Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox/IE process does not terminate on browser close


  • This topic is locked This topic is locked
2 replies to this topic

#1 joshbeoulve

joshbeoulve

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 07 July 2009 - 05:01 AM

Hi guys. I hope someone can help out.

I couple of days ago, I was on a website (which I can't for the life of me remember anymore - no, it's not pr0n) when FF 3.5 suddenly crashed on me. I sent a crash report to Mozilla. Ever since the crash the firefox.exe process does not terminate when I close the browser. Additionally, I see high CPU usage when the browser is closed (and ONLY when the browser is closed).

I thought it might have something to do with Mozilla's crash reporting tool working overtime, but then I noticed something strange: the same thing also happens to IE 8. I've read around and am now aware of a trojan called Poison Ivy which causes the symptoms I have described earlier, but a peek at the appropriate registry entries show no entries with StubPaths only.

Earlier today I tried booting up through the Ultimate Boot CD and ran a barrage of virus scans from Avira, McAfee and Kaspersky to name a few, plus a few anti-spyware tools. All turned up nothing! :thumbup2:

So now I'm back to square 1. I would highly appreciate it if someone could go through my HiJackThis and DDS logs to help me determine if I am infected with something, or at least help me figure out what's causing my browser processes to stick around and consume CPU time.

Here's my DDS log:



DDS (Ver_09-06-26.01) - NTFSx86
Run by Mimiw and Chuchu at 17:36:44.29 on 2009/07/07
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.2047.1436 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AMD\AMD Power Monitor\AMD_PwrMon.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mimiw and Chuchu\Desktop\Downloads\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [AMD_Display] c:\program files\amd\amd power monitor\AMD_PwrMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\mimiwa~1\startm~1\programs\startup\autoru~1\multip~1.lnk - c:\program files\multiply\autouploader\multiply autouploader\Multiply AutoUploader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vuze.lnk - c:\program files\vuze\Azureus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\cssdll32.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mimiwa~1\applic~1\mozilla\firefox\profiles\tgt4hrvh.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-6 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-6 131912]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-6 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-6 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-6 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-6 55640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-6-6 707152]
R2 OpenDNS Updater.exe;OpenDNS Updater;c:\program files\opendns updater\opendns updater.exe --run --> c:\program files\opendns updater\OpenDNS Updater.exe --run [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [2009-4-14 31104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-07-07 16:21 <DIR> -cd----- c:\windows\pss
2009-07-07 16:15 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-07 16:15 <DIR> -cd----- c:\program files\SUPERAntiSpyware
2009-07-07 16:15 <DIR> -cd----- c:\docume~1\mimiwa~1\applic~1\SUPERAntiSpyware.com
2009-07-07 09:50 <DIR> -cd----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-07 09:50 <DIR> -cd----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-07 09:50 <DIR> -cd----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-07 09:50 <DIR> -cd----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-07 09:45 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-06 22:21 <DIR> -cd----- C:\UBCD4Win
2009-07-06 21:58 <DIR> -cd----- c:\program files\Trend Micro
2009-07-06 21:32 <DIR> -cd----- c:\windows\system32\wbem\Repository
2009-07-06 20:56 <DIR> -cd----- c:\program files\UZC
2009-07-06 20:56 <DIR> -cd----- c:\program files\Windows Live SkyDrive
2009-07-06 20:08 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\LightScribe
2009-07-06 18:53 <DIR> -cd----- c:\documents and settings\mimiw and chuchu\IECompatCache
2009-07-06 18:51 <DIR> -cd----- c:\documents and settings\mimiw and chuchu\PrivacIE
2009-07-04 17:56 <DIR> -cd----- c:\program files\Real Alternative
2009-07-04 11:34 <DIR> -cdsh--- c:\documents and settings\mimiw and chuchu\IETldCache
2009-07-04 11:21 <DIR> -cd----- C:\bd1f824cf40ce59cbe1aa2bcdd17
2009-07-04 11:20 <DIR> -cd----- c:\windows\SxsCaPendDel
2009-07-04 11:15 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-04 11:15 <DIR> -cd----- c:\windows\ie8updates
2009-07-04 11:15 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-04 11:15 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-04 11:15 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-04 11:15 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-04 11:14 <DIR> -cd-h--- c:\windows\ie8
2009-07-04 11:11 <DIR> -cd-h--- c:\windows\PIF
2009-07-04 11:08 <DIR> -cd----- c:\program files\Windows Desktop Search
2009-07-04 11:08 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-07-04 11:08 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-07-04 11:08 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-07-04 11:07 <DIR> -cd----- c:\program files\Windows Media Connect 2
2009-07-04 11:06 <DIR> -cd----- c:\windows\system32\LogFiles
2009-07-04 11:04 <DIR> -cd----- c:\windows\system32\URTTEMP
2009-07-04 07:51 <DIR> -cds---- c:\documents and settings\mimiw and chuchu\UserData
2009-07-04 07:37 4,444 ac------ c:\windows\system32\pid.PNF
2009-06-28 17:29 <DIR> -cd----- c:\program files\WWWinamp
2009-06-27 12:14 <DIR> -cd----- C:\Mimiw Lessons
2009-06-27 12:14 <DIR> -cd----- c:\program files\Anki
2009-06-27 11:52 29,624 ac------ c:\docume~1\mimiwa~1\applic~1\GDIPFONTCACHEV1.DAT
2009-06-25 06:36 <DIR> -cd----- c:\documents and settings\mimiw and chuchu\dwhelper
2009-06-24 21:34 <DIR> -cd----- c:\program files\common files\Motorola Shared
2009-06-24 21:34 92,064 ac------ c:\documents and settings\mimiw and chuchu\mqdmmdm.sys
2009-06-24 21:34 79,328 ac------ c:\documents and settings\mimiw and chuchu\mqdmserd.sys
2009-06-24 21:34 66,656 ac------ c:\documents and settings\mimiw and chuchu\mqdmbus.sys
2009-06-24 21:34 9,232 ac------ c:\documents and settings\mimiw and chuchu\mqdmmdfl.sys
2009-06-24 21:34 6,208 ac------ c:\documents and settings\mimiw and chuchu\mqdmcmnt.sys
2009-06-24 21:34 5,936 ac------ c:\documents and settings\mimiw and chuchu\mqdmwhnt.sys
2009-06-24 21:34 4,048 ac------ c:\documents and settings\mimiw and chuchu\mqdmcr.sys
2009-06-24 21:17 <DIR> -cd----- c:\program files\Avanquest update
2009-06-24 21:17 26,112 ac------ c:\windows\system32\drivers\usbser.sys
2009-06-24 21:17 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
2009-06-24 21:16 25,600 ac------ c:\documents and settings\mimiw and chuchu\usbsermptxp.sys
2009-06-24 21:16 22,768 ac------ c:\windows\system32\drivers\usbsermpt.sys
2009-06-24 21:16 22,768 ac------ c:\documents and settings\mimiw and chuchu\usbsermpt.sys
2009-06-24 21:16 45,056 -c------ c:\windows\system32\Mfc42loc.dll
2009-06-24 21:16 <DIR> -cd----- c:\program files\Motorola Phone Tools
2009-06-24 21:03 <DIR> -cd----- C:\Dome tickets
2009-06-21 19:08 56 ac--h--- c:\windows\system32\ezsidmv.dat
2009-06-19 19:34 361,600 ac------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-06-18 21:53 <DIR> -cd----- c:\docume~1\mimiwa~1\applic~1\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1
2009-06-18 21:53 <DIR> -cd----- c:\program files\Multiply
2009-06-16 20:17 376 ac------ c:\windows\ODBC.INI
2009-06-16 20:16 <DIR> -cd----- c:\program files\Microsoft ActiveSync
2009-06-16 20:15 <DIR> -cd----- c:\windows\ShellNew
2009-06-15 21:00 2,788,381 ac------ c:\windows\system32\GameMon.des
2009-06-15 21:00 <DIR> -cd----- c:\program files\common files\INCA Shared
2009-06-15 21:00 5,174 ac------ c:\windows\system32\nppt9x.vxd
2009-06-15 21:00 4,682 ac------ c:\windows\system32\npptNT2.sys
2009-06-15 20:35 <DIR> -cd----- c:\windows\system32\XPSViewer
2009-06-15 20:35 14,048 -c------ c:\windows\system32\spmsg2.dll
2009-06-15 20:34 61,440 ac------ C:\EGamesPlugin.dll
2009-06-15 20:02 <DIR> -cd----- c:\program files\e-Games
2009-06-12 20:22 <DIR> -cd----- c:\program files\Yacc Yet Another CSO Compressor
2009-06-12 18:49 <DIR> -cd----- c:\docume~1\mimiwa~1\applic~1\ICAClient
2009-06-12 18:45 <DIR> -cd----- c:\program files\Citrix
2009-06-12 18:43 <DIR> -cd----- c:\windows\system32\appmgmt
2009-06-11 20:05 <DIR> -cd----- c:\program files\KeyHoleTV
2009-06-10 18:34 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\OpenDNS Updater
2009-06-10 18:34 <DIR> -cd----- c:\program files\OpenDNS Updater
2009-06-09 21:57 2,469,888 ac------ c:\windows\system32\NCTAudioCompress3.dll
2009-06-09 21:57 2,183,168 ac------ c:\windows\system32\NCTVideoCompress.dll
2009-06-09 21:57 1,810,432 ac------ c:\windows\system32\NCTAudioCompress2.dll
2009-06-09 21:57 987,136 ac------ c:\windows\system32\NCTVideoCoreM.dll
2009-06-09 21:57 487,424 ac------ c:\windows\system32\msvcp70.dll
2009-06-09 21:57 348,160 ac------ c:\windows\system32\NCTWMAFile2.dll
2009-06-09 21:57 344,064 ac------ c:\windows\system32\msvcr70.dll
2009-06-09 21:57 290,816 ac------ c:\windows\system32\NCTAVIFile.dll
2009-06-09 21:57 196,608 ac------ c:\windows\system32\NCTWMVFile.dll
2009-06-09 21:57 139,264 ac------ c:\windows\system32\NCTVideoFile.dll
2009-06-09 21:57 90,112 ac------ c:\windows\system32\NCTAudioFormatSettings3.dll
2009-06-09 21:57 <DIR> -cd----- c:\program files\Free WMV to AVI MPEG Converter
2009-06-09 21:49 <DIR> -cd----- c:\program files\EditCDG
2009-06-09 21:49 249,856 -c------ c:\windows\Setup1.exe
2009-06-09 21:49 73,216 ac------ c:\windows\ST6UNST.EXE
2009-06-09 21:31 69 ac------ c:\windows\NeroDigital.ini
2009-06-09 20:16 <DIR> -cd----- c:\program files\Nero
2009-06-09 20:16 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Nero
2009-06-09 19:57 <DIR> -cd----- c:\program files\Karaoke Camstar
2009-06-09 19:56 <DIR> -cd----- c:\windows\system32\windows media
2009-06-09 19:55 <DIR> -cd-h--- c:\windows\msdownld.tmp
2009-06-09 19:55 <DIR> -cd----- c:\windows\RegisteredPackages
2009-06-09 19:55 <DIR> -cd----- c:\program files\Windows Media Components
2009-06-08 21:47 0 ac--h--- c:\windows\SwSys2.bmp
2009-06-08 21:47 0 ac--h--- c:\windows\SwSys1.bmp
2009-06-08 21:13 <DIR> -cd----- c:\program files\Audacity
2009-06-08 21:05 162,304 ac------ c:\windows\system32\lame_enc.dll
2009-06-08 19:55 <DIR> -cd----- c:\program files\KaraFun
2009-06-08 19:44 <DIR> -cd----- c:\program files\iCoolPlayer
2009-06-08 18:43 <DIR> -cd----- c:\docume~1\mimiwa~1\applic~1\.clamwin
2009-06-08 18:43 <DIR> -cd----- c:\program files\ClamWin
2009-06-08 18:43 <DIR> -cd----- c:\documents and settings\all users\.clamwin
2009-06-08 18:36 <DIR> -cd----- C:\LyricistMP3
2009-06-08 18:29 <DIR> -cd----- c:\windows\system32\temp
2009-06-08 18:28 <DIR> -cd----- c:\program files\Karaoke5
2009-06-08 09:36 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-06-08 09:35 <DIR> -cd----- c:\documents and settings\mimiw and chuchu\LocalLow

