mckenn88

I have a laptop from a friend need some assistance on removing some malware. Every time I open Firefox or Internet Explorer they close themselves within about three seconds. IE gives no error message and firefox shows the mozilla crash reporter. I have tried to uninstall and reinstall a few times and that has not worked. I have also cleared some stuff out using hijackthis but has not helped any. I was wondering if anyone else could see any problems. Thanks!

------------DDS.txt---------------


DDS (Ver_09-07-30.01) - NTFSx86
Run by The Wojcik's at 20:49:50.12 on Wed 08/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2429.1478 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
G:\New Folder (2)\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
mURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\thewoj~1\appdata\roaming\mozilla\firefox\profiles\iz80o3n9.default\

---- FIREFOX POLICIES ----
c:\programdata\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programdata\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programdata\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programdata\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programdata\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programdata\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programdata\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-8-6 72184]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2008-12-22 128240]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-4-6 28762]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-5-29 202280]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-9-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-9-2 289272]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-3 24652]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-10-21 203768]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-2-26 253952]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-26 29744]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-08-12 20:44 161,008 a------- c:\windows\system32\drivers\vetmonnt.1
2009-08-12 20:44 111,856 a------- c:\windows\system32\isafprod.1
2009-08-12 20:44 26,352 a------- c:\windows\system32\drivers\vet-filt.1
2009-08-12 20:44 21,488 a------- c:\windows\system32\drivers\vetfddnt.1
2009-08-12 20:44 21,104 a------- c:\windows\system32\drivers\vet-rec.1
2009-08-09 15:51 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-09 15:51 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-09 15:51 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-09 15:51 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-09 15:51 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-09 15:51 11,264 a------- c:\windows\system32\icardres.dll
2009-08-09 15:51 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-09 15:50 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-09 15:46 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-09 15:46 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-09 15:46 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-09 15:46 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-09 15:46 83,968 a------- c:\windows\system32\mscories.dll
2009-08-09 15:18 428,544 a------- c:\windows\system32\EncDec.dll
2009-08-09 15:18 293,376 a------- c:\windows\system32\psisdecd.dll
2009-08-09 15:18 217,088 a------- c:\windows\system32\psisrndr.ax
2009-08-09 15:18 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-08-09 15:18 80,896 a------- c:\windows\system32\MSNP.ax
2009-08-09 15:14 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-08-09 15:14 2,033,152 a------- c:\windows\system32\win32k.sys
2009-08-09 15:14 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-09 15:14 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-09 15:14 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-09 15:14 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-09 15:14 636,928 a------- c:\windows\system32\localspl.dll
2009-08-09 14:41 <DIR> --d----- c:\program files\Trend Micro
2009-08-05 21:58 <DIR> --d----- c:\programdata\Mozilla Firefox
2009-08-05 21:58 <DIR> --d----- c:\progra~2\Mozilla Firefox
2009-08-02 14:13 <DIR> --d----- c:\users\thewoj~1\appdata\roaming\Webroot
2009-08-02 14:04 <DIR> --d----- c:\windows\pss
2009-07-16 00:19 <DIR> --d----- c:\program files\InterActual

==================== Find3M ====================

2009-08-12 20:44 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-08-12 20:44 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-08-12 20:44 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-08-12 20:44 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-06-30 00:55 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-30 00:55 51,200 a------- c:\windows\inf\infpub.dat
2009-06-30 00:55 86,016 a------- c:\windows\inf\infstor.dat
2008-12-13 01:41 122 a------- c:\users\thewoj~1\appdata\roaming\wklnhst.dat
2008-06-11 03:08 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2007-10-15 10:30 148,242 a------- c:\program files\common files\ReportPreview.app
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-05-02 21:12 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-02 21:12 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-05-02 21:12 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:50:31.01 ===============

Attached Files

attach.zip (2.8 KB, 2 views)

mckenn88

Bump.

mckenn88

Any help would be really appreciated. Thanks!