Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijack of firefox "search the web"


  • This topic is locked This topic is locked
4 replies to this topic

#1 Hardwarez

Hardwarez

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 03 August 2011 - 09:42 AM

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by tv at 9:48:32 on 2011-08-03
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.397 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\guiminer20110701\guiminer\guiminer.exe
C:\guiminer20110701\guiminer\poclbm.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\tv\appdata\roaming\micros~1\windows\startm~1\programs\startup\premot~1.lnk - c:\premotedroid-server\PRemoteDroid-Server.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\guiminer.lnk - c:\guiminer20110701\guiminer\guiminer.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{E7C9DD9E-E219-4CFC-8C94-25EB1A8B76A1} : NameServer = 192.168.2.1,8.8.8.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tv\appdata\roaming\mozilla\firefox\profiles\58yrhsw5.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tv\appdata\roaming\move networks\plugins\npqmp071706000001.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-3 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl7c35b41e;MpKsl7c35b41e;c:\programdata\microsoft\microsoft antimalware\definition updates\{375b9e44-925d-4e3e-bef9-e8700ea978f2}\MpKsl7c35b41e.sys [2011-8-2 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-4 176128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-3 366640]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2010-11-3 94024]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-5-23 2337144]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2011-1-6 1737200]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-4 6789120]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-4 235520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-3 22712]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2011-1-6 12096]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-15 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-3 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-15 136176]
S3 htcdiag;HTC Android Diag Port;c:\windows\system32\drivers\htcdiag.sys [2011-4-9 101376]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
.
=============== Created Last 30 ================
.
2011-08-03 12:55:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-03 12:55:39 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-08-03 12:55:25 -------- d-----w- c:\program files\Lavasoft
2011-08-03 12:53:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-03 12:53:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-03 12:53:39 -------- d-----w- c:\users\tv\appdata\roaming\SUPERAntiSpyware.com
2011-08-03 12:53:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-03 12:53:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-03 12:40:11 -------- d-----w- C:\$RECYCLE.BIN
2011-08-03 12:25:39 98816 ----a-w- c:\windows\sed.exe
2011-08-03 12:25:39 518144 ----a-w- c:\windows\SWREG.exe
2011-08-03 12:25:39 256000 ----a-w- c:\windows\PEV.exe
2011-08-03 12:25:39 208896 ----a-w- c:\windows\MBR.exe
2011-08-03 05:32:51 -------- d-----w- c:\users\tv\appdata\roaming\Malwarebytes
2011-08-03 05:32:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 05:32:44 -------- d-----w- c:\programdata\Malwarebytes
2011-08-03 05:32:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 05:32:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 22:30:19 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{375b9e44-925d-4e3e-bef9-e8700ea978f2}\MpKsl7c35b41e.sys
2011-08-02 22:29:55 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{375b9e44-925d-4e3e-bef9-e8700ea978f2}\mpengine.dll
2011-07-06 15:22:07 -------- d-----w- C:\guiminer20110701
.
==================== Find3M ====================
.
2011-06-22 15:13:47 40394 ----a-w- C:\cc_20110622_111341.reg
2011-06-16 00:43:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
============= FINISH: 9:49:59.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:39 PM

Posted 04 August 2011 - 06:47 PM

Hello,

Does this topic concern the same computer as the topic here? http://www.bleepingcomputer.com/forums/topic412714.html ?

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Hardwarez

Hardwarez
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 04 August 2011 - 08:02 PM

It is a different pc, this pc seems to have this browser hijack of firefox "search the web". The other post was my personal pc which is spyware free I posted on both because I thought there was a problem with both. But it was DNS router hijack on the other.

I discovered that my dlink dir-655 had the DNS settings hacked. DHCP from ISP was getting russian IP's.

Primary DNS Server : 213.109.66.22
Secondary DNS Server : 213.109.75.217

I hard reset it to correct and set non default password.




