Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google Search Bar Redirect


  • This topic is locked This topic is locked
3 replies to this topic

#1 GranTorino

GranTorino

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 30 August 2010 - 10:35 AM

This seems to be a common infection with Firefox. When I execute a Google search in the search bar in the upper right corner of the Firefox window, when clicking on the results, instead of going to the website listed in the results, I get redirected to a different ad site. I have attempted to run several programs and while they've picked up on some things, the problem still persists.

The DDS.txt report is as follows:


DDS (Ver_10-03-17.01) - FAT32x86
Run by Tawrin J. McGrew at 9:21:34.25 on Mon 08/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.245 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
SVCHOST.EXE
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
SVCHOST.EXE
SVCHOST.EXE
C:WINDOWSsystem32spoolsv.exe
SVCHOST.EXE
C:WINDOWSSystem32svchost.exe -k Akamai
C:Program FilesAVGAVG9avgwdsvc.exe
C:AcerEmpowering TechnologyadmServ.exe
C:Program FilesAVGAVG9avgnsx.exe
SVCHOST.EXE
C:Program FilesJavajre6binjqs.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:WINDOWSSystem32svchost.exe -k HPZ12
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32WFXSVC.EXE
C:WINDOWSsystem32ZuneBusEnum.exe
D:WinfaxWFXMOD32.EXE
C:WINDOWSExplorer.EXE
"C:WINDOWSSystem32svchost.exe"
"C:WINDOWSSystem32svchost.exe"
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:AcerEmpowering Technologyadmtray.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:AcerEmpowering TechnologyeRecoveryMonitor.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesZuneZuneLauncher.exe
C:PROGRA~1AVGAVG9avgtray.exe
D:WinfaxWFXSWTCH.exe
C:WINDOWSsystem32wfxsnt40.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32igfxext.exe
C:Documents and SettingsTawrin J. McGrewLocal SettingsAppsF.luxflux.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesIObitAdvanced SystemCare 3Sup_SmartRAM.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:DOCUME~1TAWRIN~1.MCGLOCALS~1TempRtkBtMnt.exe
C:Program FilesMemeoAutoBackupMemeoBackup.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Documents and SettingsTawrin J. McGrewDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://en.us.acer.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: UIHost=c:windowssystem32logonui.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:windowssystem32eDStoolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Onfolio Property Tray: {e0f91f4c-d30c-4ee3-90b9-741ec8c19129} - mscoree.dll
EB: Onfolio: {ebe3e634-1c1f-42c2-a00d-81afede78438} - mscoree.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [F.lux] "c:documents and settingstawrin j. mcgrewlocal settingsappsf.luxflux.exe" /noshow
uRun: [H/PC Connection Agent] "c:program filesmicrosoft activesyncwcescomm.exe"
uRun: [SmartRAM] "c:program filesiobitadvanced systemcare 3Sup_SmartRAM.exe" /m
mRun: [LaunchApp] Alaunch
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [ADMTray.exe] "c:acerempowering technologyadmtray.exe"
mRun: [ePower_DMC] c:acerempowering technologyepowerePower_DMC.exe
mRun: [Acer ePower Management] c:acerempowering technologyepowerAcer ePower Management.exe boot
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LManager] c:progra~1launch~1LManager.exe
mRun: [eDataSecurity Loader] c:acerempowering technologyedatasecurityeDSloader.exe
mRun: [AzMixerSel] c:program filesrealtekinstallshieldAzMixerSel.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Zune Launcher] "c:program fileszuneZuneLauncher.exe"
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [WFXSwtch] d:winfaxWFXSWTCH.exe
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
dRun: [rmnhtgos] c:documents and settingsnetworkservicelocal settingsapplication datamdrxrslienkimpcyshdw.exe
dRun: [cauesad] c:windowssystem32configsystemprofilecauesad.exe /P
StartupFolder: c:docume~1tawrin~1.mcgstartm~1programsstartupmemeoa~1.lnk - c:docume~1tawrin~1.mcgapplic~1microsoftinstaller{39a908fd-7322-41ae-b374-c7a076b2fc97}NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuplogite~1.lnk - c:program fileslogitechsetpointSetPoint.exe
uPolicies-explorer: NoWinKeys = 1 (0x1)
uPolicies-explorer: MaxRecentDocs = 6 (0x6)
IE: &Capture Page to Onfolio... - c:program filesonfolioOnfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Capt&ure Target to Onfolio... - c:program filesonfolioOnfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
IE: Capture &Snippet to Onfolio... - c:program filesonfolioOnfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
IE: Capture Ima≥ to Onfolio... - c:program filesonfolioOnfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
IE: Capture Page and Selected &Links to Onfolio... - c:program filesonfolioOnfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
IE: Capture Selected Ite&ms to Onfolio... - c:program filesonfolioOnfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
IE: Capture Site to &Onfolio... - c:program filesonfolioOnfolio.WindowsResources.dll/AddSiteFromDocument.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:progra~1mi3aa1~1INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:progra~1mi3aa1~1INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167281959875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.intelcapabilitiesforum.net/rankmypc/scan/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15033/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - d:winfaxWfxSeh32.Dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1tawrin~1.mcgapplic~1mozillafirefoxprofilesu2l4zggf.default
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF - plugin: c:program filesgoogleupdate1.2.183.29npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2008-12-5 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2007-12-8 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2010-2-19 243024]
R2 Akamai;Akamai NetSession Interface;c:windowssystem32svchost.exe -k Akamai [2004-8-10 14336]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-7-18 308136]
R2 AWService;AdminWorks Agent X6;c:acerempowering technologyadmServ.exe [2005-10-24 1314816]
R3 lknuhst;Linksys Network USB Host Controller;c:windowssystem32driverslknuhst.sys [2009-9-8 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:windowssystem32driverslknuhub.sys [2009-9-8 37248]
S2 CA Personal Firewall ASEM;CA Personal Firewall ASEM;c:program filescaca internet security suiteca personal firewallcapfasem.exe --> c:program filescaca internet security suiteca personal firewallcapfasem.exe [?]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-5-19 136176]
S2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]
S3 cpuz130;cpuz130;??c:docume~1tawrin~1.mcglocals~1tempcpuz130cpuz_x32.sys --> c:docume~1tawrin~1.mcglocals~1tempcpuz130cpuz_x32.sys [?]
S3 LKNUCMP;Linksys Network USB Composite Device;c:windowssystem32driverslknucmp.sys [2009-9-8 11648]
S3 MotDev;Motorola Inc. USB Device;c:windowssystem32driversmotodrv.sys [2008-6-29 42112]
S3 Revoflt;Revoflt;c:windowssystem32driversrevoflt.sys [2010-3-11 27064]

