Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Malware - Anti-virus updates/pages blocked, popups, random shutdowns.

This is a discussion on Malware - Anti-virus updates/pages blocked, popups, random shutdowns. within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. (I'm not entirely sure how I should format this. I've put a Hijack This log at bottom of post, as

Thread Tools Search this Thread
Old 01-01-2009, 01:31 PM   #1
Join Date: Jan 2009
Posts: 2

(I'm not entirely sure how I should format this. I've put a Hijack This log at bottom of post, as I'm having difficulty getting onto the computer right now to run the DDS and GMER logs. It sounds like logs from these two are preferable, so I'll post those as soon as I'm able to get them.)

Running Windows XP, SP2.

I first noticed this two days ago, when popups started occurring, seemingly at random. Popups were occurring in Firefox, which I did not otherwise have open at the time.

The most notable thing I was doing that day was reconfiguring my router, which had gotten out of sync with the modem awhile ago during a power outage. The only thing I did during this process was tell my router to automatically acquire a MAC address, and then had it clone the current MAC address. (I'm not sure I described this process right.) I'm not sure if this introduced a security risk, somehow.

Anyway, after getting the popups, I assumed spyware, opened AdAware SE, and attempted to update it. I started getting several runtime errors, which I did not, unfortunately, write down. After this, I deleted AdAware and reinstalled it. At this point, I was still able to get on to AdAware's webpage to redownload the software. After reinstalling it, it still wasn't loading right, so I updated Spybot S&D (Again, still able to access the update interface properly), and then I restarted the computer.

After restarting, things were significantly worse. I discovered that the XP login screen was unresponsive, so I rebooted in safe mode, ran Spybot S&D to see if that would fix anything, and then rebooted into normal mode. I was able to log in this time.

After this, however, I found that I couldn't update AVG, my virus scan of choice, or AdAware through the update interface within the program. Attempting to get onto the associated webpages also proved fruitless. I'd either get 403 errors or the pages simply wouldn't load, returning me to whatever page I'd previously been on. I used a browser-based proxy to get onto AVG's website, download the virus definitions, and use the Update from Directy feature in that program. As for AdAware, I used the auto-update feature for that on my uninfected laptop, got the new virus definitions, and copied them over to the other computer, although I'm not sure this actually worked. As previously stated, I updated Spybot when I was still able to access update services, so I know that, at the least, that should be running properly. Additionally, anti-virus webpages and tech support webpages -- including this forum. I'm accessing it via my laptop right now -- were blocked, although they could still be accessed using a browser-based proxy.

Additionally, I'm getting random shutdowns. I believe it's in the form of those "Windows has encountered a critical error and needs to shut down," error messages with the little countdown timer till your system shuts off. I get a lot of these when running AVG, so it's possible the update-from-directory approach failed on me. However, sometimes it also happens if I'm in safe mode for too long, apparently.

In any case, running AVG, AdAware, and Spybot has detected several pieces of malware and fixed at least some of them, from what I can tell, but all of the problems still persist.

General information:

OS: Windows XP with Service Pack 2 installed.
Processor: Pentium 4 3GHz
Memory: 3.2 gigs

I also have a second partition running a somewhat out of date Kubuntu install, for use in emergency situations such as this.

My Windows install is legal. To the best of my knowledge, I'm not running any cracked or otherwise illegal software.

I had tried to run Trend Micro's housecall web-based virus scan, as I'd read that certain pieces of malware can compromise locally run virus scans. This seemed possible. However, as previously stated, the page for this was getting blocked, and running it through a proxy proved fruitless.

If I had to guess at WHERE this virus came from, I'm guessing that someone in my family got one of those bogus malware detector popups, installed whatever it was offering unknowingly, and things just snowballed from there.

Spybot S&D was reporting on a malicious change to registry trying to take place. Attempting to block this change would make my system crash. The change was to some key called jofagasigo, involving something called mubopasu.dll. It also involved rundll too, but I couldn't get the exact line written down before the system crashed.

