Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google Searchbar Redirect


  • This topic is locked This topic is locked
3 replies to this topic

#1 jflann

jflann

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 30 July 2010 - 01:24 PM

My firefox google search redirects to "search.search-star.net" I also get a strange message on startup, something along the lines of 'There was a problem starting idjqp.dll.'

Thanks in advance for the help!


DDS (Ver_10-03-17.01) - NTFSX64
Run by Justin at 13:08:24.50 on Fri 07/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2950 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
G:\Program Files (x86)\Steam\Steam.exe
C:\Users\Justin\Downloads\wopt021\WLAN Optimizer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
G:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
M:\Incoming\Firefox Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "g:\program files (x86)\steam\steam.exe" -silent
uRun: [WLAN Optimizer] c:\users\justin\downloads\wopt021\WLAN Optimizer.exe
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RGSC] g:\program files (x86)\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [VirtualCloneDrive] "g:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [sta] rundll32 "idjqp.dll",,Run
mRun: [MChk] c:\windows\system32\vdjqp.exe
dRun: [Klagozehujo] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\dxmpDSr.dll",Startup
dRun: [uggiyrtj] c:\windows\system32\config\systemprofile\appdata\local\rwegrkinn\kbkxfnltssd.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~1\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office12\GR469A~1.DLL
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\tldufigl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files (x86)\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - plugin: g:\program files (x86)\videolan\vlc\npvlc.dll
FF - HiddenExtension: XULRunner: {2D44CEFE-AE6F-4924-909E-BB2DAE1DB955} - c:\windows\system32\config\systemprofile\appdata\local\{2d44cefe-ae6f-4924-909e-bb2dae1db955}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-5-11 178728]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-7-27 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-7-27 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-27 81072]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-7-26 131688]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-15 393216]

