one we cleaned 3 weeks ago?

Is Firefox issue your only problem?
 
I don't see anything suspicious so far.

Let's run one more scan...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
will do downloaded combofix and my virus scanned it and before I had chance to open it and disable my AV, norton told me it was a trojan.adh.2?
 
ComboFix 11-08-16.05 - Chris 16/08/2011 23:19:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1691 [GMT 1:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-17 00:37 . 2011-08-17 00:37 -------- d-----w- c:\users\Chris\AppData\Roaming\CyberLink
2011-08-17 00:00 . 2011-08-17 00:00 -------- d-----w- c:\program files\Common Files\xing shared
2011-08-16 23:59 . 2011-08-17 00:00 -------- d-----w- c:\program files\real
2011-08-16 23:46 . 2011-08-17 00:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\users\Chris\AppData\Local\Secunia PSI
2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\program files\Secunia
2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-08-16 23:42 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 23:42 . 2011-08-16 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-16 23:42 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 23:39 . 2011-08-16 23:39 -------- d-----w- c:\windows\Sun
2011-08-16 23:26 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-16 23:24 . 2011-08-16 23:24 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-16 23:24 . 2011-08-16 12:33 -------- d-----w- c:\users\Chris\AppData\Local\Adobe
2011-08-16 23:22 . 2011-08-16 23:22 -------- d-----w- c:\program files\Common Files\Java
2011-08-16 23:22 . 2011-08-16 23:22 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 23:19 . 2011-08-16 23:19 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla
2011-08-16 23:18 . 2011-08-16 23:18 -------- d-----w- c:\program files\FileHippo.com
2011-08-16 22:22 . 2011-08-16 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-15 23:46 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-08-15 23:45 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-15 23:45 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-08-15 23:45 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-15 23:45 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-15 23:45 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-15 23:45 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-15 23:45 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-15 23:45 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-08-15 23:45 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-15 23:45 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-15 23:45 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-15 23:40 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-15 23:36 . 2011-08-16 23:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-08-15 23:36 . 2011-08-16 23:18 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-15 23:36 . 2011-08-16 23:18 -------- d-----w- c:\program files\Symantec
2011-08-15 23:36 . 2011-08-16 23:37 -------- d-----w- c:\windows\system32\drivers\NIS
2011-08-15 23:36 . 2011-08-15 23:36 -------- d-----w- c:\program files\Norton Internet Security
2011-08-15 23:36 . 2011-08-15 23:37 -------- d-----w- c:\programdata\Norton
2011-08-15 23:36 . 2011-08-15 23:36 -------- d-----w- c:\program files\NortonInstaller
2011-08-15 23:35 . 2011-08-15 23:35 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 00:00 . 2008-10-23 12:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-08-17 00:00 . 2008-10-23 12:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-08 07:31 . 2011-08-16 23:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-08-17 273544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [2009-12-10 43520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-22 815736]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110815.030\IDSvix86.sys [2011-08-12 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-16 105592]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.visagecomputers.co.uk/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3jxbff1v.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 23:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-16 23:26:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-16 22:26
.
Pre-Run: 273,366,630,400 bytes free
Post-Run: 273,264,934,912 bytes free
.
- - End Of File - - C241156BEE8D296E1B010743AFBAA63F
 
is this the right rkill log?

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 16/08/2011 at 23:28:58.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

\\?\C:\Windows\system32\wbem\WMIADAP.EXE


Rkill completed on 16/08/2011 at 23:29:04.
 
Nothing there....

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Researchers prove they can exploit chatbots to spread AI worms
Replies
3
Views
165
Cal Jeffrey
Cal Jeffrey
D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
403
Fastturtle
F
N
Several popular Minecraft mods are infected with Fracturiser malware
Replies
0
Views
617
nanoguy
N

Latest posts

Back