Inactive Getting redirects from Google in Firefox

Status
Not open for further replies.
T

target160

Greetings,

Been experiencing these redirects from Google searches in FF. Doesn't seem to happen in Chrome.

Any help appreciated.
-km

The logs:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7645

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/3/2011 3:31:10 PM
mbam-log-2011-09-03 (15-31-10).txt

Scan type: Quick scan
Objects scanned: 198520
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\KMiller\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\KMiller\application data\Adobe\plugs\mmc228172953.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-03 15:44:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001A
Running: yi3gotji.exe; Driver: C:\DOCUME~1\KMiller\LOCALS~1\Temp\pxtorpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA7E60BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA7E60A5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA7EE0398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by KMiller at 15:48:13 on 2011-09-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1553 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FreePOPs\freepopsservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\FreePOPs\freepopsd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\KMiller\Start Menu\Programs\Startup\AS-BLANKER.EXE
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: Google Gears Helper - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: NuSphere ToolBar: {0f62d223-9206-4ea3-9ea8-d0f3c7c82aca} - c:\program files\nusphere\phped\NuSphereIEBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] :"c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPDJ Taskbar Utility] :c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\documents and settings\kmiller\start menu\programs\startup\AS-BLANKER.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tortoi~1\help.lnk - c:\program files\tortoisesvn\bin\TortoiseProc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tortoi~1\settings.lnk - c:\program files\tortoisesvn\bin\TortoiseProc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tortoi~1\tortoi~3.lnk - c:\program files\tortoisesvn\bin\TortoiseIDiff.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tortoi~1\tortoi~2.lnk - c:\program files\tortoisesvn\bin\TortoiseMerge.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tortoi~1\tortoi~1.lnk - c:\program files\tortoisesvn\bin\TortoiseProc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tortoi~1\website.lnk - c:\program files\tortoisesvn\bin\Website.url
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://musenga.dyndns.org/activex/AMC.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.1.65 kem
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kmiller\application data\mozilla\firefox\profiles\ei72f9sh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Hiveminder
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\kurt miller\application data\mozilla\firefox\profiles\ei72f9sh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\kmiller\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [2010-6-13 47056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-19 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-19 309848]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs_x32.sys [2010-12-3 146904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-19 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-19 42184]
R2 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2011-4-15 93048]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-19 47640]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-31 428640]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-10-21 36352]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-13 27632]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\webcamdv.sys --> c:\windows\system32\drivers\WebCamDV.sys [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [2007-6-30 5824]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 CamDrv.Pixela;JVC Web Camera;c:\windows\system32\drivers\camdrv.sys [2007-7-12 8293]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\kmille~1.roa\locals~1\temp\cfcatchme.sys --> c:\docume~1\kmille~1.roa\locals~1\temp\CFcatchme.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 EuMusDesignVirtualAudioCableWdm_sdh;Sandhills Audio Cable;c:\windows\system32\drivers\vacsdhkd.sys [2009-4-24 29568]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\everest ultimate engineer edition v.4.00.1023\kerneld.wnt --> e:\everest ultimate engineer edition v.4.00.1023\kerneld.wnt [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-28 30192]
S3 iTurns;iTurns;c:\windows\system32\drivers\iTurns.sys [2008-11-28 52304]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-2 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\39.tmp --> c:\windows\system32\39.tmp [?]
