Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Hijack: Redirects / Infomoneyservice.com Malware (Help Needed)


  • This topic is locked This topic is locked
2 replies to this topic

#1 milan_b_1983

milan_b_1983

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 04 August 2010 - 10:01 AM

My Firefox has been hijacked yesterday. When loading Firefox, the program attempts to open four additional windows that all guide to InfoMoneyService.com. In addition, Google search results all guide to pages with advertisement and not the proper page that is listed in the results page.

I have scanned my box with McAfee Anti Virus and Malware Bytes to no avail. Neither program found any malware, spyware and/or viruses.

Can somebody please jump on this case to assist me in cleaning this PC?

Thank you in advance.

DDS log pasted below and attached as a Rich Text file - DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by milanb at 11:23:58.91 on Wed 08/04/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1123 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesHPQIAMbinasghost.exe
C:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:WINDOWSSystem32svchost.exe -k Cognizance
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeSiteAdvisor EnterpriseMcSACore.exe
C:WINDOWSExplorer.EXE
C:Program FilesMcAfeeVirusScan EnterpriseEngineServer.exe
C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe
C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32mfevtps.exe
C:Program FilesAdobeAdobe Version Cue CS2datadatabasebinmysqld-nt.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesCommon FilesArtisoftTeleVantageTvWksSvc.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSsystem32SearchIndexer.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:Program FilesHPQHP ProtectTools Security ManagerPTHOSTTR.EXE
C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:WINDOWSsystem32mqsvc.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
C:WINDOWSsystem32mqtgsvc.exe
C:WINDOWSSMINSTScheduler.exe
C:Program FilesAdobeAdobe Version Cue CS2ControlPanelVersionCueCS2Tray.exe
C:Program FilesAdobeAdobe Acrobat 7.0DistillrAcrotray.exe
C:Program FilesMicrosoft IntelliType Protype32.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:PROGRA~1HPQSharedHPQTOA~1.EXE
C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE
C:Program FilesHpHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesMcAfeeCommon Frameworkudaterui.exe
C:Program FilesMcAfeeCommon FrameworkMcTray.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsmilanbLocal SettingsTemporary Internet FilesContent.IE5SB0PPRHTDefogger[1].exe
C:WINDOWSsystem32SearchProtocolHost.exe
C:Documents and SettingsmilanbLocal SettingsTemporary Internet FilesContent.IE5OEP6QGC1dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeadobe acrobat 7.0activexAcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlaDLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscan enterprisescriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:program filesmcafeesiteadvisor enterpriseMcIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: HP Credential Manager for ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:program fileshpqiambinItIeAddIN.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:program filesmcafeesiteadvisor enterpriseMcIEPlg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [WebCamRT.exe]
uRun: [LogitechSoftwareUpdate] "c:program fileslogitechvideoManifestEngine.exe" boot
uRun: [MsnMsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:program filescommon filesaheadlibNMBgMonitor.exe"
uRun: [ISUSPM] "c:program filescommon filesinstallshieldupdateserviceISUSPM.exe" -scheduler
uRun: [ksjhdlbcidu] c:documents and settingsmilanblocal settingsapplication datafqbymunnkurrpt.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SoundMAXPnP] c:program filesanalog devicescoresmax4pnp.exe
mRun: [SoundMAX] c:program filesanalog devicessoundmaxSmax4.exe /tray
mRun: [PTHOSTTR] c:program fileshpqhp protecttools security managerPTHOSTTR.EXE /Start
mRun: [DLA] c:windowssystem32dlaDLACTRLW.EXE
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [hpWirelessAssistant] c:program fileshpqhp wireless assistantHP Wireless Assistant.exe
mRun: [CognizanceTS] rundll32.exe c:progra~1hpqiambinAsTsVcc.dll,RegisterModule
mRun: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
mRun: [Cpqset] c:program fileshpqdefault settingscpqset.exe
mRun: [Recguard] c:windowssminstRecguard.exe
mRun: [Reminder] c:windowscreatorRemind_XP.exe
mRun: [Scheduler] c:windowssminstScheduler.exe
mRun: [WatchDog] c:program filesintervideodvd checkDVDCheck.exe
mRun: [Adobe Version Cue CS2] "c:program filesadobeadobe version cue cs2controlpanelVersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:program filesadobeadobe acrobat 7.0distillrAcrotray.exe"
mRun: [type32] "c:program filesmicrosoft intellitype protype32.exe"
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [LVCOMSX] c:windowssystem32LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:program fileslogitechvideoISStart.exe
mRun: [LogitechVideoTray] c:program fileslogitechvideoLogiTray.exe
mRun: [NeroFilterCheck] c:program filescommon filesaheadlibNeroCheck.exe
mRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [ShStatEXE] "c:program filesmcafeevirusscan enterpriseSHSTAT.EXE" /STANDALONE
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
mRun: [McAfeeUpdaterUI] "c:program filesmcafeecommon frameworkudaterui.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [DiskeeperSystray] "c:program filesexecutive softwarediskeeperDkIcon.exe"
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
StartupFolder: c:docume~1alluse~1startm~1programsstartupadobeg~1.lnk - c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupdvdche~1.lnk - c:program filesintervideodvd checkDVDCheck.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupwindow~1.lnk - c:program fileswindows desktop searchWindowsSearch.exe
IE: Convert link target to Adobe PDF - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:program filesadobeadobe acrobat 7.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:program filesmcafeesiteadvisor enterpriseMcIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:program filesmcafeesiteadvisor enterpriseMcIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:program fileshpqiambinAsWlnPkg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dll
LSA: Notification Packages = scecli AsWlnPkg
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 10.10.10.2 storage
Hosts: 10.10.10.20 westhill
Hosts: 10.10.10.22 iis2k3