=============== Created Last 30 ================

2010-08-30 14:18:33 0 ----a-w- c:documents and settingstawrin j. mcgrewdefogger_reenable
2010-08-30 13:26:36 16968 ----a-w- c:windowssystem32driverbleepmanpro35.sys
2010-08-30 13:01:04 0 d-----w- c:docume~1alluse~1applic~1Hitman Pro
2010-08-30 13:00:55 0 d-----w- c:program filebleepman Pro 3.5
2010-08-30 06:10:27 95024 ----a-w- c:windowssystem32driversSBREDrv.sys
2010-08-26 22:16:10 0 d-----w- c:program filesContent Manager
2010-08-24 22:39:04 0 d-----w- c:windowssystem32Adobe
2010-08-20 23:39:32 783872 ----a-w- c:windowssystem32driversuhhrgri.sys
2010-08-20 23:39:24 0 d-----w- c:docume~1alluse~1applic~1Update
2010-08-20 23:39:19 0 d-----w- c:docume~1tawrin~1.mcgapplic~17815BAE095E4C05B886804BA788DBFE8
2010-08-18 22:58:34 0 ----a-w- c:windowsWTNSETUP.INI
2010-08-18 22:55:10 0 d-----w- c:program filescommon filesConcord Shared
2010-08-18 22:54:45 0 d-----w- c:docume~1tawrin~1.mcgapplic~1Symantec
2010-08-18 22:54:33 437528 ----a-w- c:windowssystem32401COMUPD.EXE
2010-08-18 22:54:12 0 d-----w- c:program filesSymantec
2010-08-18 22:51:28 0 d-----w- c:program filescommon filesNovell Shared
2010-08-18 05:22:25 46 ----a-w- c:windowsVID_DirectX.INI
2010-08-16 17:49:34 0 d-sh--w- C:FOUND.007