S3 mongrel_test;mongrel_test;"c:/ruby/bin/mongrel_service.exe" single -e development -p 4000 -a 0.0.0.0 -l "log/mongrel.log" -P "log/mongrel.pid" -c "c:/workspaces/rails/gallery" -t 0 -r "public" -n 1024 --> c:/ruby/bin/mongrel_service.exe [?]
S3 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-3-13 90112]
S3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2010-2-27 87616]
S3 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [2011-5-22 68096]
S3 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2011-2-21 16640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 vsdatant;vsdatant; [x]
S4 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys --> c:\windows\system32\drivers\xmasscsi.sys [?]
.
=============== Created Last 30 ================
.
2011-08-25 11:20:17 36864 ----a-w- c:\windows\system32\nircmd.exe
2011-08-25 11:20:17 36352 ----a-w- c:\windows\system32\nircmdc.exe
2011-08-24 09:55:00 -------- d-----w- c:\documents and settings\all users\application data\Driver Utilities
2011-08-20 20:00:55 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-08-20 20:00:55 -------- d-----w- c:\program files\Kernel Outlook PST Viewer
2011-08-20 19:25:33 -------- d-----w- c:\program files\SysTools Address Book Recovery
2011-08-13 07:12:06 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-13 07:10:51 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 21:36:01 -------- d-----w- c:\program files\iPod
2011-08-07 21:36:00 -------- d-----w- c:\program files\iTunes
2011-08-07 21:34:35 -------- d-----w- c:\program files\Bonjour
2011-08-07 19:58:07 -------- d-----w- c:\documents and settings\kmiller\application data\ElevatedDiagnostics
2011-08-07 19:25:38 -------- d-----w- c:\documents and settings\kmiller\local settings\application data\Apple
2011-08-07 19:23:24 -------- d-----w- c:\documents and settings\kmiller\local settings\application data\Apple Computer
2011-08-06 22:45:57 -------- d-----w- c:\program files\FLAC Player
.
==================== Find3M ====================
.
2011-08-22 07:55:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-01-13 06:43:54 399872 ----a-w- c:\program files\WinVi32.exe
.
============= FINISH: 15:50:01.04 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2011 5:09:22 PM
System Uptime: 9/3/2011 3:37:36 PM (0 hours ago)
.
Motherboard: To Be Filled By O.E.M. | | Z96FM
Processor: Intel(R) Core(TM) Duo CPU T2350 @ 1.86GHz | Socket 478M | 1321/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 29.223 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Hands-free Audio
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000
Manufacturer: Broadcom
Name: Bluetooth Hands-free Audio
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000
Service:
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Stereo Audio
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWAUDIO\1&30EE4AD&0&1000000030001
Manufacturer: Broadcom
Name: Bluetooth Stereo Audio
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWAUDIO\1&30EE4AD&0&1000000030001
Service:
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Sandhills Audio Cable
Device ID: ROOT\MEDIA\0002
Manufacturer: EuMus Design
Name: Sandhills Audio Cable
PNP Device ID: ROOT\MEDIA\0002
Service:
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Tunebite High-Speed Dubbing
Device ID: ROOT\MEDIA\0003
Manufacturer: RapidSolution Software
Name: Tunebite High-Speed Dubbing
PNP Device ID: ROOT\MEDIA\0003
Service:
.
==== System Restore Points ===================
.
RP40: 6/4/2011 2:23:21 PM - System Checkpoint
RP41: 6/5/2011 2:35:31 PM - System Checkpoint
RP42: 6/6/2011 4:26:14 PM - System Checkpoint
RP43: 6/7/2011 5:07:18 PM - System Checkpoint
RP44: 6/8/2011 5:24:32 PM - System Checkpoint
RP45: 6/9/2011 8:26:21 PM - System Checkpoint
RP46: 6/10/2011 9:48:12 PM - System Checkpoint
RP47: 6/13/2011 6:45:10 PM - System Checkpoint
RP48: 6/14/2011 2:55:01 PM - Software Distribution Service 3.0
RP49: 6/16/2011 3:33:42 PM - System Checkpoint
RP50: 6/17/2011 4:31:49 PM - System Checkpoint
RP51: 6/22/2011 4:41:01 PM - System Checkpoint
RP52: 6/23/2011 6:50:52 PM - System Checkpoint
RP53: 6/24/2011 7:19:40 PM - System Checkpoint
RP54: 6/26/2011 12:22:27 PM - Installed Java(TM) 6 Update 26
RP55: 6/27/2011 3:31:14 PM - System Checkpoint
RP56: 7/1/2011 1:20:55 PM - System Checkpoint
RP57: 7/2/2011 11:38:12 PM - Software Distribution Service 3.0
RP58: 7/2/2011 11:59:15 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP59: 7/6/2011 2:09:13 PM - Installed TortoiseSVN 1.6.15.21042 (32 bit)
RP60: 7/12/2011 1:03:29 PM - System Checkpoint
RP61: 7/20/2011 2:47:08 PM - Software Distribution Service 3.0
RP62: 7/21/2011 2:53:15 PM - System Checkpoint
RP63: 7/25/2011 4:27:54 PM - System Checkpoint
RP64: 7/27/2011 2:15:03 PM - System Checkpoint
RP65: 8/1/2011 11:41:53 PM - System Checkpoint
