1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Survey POPup in Firefox

Discussion in 'Malware and Virus Removal Archive' started by John32073, 2013/08/11.

Thread Status:
Not open for further replies.
  1. 2013/08/11
    John32073

    John32073 Well-Known Member Thread Starter

    Joined:
    2010/02/14
    Messages:
    149
    Likes Received:
    1
    [Inactive] Survey POPup in Firefox

    I am having survey popup. Survey popup is the only ones I get. Here are the
    TDSS Killer found nothing also
    Logs
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.10.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    mitchell :: MITCHELL-PC [administrator]

    8/10/2013 5:30:44 PM
    mbam-log-2013-08-10 (17-30-44).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 432095
    Time elapsed: 1 hour(s), 5 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16496
    Run by mitchell at 2:03:38 on 2013-08-11
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2804 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\JohnMitchell Installed Programs\CDBurnerXP\NMSAccessU.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Users\mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Browny02\BrYNSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Pale Moon\palemoon.exe
    C:\Program Files\Pale Moon\plugin-container.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Freecorder extension: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    StartupFolder: C:\Users\mitchell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    TCP: Interfaces\{B37AD9BE-64F0-4763-B2DC-F0DE94A7116C} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Freecorder extension x64: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll
    x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe "
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\xkavqixz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-88f213c9d8fd49a1\NPRobloxProxy.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\xkavqixz.default\extensions\addon@freecorder.com\plugins\npFreeCoder.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - ExtSQL: 2013-07-28 09:47; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\xkavqixz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - ExtSQL: 2013-07-28 09:48; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\xkavqixz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    FF - ExtSQL: 2013-07-28 09:48; artur.dubovoy@gmail.com; C:\Users\mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\xkavqixz.default\extensions\artur.dubovoy@gmail.com.xpi
    FF - ExtSQL: 2013-07-28 09:52; {03B08592-E5B4-45ff-A0BE-C1D975458688}; C:\Users\mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\xkavqixz.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    FF - ExtSQL: 2013-07-28 10:12; addon@freecorder.com; C:\Users\mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\xkavqixz.default\extensions\addon@freecorder.com
    FF - ExtSQL: 2013-08-02 01:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\xkavqixz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-8-17 245760]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-4 19456]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-4 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-1 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-08-11 00:55:19 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9491355E-FB60-49E2-B115-4764FF3266BE}\mpengine.dll
    2013-08-09 23:38:08 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-08-05 01:09:11 -------- d-----w- C:\Users\mitchell\dwhelper
    2013-08-05 00:48:48 -------- d-----w- C:\Windows\System32\MRT
    2013-08-05 00:39:28 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-08-05 00:39:28 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-08-05 00:39:24 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-08-05 00:39:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-08-05 00:39:23 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-08-05 00:39:23 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-08-05 00:39:23 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-08-05 00:39:21 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-08-05 00:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-08-04 18:20:01 -------- d-----w- C:\Users\mitchell\AppData\Roaming\Moonchild Productions
    2013-08-04 18:20:01 -------- d-----w- C:\Users\mitchell\AppData\Local\Moonchild Productions
    2013-08-04 18:19:13 -------- d-----w- C:\Program Files\Pale Moon
    2013-08-04 18:10:56 3584 ----a-w- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
    2013-08-04 18:09:59 562176 ----a-w- C:\Windows\System32\VMCPropertyHandler.dll
    2013-08-04 18:09:59 360832 ----a-w- C:\Windows\System32\drivers\vpcvmm.sys
    2013-08-04 18:09:59 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll
    2013-08-04 18:09:53 1369600 ----a-w- C:\Windows\System32\VPCSettings.exe
    2013-08-04 18:09:43 4514816 ----a-w- C:\Windows\System32\vpc.exe
    2013-08-04 18:09:42 1210368 ----a-w- C:\Windows\System32\VMWindow.exe
    2013-08-04 18:09:41 936448 ----a-w- C:\Windows\System32\vmsal.exe
    2013-08-04 18:03:53 -------- d-----w- C:\Program Files\Windows XP Mode
    2013-08-03 22:05:03 -------- d-----w- C:\Users\mitchell\AppData\Roaming\SUPERAntiSpyware.com
    2013-08-03 22:04:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-08-03 22:04:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2013-07-29 15:02:06 -------- d-----w- C:\Program Files\Free Opener
    2013-07-29 15:01:06 -------- d-----w- C:\ProgramData\APN
    2013-07-29 14:03:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-07-29 14:03:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-07-28 22:55:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-28 22:55:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-28 20:00:54 -------- d-----w- C:\Users\mitchell\AppData\Local\Programs
    2013-07-28 16:29:23 -------- d--h--w- C:\Program Files\Jsys
    2013-07-28 16:28:44 -------- d--h--w- C:\Program Files (x86)\Jsys
    2013-07-28 15:52:36 165376 ----a-w- C:\Windows\SysWow64\unrar.dll
    2013-07-28 15:52:30 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
    2013-07-28 15:52:30 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
    2013-07-28 15:52:29 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
    2013-07-28 15:52:28 810496 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2013-07-28 15:52:28 183808 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2013-07-28 15:52:27 80896 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2013-07-28 15:52:21 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
    2013-07-28 15:37:16 -------- d-----w- C:\Program Files\Axantum
    2013-07-28 15:37:12 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-07-28 15:37:12 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-07-28 15:02:23 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2013-07-28 15:02:23 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2013-07-28 15:02:23 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2013-07-28 15:02:23 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-07-28 14:50:45 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2013-07-28 14:50:06 61216 ----a-w- C:\Windows\System32\OpenCL.dll
    2013-07-28 14:50:06 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2013-07-28 14:49:43 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2013-07-28 14:49:32 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2013-07-28 14:39:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2013-07-28 14:39:00 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2013-07-28 14:39:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2013-07-28 14:39:00 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2013-07-28 14:38:02 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2013-07-28 14:38:02 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2013-07-28 14:38:01 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2013-07-28 14:38:01 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2013-07-28 14:38:01 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2013-07-28 14:38:00 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2013-07-28 14:38:00 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2013-07-28 14:13:08 -------- d-----w- C:\Program Files\Freecorder extension x64
    2013-07-28 14:12:58 -------- d-----w- C:\Program Files (x86)\Freecorder extension
    2013-07-28 13:40:48 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23F1A005-1897-45A2-BFA2-31CEB0885557}\gapaengine.dll
    2013-07-28 13:35:04 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-07-28 13:35:04 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-07-28 13:35:04 144384 ----a-w- C:\Windows\System32\cdd.dll
    2013-07-28 13:34:51 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2013-07-28 13:34:51 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2013-07-28 13:34:51 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2013-07-28 13:34:51 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2013-07-28 13:34:34 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-07-28 13:34:33 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-07-28 13:34:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-28 13:34:26 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-28 13:33:57 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-07-28 13:33:54 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-07-28 13:33:54 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-07-28 13:33:54 111448 ----a-w- C:\Windows\System32\consent.exe