================= FIREFOX ===================

FF - ProfilePath - c:docume~1milanbapplic~1mozillafirefoxprofilesatxfcz5p.default
FF - component: c:program filesmcafeesiteadvisor enterprisecomponentsMcFFPlg.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll

---- FIREFOX POLICIES ----
c:program filesfirefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesfirefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesfirefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesfirefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesfirefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesfirefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesfirefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesfirefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesfirefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesfirefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesfirefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesfirefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesfirefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesfirefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesfirefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesfirefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesfirefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesfirefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesfirefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesfirefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesfirefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesfirefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesfirefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesfirefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesfirefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesfirefoxgreprefsall.js - pref("html5.enable", false);
c:program filesfirefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesfirefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesfirefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesfirefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesfirefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesfirefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesfirefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesfirefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesfirefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesfirefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesfirefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesfirefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesfirefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesfirefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesfirefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesfirefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesfirefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesfirefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesfirefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesfirefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesfirefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesfirefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program filesfirefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesfirefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesfirefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:windowssystem32driversmfehidk.sys [2009-3-23 340592]
R2 ASChannel;Local Communication Channel;c:windowssystem32svchost.exe -k Cognizance [2006-2-28 14336]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:program filesmcafeesiteadvisor enterpriseMcSACore.exe [2009-12-16 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:program filesmcafeevirusscan enterpriseEngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:program filesmcafeecommon frameworkFrameworkService.exe [2009-9-25 120128]
R2 McShield;McAfee McShield;c:program filesmcafeevirusscan enterpriseMcshield.exe [2008-9-29 143088]
R2 McTaskManager;McAfee Task Manager;c:program filesmcafeevirusscan enterpriseVsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:windowssystem32mfevtps.exe [2009-3-23 67904]
R2 TvWksSvc;TeleVantage Workstation Service;c:program filescommon filesartisofttelevantageTvWksSvc.exe [2005-3-28 102400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2007-10-28 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:windowssystem32driversmfeavfk.sys [2009-3-23 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:windowssystem32driversmfebopk.sys [2009-3-23 42424]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:program filescommon filesbcl technologieseasypdf 5bepldr.exe [2007-7-16 151552]
S3 mferkdet;McAfee Inc. mferkdet;c:windowssystem32driversmferkdet.sys [2009-3-23 64432]

=============== Created Last 30 ================

2010-08-04 15:23:20 0 ----a-w- c:documents and settingsmilanbdefogger_reenable
2010-08-04 14:43:55 114688 ----a-w- c:windowssystem32chg.exe
2010-08-04 04:37:37 0 d-----w- c:program filesTrend Micro
2010-08-03 21:48:06 0 d-----w- c:program filesFirefox
2010-08-03 20:04:25 412 ----a-w- c:windowssystem32.crusader
2010-08-03 15:24:17 0 d-----w- c:docume~1milanbapplic~1Malwarebytes
2010-08-03 15:24:08 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2010-08-03 15:24:07 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-07-24 07:48:05 159232 ----a-w- c:windowssystem32ptpusd.dll
2010-07-22 15:26:42 0 d-----w- c:program filesSpybot - Search & Destroy
2010-07-22 15:26:42 0 d-----w- c:docume~1alluse~1applic~1Spybot - Search & Destroy
2010-07-19 16:28:02 56 ---ha-w- c:windowssystem32ezsidmv.dat

==================== Find3M ====================

2010-08-03 20:21:45 16968 ----a-w- c:windowssystem32driverbleepmanpro35.sys
2010-08-03 20:03:06 0 ---h--w- c:docume~1alluse~1applic~1PKP_DLdw.DAT
2010-08-03 20:00:05 0 ---h--w- c:docume~1alluse~1applic~1PKP_DLdu.DAT
2010-07-26 21:16:04 182164 ---ha-w- c:windowssystem32mlfcache.dat
2010-06-14 17:49:08 26956 ----a-w- c:windowssystem32emptyregdb.dat
2010-06-09 20:38:38 108932 ----a-w- c:windowsfontsFortuna.ttf
2010-05-25 16:57:20 72080 ----a-w- c:documents and settingsmilanbg2mdlhlpx.exe
2010-05-18 20:35:16 91424 ----a-w- c:windowssystem32dnssd.dll
2010-05-18 20:35:16 197920 ----a-w- c:windowssystem32dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- c:windowssystem32dns-sd.exe
2008-09-11 16:32:22 32768 -csha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008091120080912index.dat

============= FINISH: 11:25:01.83 ===============

After two attempts of creating the GMER log, my system was interrupted by two separate blue screens.


Screen 1:

STOP: d000144

Unknown hard error.

Beginning dump of physical memory.

Screen 2:

IRQL_NOT_LESS_OR_EQUAL

*** STOP: 0x0000000A ***
------
I will attempt to run GMER once again.

Edited by hamluis, 04 August 2010 - 07:14 PM.
Combined posts ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 milan_b_1983

milan_b_1983
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 05 August 2010 - 12:52 PM

*** Computer Has Been Reformatted ***

Please delete this topic. Thank you.


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 05 August 2010 - 05:18 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users