RP66: 8/6/2011 4:25:57 PM - System Checkpoint
RP67: 8/7/2011 12:46:21 PM - Removed iTunes
RP68: 8/7/2011 12:55:54 PM - Installed %1 %2.
RP69: 8/7/2011 2:35:50 PM - Installed iTunes
RP70: 8/9/2011 2:08:36 AM - Removed Wireless Console 2
RP71: 8/13/2011 1:37:00 AM - Software Distribution Service 3.0
RP72: 8/18/2011 12:15:45 PM - System Checkpoint
RP73: 8/19/2011 1:06:48 PM - System Checkpoint
RP74: 8/20/2011 12:44:30 PM - Installed Dawn
RP75: 8/22/2011 3:24:04 AM - System Checkpoint
RP76: 8/24/2011 1:09:37 AM - Software Distribution Service 3.0
RP77: 8/24/2011 2:53:51 AM - Installed Driver Utilities.
RP78: 8/24/2011 3:01:26 AM - Removed Driver Utilities.
RP79: 8/25/2011 6:21:29 AM - System Checkpoint
RP80: 8/26/2011 6:35:43 AM - System Checkpoint
RP81: 8/28/2011 10:38:55 PM - System Checkpoint
RP82: 8/30/2011 1:51:00 AM - System Checkpoint
RP83: 8/31/2011 2:14:03 AM - System Checkpoint
RP84: 9/1/2011 3:03:10 AM - System Checkpoint
RP85: 9/2/2011 3:20:50 AM - System Checkpoint
RP86: 9/3/2011 2:04:02 PM - System Checkpoint
RP87: 9/3/2011 2:28:02 PM - Removed Dawn
.
==== Installed Programs ======================
.
2600
2600_Help
2600Trb
Acronis*True*Image*Home
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe PDF Library Files CS4
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AiO_Scan
AiOSoftware
AMP Font Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aptana Studio 3
ATK0100 ACPI UTILITY
Audacity 1.3.12 (Unicode)
AutoHotkey 1.0.91.05
avast! Free Antivirus
AVS Screen Capture version 1.1.2
AVS Video Editor 5
AVS Video Recorder 2.4
AxCrypt 1.7.2067.0
BisonCam, NB Pro
Bonjour
BufferChm
CameraHelperMsi
CamStudio
CamStudio Lossless Codec v1.4
CDBurnerXP
CmdHere Powertoy For Windows XP
Color Detector 2.0
ColorPic
Consolas Font Family
Destinations
DFX for Winamp
Director
DynDNS Updater
erLT
ESET Online Scanner v3
Event Log Explorer 3.3
Fax
FBReader for Windows
FeedDemon
FLAC Player 1.0.1
FormatFactory 1.70
Foxit PDF Editor
Foxit Reader
GanttProject
GNU Privacy Guard
GoldWave v5.52
Google Chrome
Google Desktop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Image Zone 4.7
HP Image Zone Express
HP Product Assistant
HP PSC & OfficeJet 4.7
HPSystemDiagnostics
iCF Skin Pack
iColorFolder
Icon Restore 1.0
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java(TM) 6 Update 26
JGsoft RegexBuddy 3 v.3.2.1
JMB36X Raid Configurer
K-Lite Codec Pack 6.4.0 (Basic)
Kernel Outlook PST Viewer ver 11.05.01
LightScribe 1.4.124.1
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Macromedia Fireworks 8
MagicScore
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Bootvis
Microsoft Document Explorer 2005
Microsoft FrontPage Client - English
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Script Host
Motorola SM56 Data Fax Modem
Mozilla Embedded Browser version 3.5
Mozilla Firefox 6.0.1 (x86 en-US)
Mozilla Thunderbird (5.0)
mProSafe
MSXML 6 Service Pack 2 (KB973686)
MuseScore 0.9.6.3 MuseScore score typesetter
mWlsSafe
NirSoft RegScanner
Notepad++
NSIS FreePOPs (remove only)
NuSphere PhpED version 5.9
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
OpenVPN 2.0.9-gui-1.0.3
Opera 10.63
Pdf995
PdfEdit995
php-4.4.9 for NuSphere PhpED
php-5.2.11 for NuSphere PhpED
php-5.3.0 for NuSphere PhpED
Php Documentor version 1.4.2 for NuSphere PhpED
Picasa 3
Pidgin
Polystyle 2.0zo (trial) for NuSphere PhpED
Polystyle Professional Edition - 3.3b
ProductContext
QFolder
QuickTime
Readme
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.90
Rosetta Stone Version 3
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype™ 5.3
Snagit 10
Sony Ericsson PC Suite 6.009.00
Suite Shared Configuration CS4
Sygate Personal Firewall
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TortoiseSVN 1.6.15.21042 (32 bit)
TrayApp
TrueCrypt
Tweak UI
UltraVnc
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViceVersa Pro 2.5 (Build 2501)
Visual Studio.NET Baseline - English
VLC media player 1.1.9
VNC Free Edition 4.1.3
Vuze
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Winamp
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.4.3
.
==== Event Viewer Messages From Past Week ========
.
9/3/2011 2:16:28 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/3/2011 1:42:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DynDNS Updater service to connect.
9/3/2011 1:42:24 PM, error: Service Control Manager [7000] - The DynDNS Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/31/2011 11:59:41 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
8/31/2011 11:59:41 PM, error: Service Control Manager [7000] - The WebCamDV DV to Webcam Converter service failed to start due to the following error: The system cannot find the file specified.
8/31/2011 1:12:01 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Can you check if IE is OK as well?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
Ran GooredFix

