1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Possible Malware? Excessive Pop-Ups but only when using Firefox!

Discussion in 'Malware and Virus Removal Archive' started by Cherysei, 2009/12/15.

  1. 2009/12/15
    Cherysei

    Cherysei Inactive Thread Starter

    Joined:
    2005/06/30
    Messages:
    23
    Likes Received:
    0
    [Active] Possible Malware? Excessive Pop-Ups but only when using Firefox!

    So, I'm not sure what's going on here. My usual scenario is slow start-up and browsing, but the only problem occurring is excessive pop-ups... from the same websites, repeatedly! I can only think of this dumb Game thing I downloaded off TvShack.net. I uninstalled/deleted immediately after I realized I didn't even need it to watch the movies, BUT... apparently something got tweaked and now I can't stop the pop-ups.

    Thanks guys!

    Here are my DDS logs:


    DDS (Ver_09-06-26.01) - NTFSx86
    Run by tiffyta at 2:22:47.39 on Tue 12/15/2009
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1289 [GMT -8:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\StkASv2K.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe
    C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\tiffyta\Desktop\malware clean-up\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Automated Content Enhancer: {1d74e9dd-8987-448b-b2cb-67fff2b8a932} - c:\program files\automated content enhancer\4.1.0.5260\ACEIEAddOn.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: Customized Platform Advancer: {42c7c39f-3128-4a17-bdb7-91c46032b5b9} - c:\program files\customized platform advancer\4.1.0.1850\CPAIEAddOn.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Content Management Wizard: {b72681c0-a222-4b21-a0e2-53a5a5ca3d41} - c:\program files\content management wizard\1.1.0.1990\CMWIE.dll
    BHO: Textual Content Provider: {cac89ff9-34a9-4431-8cfe-292a47f843bc} - c:\program files\textual content provider\1.1.0.1810\TCPIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Web Search Operator: {eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} - c:\program files\web search operator\4.1.0.1990\wso.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    uRun: [Aim6]
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
    uRun: [Google Update] "c:\documents and settings\tiffyta\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe "
    mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
    mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
    mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [Internet Today Task] "c:\program files\internet today\1.1.0.1260\InternetToday.exe "
    dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - hxxp://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\tiffyta\applic~1\mozilla\firefox\profiles\v9lhtojs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\documents and settings\tiffyta\application

    data\mozilla\firefox\profiles\v9lhtojs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
    FF - component: c:\program files\automated content enhancer\4.1.0.5260\ff\components\ACEFFAddOn.dll
    FF - component: c:\program files\customized platform advancer\4.1.0.1850\ff\components\CPAFFAddOn.dll
    FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
    FF - component: c:\program files\web search operator\4.1.0.1990\ff\components\WSOFFAddOn.dll
    FF - plugin: c:\documents and settings\tiffyta\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

    foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

    ============= SERVICES / DRIVERS ===============

    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-11-16 58464]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-11-16 98304]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2006-2-14 221191]
    R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2006-6-8 29184]
    R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-11-16 116864]
    S2 gupdate1c919f1428aa9ea;Google Update Service (gupdate1c919f1428aa9ea);c:\program files\google\update\GoogleUpdate.exe [2008-9-18 133104]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-8 280344]
    S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-10-1 16640]

    =============== Created Last 30 ================

    2009-12-13 21:17 <DIR> --d----- c:\program files\Textual Content Provider
    2009-12-13 21:16 <DIR> --d----- c:\program files\Content Management Wizard
    2009-12-13 21:16 <DIR> --d----- c:\program files\Internet Today
    2009-12-13 21:16 <DIR> --d----- c:\program files\Customized Platform Advancer
    2009-12-13 21:16 <DIR> --d----- c:\program files\Automated Content Enhancer
    2009-12-13 21:16 <DIR> --d----- c:\program files\Web Search Operator
    2009-12-13 21:16 <DIR> --d----- c:\program files\Gameztar Toolbar
    2009-11-28 14:02 303,104 a------- c:\windows\system32\CNC490L.dll
    2009-11-28 14:02 110,592 a------- c:\windows\system32\CNC490I.dll
    2009-11-28 14:02 12,544 a------- c:\windows\system32\CNC173CD.TBL
    2009-11-28 14:02 1,310,720 a------- c:\windows\system32\CNC490C.dll
    2009-11-28 14:02 106,496 a------- c:\windows\system32\CNC490U.dll
    2009-11-28 14:02 15,872 a------- c:\windows\system32\CNHMCA.dll
    2009-11-27 20:07 <DIR> --d----- c:\docume~1\tiffyta\applic~1\Canon Easy-WebPrint EX
    2009-11-27 20:01 272,384 a------- c:\windows\system32\CNMLM9Y.DLL
    2009-11-27 20:01 90,112 a------- c:\windows\system32\CNC490O.dll
    2009-11-27 20:01 178,176 a------- c:\windows\system32\CNMIU9Y.DLL
    2009-11-21 22:34 <DIR> --d----- c:\program files\iPod
    2009-11-21 22:33 <DIR> --d----- c:\program files\iTunes
    2009-11-20 13:48 <DIR> --d----- c:\docume~1\tiffyta\applic~1\BitTorrent
    2009-11-20 13:48 <DIR> --d----- c:\program files\BitTorrent
    2009-11-20 13:36 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
    2009-11-20 13:36 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
    2009-11-20 13:35 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
    2009-11-20 13:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
    2009-11-20 13:33 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