    2013-07-28 13:33:46 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-07-28 13:33:46 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-07-28 13:33:45 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-07-28 13:30:14 -------- d-----w- C:\Users\mitchell\AppData\Roaming\pdfforge
    2013-07-28 13:30:14 -------- d-----w- C:\Program Files\pdfforge
    2013-07-28 07:59:54 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2013-07-28 07:58:55 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-07-28 07:57:52 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2013-07-28 07:40:45 263576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
    2013-07-28 07:38:35 -------- d-----w- C:\Users\mitchell\AppData\Local\Opera
    2013-07-28 07:37:43 -------- d-----w- C:\Program Files\CCleaner
    .
    ==================== Find3M ====================
    .
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 2:04:31.80 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/26/2009 5:34:41 PM
    System Uptime: 8/11/2013 1:02:59 AM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4N78 PRO
    Processor: AMD Phenom(tm) II X3 710 Processor | AM2/AM3 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 360.297 GiB free.
    D: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP72: 7/28/2013 4:01:04 AM - Windows Update
    RP73: 7/28/2013 9:39:47 AM - Windows Update
    RP74: 7/28/2013 10:07:48 AM - Removed ScreenRecorder
    RP75: 7/28/2013 10:15:11 AM - 7 28 2013 setup ok
    RP76: 7/28/2013 10:16:20 AM - Removed Microsoft Streets & Trips 2011
    RP77: 7/28/2013 10:25:45 AM - Before updates 7 28 13 #2
    RP78: 7/28/2013 10:26:58 AM - Windows Update
    RP79: 7/28/2013 11:36:51 AM - Installed AxCrypt 1.7.2976.0
    RP80: 7/28/2013 11:51:54 AM - 7 28 13 before Klite code install #3
    RP81: 7/28/2013 11:53:55 AM - Windows Update
    RP82: 7/29/2013 11:06:49 AM - Windows Update
    RP83: 8/1/2013 7:46:32 PM - Windows Update
    RP84: 8/4/2013 11:00:05 AM - Removed Windows XP Mode
    RP85: 8/4/2013 11:01:38 AM - Windows Modules Installer
    RP86: 8/4/2013 11:10:46 AM - Installed Windows XP Mode
    RP87: 8/4/2013 11:12:14 AM - Windows Update
    RP88: 8/4/2013 1:45:03 PM - Removed Windows XP Mode
    RP89: 8/4/2013 1:46:27 PM - Windows Modules Installer
    RP90: 8/4/2013 2:03:29 PM - Installed Windows XP Mode
    RP91: 8/4/2013 2:09:31 PM - Windows Update
    RP92: 8/4/2013 8:39:39 PM - Windows Update
    RP93: 8/4/2013 9:36:02 PM - 8-4-13 935 pm
    RP94: 8/4/2013 9:40:57 PM - Windows Modules Installer
    RP95: 8/4/2013 10:00:19 PM - Windows Modules Installer
    RP96: 8/8/2013 5:06:58 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.12
    AxCrypt 1.7.2976.0
    Bonjour
    CCleaner
    CDBurnerXP
    Cisco Connect
    ConvertHelper 2.2
    Cool & Quiet
    D3DX10
    Dropbox
    DVD-Cloner V8.00 Build 1003
    Free Opener
    Freecorder 7 Applications (7.0.0.48)
    Freecorder extension
    Freecorder extension for Chrome
    Freecorder extension for Firefox
    Freecorder extension x64
    FreeRIP v3.61
    Google Chrome
    Google Update Helper
    Handy Address Book
    HL-2270DW
    iTunes
    K-Lite Codec Pack (64-bit) v4.1.0
    K-Lite Codec Pack 7.0.0 (Standard)
    LAME v3.98.3 for Audacity
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Word 2000 SR-1
    Mozilla Firefox 22.0 (x86 en-US)
    MSVCRT
    Multimedia Card Reader
    Next Video Converter 3.61
    Nuance PDF Reader
    NVIDIA 3D Vision Driver 311.06
    NVIDIA Control Panel 311.06
    NVIDIA Drivers
    NVIDIA Graphics Driver 311.06
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    Opera 12.16
    Pale Moon 20.2.1-x64 (x64 en-US)
    PDFCreator
    pdfforge Images2PDF 0.9.2.546
    Revo Uninstaller 1.90
    ROBLOX Player
    Seagate*DiscWizard
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    VLC media player 1.1.4
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Encoder 9 Series x64 Edition
    Windows XP Mode
    WinZip
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/6/2013 11:14:10 AM, Error: Schannel [36887] - The following fatal alert was received: 47.
    8/5/2013 8:52:58 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s).
    The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/5/2013 8:52:58 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    8/5/2013 1:14:07 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
    8/4/2013 1:48:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vpcnfltr
    .
    ==== End Of File ===========================
     
    John32073,
    #1
  2. 2013/08/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Is Firefox the only browser affected?
    Are you having any other computer issues?

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
    broni,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...