Tried IE - no problems.
Thanks, -km

GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:06 on 03/09/2011 (KMiller)
Firefox version 6.0.1 (en-US)

========== GooredScan ==========

Removing Orphan:
"searchpredict@speedbit.com"="C:\Program Files\SearchPredict\PRFireFox" -> Success!
Removing Orphan:
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"="C:\Program Files\SpeedBit Video Downloader\SPFireFox" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{DF0BC2C7-3425-4533-8DB8-275D49A2BA25} -> Success!
Deleting C:\Documents and Settings\KMiller\Local Settings\Application Data\{DF0BC2C7-3425-4533-8DB8-275D49A2BA25} -> Success!
Removing Orphan:
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" -> Success!
Removing Orphan:
"avg@igeared"="C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:08 22/05/2011]
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [20:00 20/05/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [19:23 26/06/2011]

C:\Documents and Settings\KMiller\Application Data\Mozilla\Firefox\Profiles\ei72f9sh.default\extensions\
54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org [23:23 21/05/2011]
pasteemailplus@guid.customsoftwareconsult.com [22:00 20/07/2011]
sidebarBookmarksSearch@alice [16:55 28/05/2011]
{1f91cde0-c040-11da-a94d-0800200c9a66} [23:22 21/05/2011]
{66E978CD-981F-47DF-AC42-E3CF417C1467} [23:22 21/05/2011]
{c45c406e-ab73-11d8-be73-000a95be3b12} [23:22 21/05/2011]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [23:22 21/05/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:43 06/08/2009]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [23:51 19/05/2011]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:01 21/10/2009]

-=E.O.F=-
 
Good news :)

Let's run couple more scans to make sure nothing is hiding there.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back