=============== Created Last 30 ================

2010-07-30 17:51:17 0 ----a-w- c:\users\justin\defogger_reenable
2010-07-30 16:48:16 0 d-----w- c:\program files (x86)\Trend Micro
2010-07-30 16:30:24 0 d-----w- c:\users\justin\appdata\roaming\Avira
2010-07-30 03:00:22 150 ----a-w- C:\zrpt.xml
2010-07-30 03:00:19 0 d-----w- c:\programdata\Update
2010-07-29 23:51:11 0 d-sh--w- c:\programdata\SecuROM
2010-07-29 22:44:35 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-07-29 20:09:43 0 d-----w- c:\program files\Realtek
2010-07-29 20:09:35 0 d-----w- c:\program files (x86)\Realtek
2010-07-29 05:21:46 0 ----a-w- c:\users\justin\jagex__preferences3.dat
2010-07-29 05:21:45 99 ----a-w- c:\users\justin\jagex_runescape_preferences2.dat
2010-07-29 05:20:27 46 ----a-w- c:\users\justin\jagex_runescape_preferences.dat
2010-07-29 05:20:15 0 d-----w- C:\.jagex_cache_32
2010-07-28 23:18:50 247296 ----a-w- c:\windows\syswow64\edkhp.dll
2010-07-28 22:05:31 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-07-28 21:54:00 0 d-----w- c:\program files (x86)\Microsoft Games
2010-07-28 20:14:47 0 d-----w- c:\users\justin\appdata\roaming\ManyCam
2010-07-28 20:14:40 0 d-----w- c:\program files (x86)\Ask.com
2010-07-28 16:36:35 0 d-----w- c:\users\justin\appdata\roaming\mIRC
2010-07-28 06:05:32 0 d-----w- c:\users\justin\appdata\roaming\Foxit Software
2010-07-28 04:47:53 21840 ----a-w- c:\windows\syswow64\SIntfNT.dll
2010-07-28 04:47:53 17212 ----a-w- c:\windows\syswow64\SIntf32.dll
2010-07-28 04:47:53 12067 ----a-w- c:\windows\syswow64\SIntf16.dll
2010-07-28 04:41:28 39775 ----a-w- c:\windows\DIIUnin.dat
2010-07-28 04:41:27 94208 ----a-w- c:\windows\DIIUnin.exe
2010-07-28 04:41:27 2829 ----a-w- c:\windows\DIIUnin.pif
2010-07-28 02:26:57 0 d-----w- c:\users\justin\appdata\roaming\Malwarebytes
2010-07-28 02:26:53 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 02:26:53 0 d-----w- c:\programdata\Malwarebytes
2010-07-28 02:26:53 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-28 02:26:51 0 d-----w- c:\programdata\Skype
2010-07-28 02:26:51 0 d-----r- c:\program files (x86)\Skype
2010-07-28 02:26:42 0 d-----w- c:\program files (x86)\Winamp Detect
2010-07-28 02:26:33 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-07-28 02:26:07 0 d-----w- c:\program files (x86)\Foxit Software
2010-07-28 02:26:05 0 d-----w- c:\programdata\Sun
2010-07-28 02:26:00 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-28 02:26:00 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-28 02:26:00 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-28 02:26:00 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-27 19:38:39 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-27 19:38:39 0 d-----w- c:\programdata\Avira
2010-07-27 19:38:39 0 d-----w- c:\program files (x86)\Avira
2010-07-27 18:13:41 45 ----a-w- c:\windows\syswow64\initdebug.nfo
2010-07-27 09:08:01 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-07-27 09:07:05 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-27 09:07:05 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-27 09:07:05 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-27 09:07:05 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-27 09:07:05 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-27 09:07:05 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-27 09:07:05 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-27 09:07:05 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-27 09:07:05 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-27 09:07:05 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-27 09:05:41 0 d-----w- c:\windows\syswow64\directx
2010-07-27 09:04:21 139264 ----a-w- c:\windows\system32\cabview.dll
2010-07-27 09:04:21 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-27 09:03:00 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-07-27 09:03:00 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-07-27 09:03:00 0 d--h--w- C:\settingsxx.exe
2010-07-27 06:42:38 215128 ----a-w- c:\windows\syswow64\PnkBstrB.xtr
2010-07-27 06:37:39 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-07-27 06:37:39 215128 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-07-27 06:37:38 794408 ----a-w- c:\windows\syswow64\pbsvc.exe
2010-07-27 06:28:08 0 d--h--w- C:\VritualRoot
2010-07-27 06:09:22 0 d-----w- c:\programdata\Comodo Downloader
2010-07-27 05:16:37 675794 ----a-w- c:\windows\system32\oem9.inf
2010-07-27 04:35:42 262 ----a-w- c:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2010-07-27 04:35:08 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-07-27 03:16:15 0 d-----w- c:\users\justin\appdata\roaming\NVIDIA
2010-07-27 03:14:12 81768 ----a-w- c:\windows\syswow64\xinput1_3.dll
2010-07-27 03:14:12 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2010-07-27 02:51:21 0 d-----w- c:\users\justin\appdata\roaming\uTorrent
2010-07-27 02:38:53 0 d-----w- c:\program files\7-Zip
2010-07-27 02:35:02 2337488 ----a-w- c:\windows\syswow64\d3dx9_25.dll
2010-07-27 02:35:02 2222800 ----a-w- c:\windows\syswow64\d3dx9_24.dll
2010-07-26 22:13:28 0 d-----w- c:\windows\syswow64\Macromed
2010-07-26 21:59:50 0 d-----w- c:\windows\PCHEALTH
2010-07-26 21:58:38 0 d-----w- c:\program files\Microsoft Office
2010-07-26 21:58:34 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-07-26 21:58:06 0 d-----w- c:\programdata\Microsoft Help
2010-07-26 21:56:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-26 21:42:07 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-07-26 21:38:21 0 d-----w- c:\windows\system32\appmgmt
2010-07-26 21:28:50 0 d-----w- c:\program files (x86)\common files\Steam
2010-07-26 18:54:57 0 d-----w- c:\windows\Panther
2010-07-26 16:26:49 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2010-07-26 16:26:49 255592 ----a-w- c:\windows\system32\nvcohda6.dll
2010-07-26 16:26:49 131688 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2010-07-26 16:26:29 0 d-----w- c:\programdata\NVIDIA
2010-07-26 16:26:03 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-07-26 16:26:02 0 d-sh--w- c:\windows\Installer
2010-07-26 16:26:01 0 d-----w- c:\programdata\NVIDIA Corporation
2010-07-26 16:26:00 0 d-----w- c:\program files\NVIDIA Corporation
2010-07-26 16:13:00 0 d-----w- c:\program files (x86)\Marvell
2010-07-26 16:12:35 1603104 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-07-26 16:12:32 0 d--h--w- c:\program files (x86)\Temp
2010-07-26 16:11:42 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2010-07-26 16:11:34 0 d-----w- C:\Intel
2010-07-09 21:27:02 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 21:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 21:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 21:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 21:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll

==================== Find3M ====================

2010-07-28 05:21:22 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-06-02 09:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 09:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 09:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 09:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 09:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 09:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-26 16:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 16:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
2010-05-26 16:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 16:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 16:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
2010-05-26 16:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
2010-05-26 16:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
2010-05-26 16:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 16:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
2010-05-26 16:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:08:52.81 ===============


BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:06:16 PM

Posted 07 August 2010 - 09:47 PM

Hi jflann
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up.

Please do this.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    Please uncheck the following settings that we do not want in our scan.
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive, which is typically C:\
  • Show All (This one is important, so do not miss it.)
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:06:16 PM

Posted 11 August 2010 - 10:01 AM

Hi
If you still require help. please respond to this thread or it will be closed in 48 hours.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#4 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:06:16 PM

Posted 15 August 2010 - 09:13 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users