ComboFix 11-08-03.02 - tv 08/03/2011 8:26.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1055 [GMT -4:00]
Running from: c:\users\tv\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tv\AppData\Local\Temp\bluecove_tv_0\intelbth.dll
c:\users\tv\AppData\Roaming\Local
c:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 12:38 . 2011-08-03 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-03 05:32 . 2011-08-03 05:32 -------- d-----w- c:\users\tv\AppData\Roaming\Malwarebytes
2011-08-03 05:32 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 05:32 . 2011-08-03 05:32 -------- d-----w- c:\programdata\Malwarebytes
2011-08-03 05:32 . 2011-08-03 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-03 05:32 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 22:30 . 2011-08-02 22:30 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{375B9E44-925D-4E3E-BEF9-E8700EA978F2}\MpKsl7c35b41e.sys
2011-08-02 22:29 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{375B9E44-925D-4E3E-BEF9-E8700EA978F2}\mpengine.dll
2011-07-06 15:22 . 2011-07-06 15:22 -------- d-----w- C:\guiminer20110701
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2011-02-23 18:55 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-22 15:13 . 2011-06-22 15:13 40394 ----a-w- C:\cc_20110622_111341.reg
2011-06-16 00:43 . 2011-05-23 04:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 03:00 . 2011-06-16 06:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 10:35 . 2011-06-29 06:22 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\tv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PRemoteDroid-Server - Shortcut.lnk - c:\premotedroid-server\PRemoteDroid-Server.exe [2010-3-14 25600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
guiminer.lnk - c:\guiminer20110701\guiminer\guiminer.exe [2011-7-6 204800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GPU.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GPU.lnk
backup=c:\windows\pss\GPU.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 21:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-07 00:13 114688 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-07 00:11 98304 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kcast]
2010-12-10 21:54 893896 ----a-w- c:\program files\Kitco\KcastWin7.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-07 00:10 94208 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-29 05:49 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl08b0e75d;MpKsl08b0e75d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE69147E-3458-4527-ADD3-03C535D421E1}\MpKsl08b0e75d.sys [x]
R1 MpKsl0993c867;MpKsl0993c867;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E64D5314-3F5F-40CA-AEBB-BF40C3A2CC40}\MpKsl0993c867.sys [x]
R1 MpKsl1b84b8ef;MpKsl1b84b8ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B88AAF0-3A17-40E5-9142-77F8776B5525}\MpKsl1b84b8ef.sys [x]
R1 MpKsl2066b85e;MpKsl2066b85e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEF64C3F-E5DA-4DD0-AE88-B15EE132FB6F}\MpKsl2066b85e.sys [x]
R1 MpKsl317f1962;MpKsl317f1962;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{211B35B7-3A97-463B-91FE-B02B927BD9B0}\MpKsl317f1962.sys [x]
R1 MpKsl399c5042;MpKsl399c5042;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD8696F5-40F8-42AA-95AE-520F810DB75D}\MpKsl399c5042.sys [x]
R1 MpKsl4315b381;MpKsl4315b381;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF633933-8CA8-43BA-AD5B-D917BE72AAD9}\MpKsl4315b381.sys [x]
R1 MpKsl53dbec84;MpKsl53dbec84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AED2BF49-2C25-4FB9-A3F8-373A6FCB875C}\MpKsl53dbec84.sys [x]
R1 MpKsl5562783b;MpKsl5562783b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD8696F5-40F8-42AA-95AE-520F810DB75D}\MpKsl5562783b.sys [x]
R1 MpKsl5e941315;MpKsl5e941315;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29137682-CD6E-4CC1-9982-80EDC7E8935C}\MpKsl5e941315.sys [x]
R1 MpKsl636a106c;MpKsl636a106c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD8696F5-40F8-42AA-95AE-520F810DB75D}\MpKsl636a106c.sys [x]
R1 MpKsl92a8f3b9;MpKsl92a8f3b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEF64C3F-E5DA-4DD0-AE88-B15EE132FB6F}\MpKsl92a8f3b9.sys [x]
R1 MpKslb59cfbfe;MpKslb59cfbfe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{161E9AFD-8EBA-4A2C-B766-0D43B350F97C}\MpKslb59cfbfe.sys [x]
R1 MpKslc4e24f6b;MpKslc4e24f6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B92FCF8B-3999-48C0-93DB-B1EF3333008D}\MpKslc4e24f6b.sys [x]
R1 MpKslca3385a8;MpKslca3385a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD8696F5-40F8-42AA-95AE-520F810DB75D}\MpKslca3385a8.sys [x]
R1 MpKslcbca4cf9;MpKslcbca4cf9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49ECEAAE-7678-4D57-A58D-DB363BE2920E}\MpKslcbca4cf9.sys [x]
R1 MpKsldc41c2a6;MpKsldc41c2a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53FF51F2-A3B2-4156-80D0-3444175A225D}\MpKsldc41c2a6.sys [x]
R1 MpKslde1226f0;MpKslde1226f0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{211B35B7-3A97-463B-91FE-B02B927BD9B0}\MpKslde1226f0.sys [x]
R1 MpKslff7b9b68;MpKslff7b9b68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5C2D036-EC6B-4112-8E41-C1D54A074AE9}\MpKslff7b9b68.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
R3 htcdiag;HTC Android Diag Port;c:\windows\system32\DRIVERS\htcdiag.sys [2009-10-14 101376]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S1 MpKsl7c35b41e;MpKsl7c35b41e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{375B9E44-925D-4E3E-BEF9-E8700EA978F2}\MpKsl7c35b41e.sys [2011-08-02 28752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-05 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2010-11-28 1737200]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-05 6789120]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-05 235520]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-01-06 12096]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 00:36]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: Interfaces\{E7C9DD9E-E219-4CFC-8C94-25EB1A8B76A1}: NameServer = 192.168.2.1,8.8.8.8
FF - ProfilePath - c:\users\tv\AppData\Roaming\Mozilla\Firefox\Profiles\58yrhsw5.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-08-03 08:45:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-03 12:45
.
Pre-Run: 425,437,753,344 bytes free
Post-Run: 425,328,955,392 bytes free
.
- - End Of File - - 61544DDD1C8064B6242622E728E6DCC9

#4 Hardwarez

Hardwarez
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 04 August 2011 - 09:26 PM

This issue is closed. No malicious hack. (Add-ons Manager and disable the Test Pilot extensions. Problem fixed.)

http://support.mozilla.com/en-US/questions/857409

My wife figured it out! She is elite.

Thank you.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:39 PM

Posted 04 August 2011 - 09:58 PM

Hello,

Thank you for the clarification and thank you for letting us know that your computer problems are fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users