    ==================== Find3M ====================

    2009-12-15 02:04 26,295 a------- c:\windows\system32\tablet.dat
    2009-12-15 02:01 44,010 a------- c:\docume~1\tiffyta\applic~1\wklnhst.dat
    2009-11-04 15:22 77,564 a---h--- c:\windows\system32\mlfcache.dat
    2009-10-28 06:36 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-10-28 06:36 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2009-10-27 22:54 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
    2009-10-27 22:52 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
    2009-10-20 21:38 75,776 a------- c:\windows\system32\strmfilt.dll
    2009-10-20 21:38 25,088 a------- c:\windows\system32\httpapi.dll
    2009-10-20 21:38 75,776 -------- c:\windows\system32\dllcache\strmfilt.dll
    2009-10-20 21:38 25,088 -------- c:\windows\system32\dllcache\httpapi.dll
    2009-10-20 08:20 265,728 a------- c:\windows\system32\drivers\http.sys
    2009-10-20 08:20 265,728 -------- c:\windows\system32\dllcache\http.sys
    2009-10-13 02:30 270,336 a------- c:\windows\system32\oakley.dll
    2009-10-13 02:30 270,336 -------- c:\windows\system32\dllcache\oakley.dll
    2009-10-12 05:38 149,504 a------- c:\windows\system32\rastls.dll
    2009-10-12 05:38 149,504 -------- c:\windows\system32\dllcache\rastls.dll
    2009-10-12 05:38 79,872 a------- c:\windows\system32\raschap.dll
    2009-10-12 05:38 79,872 -------- c:\windows\system32\dllcache\raschap.dll
    2007-05-28 14:49 64,792 ac------ c:\docume~1\tiffyta\applic~1\GDIPFONTCACHEV1.DAT
    2007-02-09 14:04 2,828 ac-sh--- c:\windows\system32\KGyGaAvL.sys
    2009-08-04 20:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080420090805\index.dat

    ============= FINISH: 2:23:47.73 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-06-26.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/16/2006 7:07:19 PM
    System Uptime: 12/15/2009 2:02:49 AM (0 hours ago)

    Motherboard: Dell Inc. | | 0XD720
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 1053/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 105 GiB total, 39.08 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\8800D61364FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\8800D61364FC000
    Service: NIC1394

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA

    ==== System Restore Points ===================

    RP834: 10/22/2009 7:45:07 PM - Installed Logitech QuickCam
    RP835: 10/23/2009 8:22:01 PM - System Checkpoint
    RP836: 10/24/2009 8:32:34 PM - System Checkpoint
    RP837: 10/25/2009 10:37:54 PM - System Checkpoint
    RP838: 10/26/2009 10:40:18 PM - System Checkpoint
    RP839: 10/27/2009 10:40:29 PM - System Checkpoint
    RP840: 10/29/2009 12:08:06 AM - System Checkpoint
    RP841: 10/30/2009 2:09:00 PM - System Checkpoint
    RP842: 10/31/2009 10:19:59 PM - System Checkpoint
    RP843: 11/1/2009 10:50:51 PM - System Checkpoint
    RP844: 11/3/2009 1:58:01 PM - Software Distribution Service 3.0
    RP845: 11/4/2009 2:32:10 PM - System Checkpoint
    RP846: 11/5/2009 10:45:06 PM - System Checkpoint
    RP847: 11/6/2009 11:09:04 PM - System Checkpoint
    RP848: 11/7/2009 11:50:22 PM - System Checkpoint
    RP849: 11/9/2009 9:08:48 AM - System Checkpoint
    RP850: 11/10/2009 9:47:40 AM - System Checkpoint
    RP851: 11/11/2009 2:29:54 PM - Software Distribution Service 3.0
    RP852: 11/12/2009 3:34:05 PM - System Checkpoint
    RP853: 11/13/2009 8:13:31 PM - System Checkpoint
    RP854: 11/15/2009 11:23:54 PM - System Checkpoint
    RP855: 11/17/2009 2:52:08 PM - System Checkpoint
    RP856: 11/18/2009 2:53:47 PM - System Checkpoint
    RP857: 11/19/2009 7:02:39 PM - System Checkpoint
    RP858: 11/20/2009 1:31:29 PM - Installed Zune software
    RP859: 11/20/2009 1:31:41 PM - Software Distribution Service 3.0
    RP860: 11/21/2009 2:55:04 PM - System Checkpoint
    RP861: 11/22/2009 6:22:45 PM - System Checkpoint
    RP862: 11/23/2009 7:33:49 PM - System Checkpoint
    RP863: 11/24/2009 8:10:33 PM - System Checkpoint
    RP864: 11/25/2009 9:43:48 PM - System Checkpoint
    RP865: 11/26/2009 3:00:25 AM - Software Distribution Service 3.0
    RP866: 11/27/2009 4:31:34 PM - System Checkpoint
    RP867: 11/28/2009 9:03:50 PM - System Checkpoint
    RP868: 11/30/2009 9:15:55 PM - System Checkpoint
    RP869: 12/1/2009 10:08:46 PM - System Checkpoint
    RP870: 12/3/2009 10:01:40 PM - System Checkpoint
    RP871: 12/5/2009 11:15:02 PM - System Checkpoint
    RP872: 12/7/2009 12:37:13 AM - System Checkpoint
    RP873: 12/8/2009 9:06:31 PM - System Checkpoint
    RP874: 12/9/2009 3:00:44 AM - Software Distribution Service 3.0
    RP875: 12/10/2009 4:37:23 PM - System Checkpoint
    RP876: 12/11/2009 5:22:34 PM - System Checkpoint
    RP877: 12/12/2009 8:28:50 PM - System Checkpoint
    RP878: 12/13/2009 9:24:40 PM - Removed Ask Toolbar.
    RP879: 12/14/2009 9:59:51 PM - System Checkpoint
    RP880: 12/15/2009 12:36:21 AM - Removed TweetDeck
    RP881: 12/15/2009 12:51:10 AM - Removed Modem Helper