==================== Find3M ====================

2010-08-18 22:47:14 135680 ----a-w- c:windowssystem32WFXMNT40.DLL
2010-08-18 22:47:12 136704 ----a-w- c:windowssystem32WFXMNTHQ.DLL
2010-08-18 22:46:08 45568 ----a-w- c:windowssystem32WFXSNT40.EXE
2010-07-27 06:30:36 8462336 ------w- c:windowssystem32dllcacheshell32.dll
2010-07-19 04:42:14 243024 ----a-w- c:windowssystem32driversavgtdix.sys
2010-07-19 04:42:06 12536 ----a-w- c:windowssystem32avgrsstx.dll
2010-07-19 04:41:50 216400 ----a-w- c:windowssystem32driversavgldx86.sys
2010-06-30 12:31:36 149504 ----a-w- c:windowssystem32schannel.dll
2010-06-30 12:31:36 149504 ------w- c:windowssystem32dllcacheschannel.dll
2010-06-24 22:51:58 11077120 ----a-w- c:windowssystem32dllcacheieframe.dll
2010-06-24 12:22:04 916480 ----a-w- c:windowssystem32wininet.dll
2010-06-24 12:22:04 916480 ----a-w- c:windowssystem32dllcachewininet.dll
2010-06-24 12:22:04 12800 ------w- c:windowssystem32dllcachexpshims.dll
2010-06-24 12:22:02 611840 ----a-w- c:windowssystem32dllcachemstime.dll
2010-06-24 12:22:02 5951488 ----a-w- c:windowssystem32dllcachemshtml.dll
2010-06-24 12:22:02 206848 ----a-w- c:windowssystem32dllcacheoccache.dll
2010-06-24 12:22:02 1210368 ----a-w- c:windowssystem32dllcacheurlmon.dll
2010-06-24 12:22:00 599040 ----a-w- c:windowssystem32dllcachemsfeeds.dll
2010-06-24 12:22:00 55296 ----a-w- c:windowssystem32dllcachemsfeedsbs.dll
2010-06-24 12:22:00 25600 ----a-w- c:windowssystem32dllcachejsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:windowssystem32dllcacheieproxy.dll
2010-06-24 12:21:58 1986560 ----a-w- c:windowssystem32dllcacheiertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:windowssystem32dllcacheiepeers.dll
2010-06-24 12:21:56 743424 ------w- c:windowssystem32dllcacheiedvtool.dll
2010-06-24 12:21:56 387584 ----a-w- c:windowssystem32dllcacheiedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:windowssystem32win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:windowssystem32dllcachewin32k.sys
2010-06-23 12:08:10 173056 ----a-w- c:windowssystem32dllcacheie4uinit.exe
2010-06-21 15:27:12 354304 ------w- c:windowssystem32dllcachesrv.sys
2010-06-18 13:36:12 3558912 ----a-w- c:windowssystem32dllcachemoviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:windowssystem32dllcachehelpsvc.exe
2010-06-14 07:41:46 1172480 ----a-w- c:windowssystem32msxml3.dll
2010-06-14 07:41:46 1172480 ----a-w- c:windowssystem32dllcachemsxml3.dll
2007-05-15 12:59:56 251 ----a-w- c:program fileswt3d.ini
2010-05-01 23:13:30 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012010050120100502index.dat

============= FINISH: 9:23:42.31 ===============

Your help would be much appreciated. Thanks.

I'm working on the GMER report. Seems like it's freezing but I'll let it run until it finishes then post that log as well.

EDIT: Posts merged ~BP

Finally got the GMER report. See below.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 31 August 2010 - 10:18 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:18 PM

Posted 05 September 2010 - 02:49 PM

Hello GranTorino, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • MBAM log
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 GranTorino

GranTorino
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 06 September 2010 - 10:02 PM

Thank you Syler. I believe I have resolved the issue since my first post so it is ok to close this topic. If I have any recurring problems, I'll be sure to revisit this forum. Thanks for your reply.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:18 PM

Posted 07 September 2010 - 11:06 AM

Thanks for letting me know GranTorino thumbup2.gif

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users