==================== Find3M ====================

2009-07-06 20:55 170,826 ac------ c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-07-04 07:49 183,912 ac------ c:\windows\system32\guard32.dll
2009-07-04 07:49 25,160 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-07-04 07:49 131,912 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-06-19 19:34 361,600 ac------ c:\windows\system32\drivers\TCPIP.SYS
2009-06-07 09:37 77,274 ac------ c:\windows\War3Unin.dat
2009-06-07 09:19 139,264 ac------ c:\windows\War3Unin.exe
2009-06-07 09:19 2,829 ac------ c:\windows\War3Unin.pif
2009-06-06 12:32 410,984 ac------ c:\windows\system32\deploytk.dll
2009-06-06 12:32 721,904 ac------ c:\windows\system32\drivers\sptd.sys
2009-06-06 09:33 319,488 ac------ c:\windows\HideWin.exe
2009-06-06 09:22 86,327 ac------ c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-06 08:37 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-06-06 07:18 21,640 ac------ c:\windows\system32\emptyregdb.dat
2009-05-13 13:15 915,456 ac------ c:\windows\system32\wininet.dll
2009-05-07 23:32 345,600 ac------ c:\windows\system32\localspl.dll
2009-05-07 01:25 654,208 ac------ c:\windows\autoruns.exe
2009-05-07 01:25 546,688 ac------ c:\windows\autorunsc.exe
2009-05-01 00:31 1,657,376 ac------ c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 ac------ c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 ac------ c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 ac------ c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 ac------ c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 ac------ c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 ac------ c:\windows\system32\nvshell.dll
2009-04-30 22:02 9,994,240 ac------ c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 5,896,320 ac------ c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,720,320 ac------ c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 ac------ c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 ac------ c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 806,912 ac------ c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 ac------ c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 ac------ c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 ac------ c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 ac------ c:\windows\system32\nvcod.dll
2009-04-27 00:42 457,248 ac------ c:\windows\system32\NVUNINST.EXE
2009-04-17 20:26 1,847,168 ac------ c:\windows\system32\win32k.sys
2009-04-15 22:51 585,216 ac------ c:\windows\system32\rpcrt4.dll

============= FINISH: 17:37:14.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 joshbeoulve

joshbeoulve
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 08 July 2009 - 06:52 AM

Hello.

I have managed to resolve this issue myself. What was causing the problem was not a malware infection as I suspected, but a faulty Java installation.

Please lock this thread.

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 08 July 2009 - 06:12 PM

Thanks for letting us know joshbeoulve.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users