    ==== Installed Programs ======================


    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe InDesign CS2
    Adobe Photoshop CS2
    Adobe Reader 9.2
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    AIM 6
    AIM MusicLink 2.0.0.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Display Driver
    Banctec Service Agreement
    BitTorrent
    Bonjour
    Broadcom Management Programs
    Canon Easy-WebPrint EX
    Canon G.726 WMP-Decoder
    Canon MP Navigator EX 3.0
    Canon MP490 series MP Drivers
    Canon MP490 series User Registration
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Conexant HDA D110 MDC V.92 Modem
    Consumer Complete Care Services Agreement
    Cool Edit Pro 2.1
    Corel Painter Essentials 2
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Support 3.2
    Dell System Restore
    Dell Wireless WLAN Card
    Digital Content Portal
    Digital Line Detect
    DNA
    Documentation & Support Launcher
    EarthLink Setup Files
    EducateU
    ESPNMotion
    Games, Music, & Photos Launcher
    Google Chrome
    Google Gears
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    InterActual Player
    iPhone Configuration Utility
    iTunes
    Java(TM) 6 Update 15
    Logitech QuickCam Software
    Logitech® Camera Driver
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Flash MX 2004
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    McAfee Security Scan
    McAfee VirusScan Enterprise
    MediaDirect
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Standard 2006
    Microsoft Digital Image Standard 2006 Editor
    Microsoft Digital Image Standard 2006 Library
    Microsoft Encarta Encyclopedia Standard 2006
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Streets & Trips 2006
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WinUsb 1.0
    Microsoft Works
    Microsoft Works Suite 2006 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    MobileMe Control Panel
    Mozilla Firefox (3.5.5)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyFonts Order M1276584
    MyFonts Order M1278669
    Navizon
    Netflix Movie Viewer
    NetWaiting
    NetZeroInstallers
    nik Color Efex Pro 2.0 IE
    QuickSet
    QuickTime
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Skype web features
    Skypeâ„¢ 4.1
    Sonic DLA
    Sonic Encoders
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    SoulSeek 157 NS 13
    SUPERAntiSpyware Free Edition
    Synaptics Pointing Device Driver
    The Rosetta Stone
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb976884)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    USB2.0 Capture Device
    VC_MergeModuleToMSI
    VPN Client
    Wacom Tablet
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    Works Upgrade

    ==== Event Viewer Messages From Past Week ========

    12/8/2009 6:08:25 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system

    cannot find the file specified.

    ==== End Of File ===========================
     
    Cherysei,
    #1
  2. 2009/12/15
    Cherysei

    Cherysei Inactive Thread Starter

    Joined:
    2005/06/30
    Messages:
    23
    Likes Received:
    0
    P.S. I forgot to elaborate on the fact that it only happens when I use FireFox, as well as Internet Explorer. I'd resort to Google Chrome, but I use FireFox for its FTP server - I write for a music blog.

    Anyways, looking forward to your response!
     
    Cherysei,
    #2


  3. to hide this advert.

  4. 2009/12/15
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    I see you have P2P software ( Limewire, BitTorrent, uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #3
  5. 2009/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    ******************************************************************************************
    Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
    DO NOT remove those entries!
    If you do, your computer will become UN-bootable.
    The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
    ****************************************************************************************

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...