Hijack This Log: This was taken in Safe Mode so it's not reporting on all of the process that would potentially be running under normal conditions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:44 PM, on 1/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gatewaybiz.com
R3 - Default URLSearchHook is missing
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\system32\a3dapivvv.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: {a7fdbb34-660b-8b7b-cef4-bcb421da82e6} - {6e28ad12-4bcb-4fec-b7b8-b06643bbdf7a} - C:\WINDOWS\system32\gvwsyx.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7698F6CF-1B71-57E5-779E-11834CDBCD95} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {b21eb190-b46f-4634-a44f-d29cc7689fb7} - C:\WINDOWS\system32\misoselo.dll
O2 - BHO: (no name) - {F51A7836-6F23-4809-9019-73485AAE94BC} - (no file)
O2 - BHO: (no name) - {F5E27C14-6C1F-49E3-A067-94571D270DC6} - C:\WINDOWS\system32\mlJDwXqR.dll
O2 - BHO: (no name) - {F631AAE2-4C20-11DC-8929-D3F855D89593} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [jofagasigo] Rundll32.exe "C:\WINDOWS\system32\mubopasu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [jofagasigo] Rundll32.exe "C:\WINDOWS\system32\mubopasu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - https://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll gvwsyx.dll,C:\WINDOWS\system32\hugeloko.dll
O20 - Winlogon Notify: wvUlkjHx - wvUlkjHx.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

End of file - 8247 bytes
amccour is offline  
Sponsored Links
Old 01-01-2009, 03:12 PM   #2
Join Date: Jan 2009
Posts: 2

I was able to get DDS onto the affected PC and got logs from that.

I should note that SoulSeek keeps showing up in them. This program is not installed on my computer, and attempts to remove it with Add/Remove programs has failed repeatedly. I'm not sure why this is happening, but I'm getting the same thing with Norton. I thought I had that deleted as well...

I should also note that I kept getting forced shutdown messages while trying to run GMER, which is why it took my so long to get these logs.

DDS (Version 1.1.0) - NTFSx86 MINIMAL
Run by Owner at 21:17:17.15 on Thu 01/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.721 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Documents and Settings\Owner\Desktop\avstf\dds.com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gatewaybiz.com
mStart Page = hxxp://www.gatewaybiz.com
mSearch Bar =
uSearchAssistant =
uCustomizeSearch =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {482e8015-9964-49f2-b41c-bc367dfb1596} - c:\windows\system32\mlJDwXqR.dll
BHO: ChangerBHO Class: {4c03732f-43bb-4d80-ba45-66fd05db11df} - c:\windows\system32\a3dapivvv.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
BHO: {a7fdbb34-660b-8b7b-cef4-bcb421da82e6}: {6e28ad12-4bcb-4fec-b7b8-b06643bbdf7a} - c:\windows\system32\gvwsyx.dll
BHO: {72217827-914b-46c6-a6ee-c00c70842ebf} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {b21eb190-b46f-4634-a44f-d29cc7689fb7} - c:\windows\system32\misoselo.dll
BHO: {F51A7836-6F23-4809-9019-73485AAE94BC} - No File
BHO: {F631AAE2-4C20-11DC-8929-D3F855D89593} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textal~1\TAForIE.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [ATIPTA] atiptaxx.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [jofagasigo] Rundll32.exe "c:\windows\system32\mubopasu.dll",s
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myvita~1.lnk - c:\program files\ins\vitalagent\program\VtlAgent.exe
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: creative.com\us
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: wvUlkjHx - wvUlkjHx.dll
AppInit_DLLs: avgrsstx.dll gvwsyx.dll,c:\windows\system32\hugeloko.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJDwXqR
LSA: Notification Packages = scecli c:\windows\system32\hugeloko.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\6seg0a5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcosmop211.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\opera\program\plugins\np32dsw.dll
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera\program\plugins\NPJPI142_06.dll
FF - plugin: c:\program files\opera\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2006-2-11 18208]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]
S1 atitray;atitray;\??\c:\program files\ray adams\ati tray tools\atitray.sys []
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-28 97928]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-6 26824]
S2 0VsNdis08;VitalAgent Network Driver 8.1;\??\c:\program files\ins\vitalagent\program\VsNdis08.sys [2005-3-9 31671]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-28 231704]
S2 LtcyCfgSvc;PCI Latency Tool Service;c:\program files\pci latency tool 3\LtcyCfgSvc.exe [2005-12-26 5120]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe []
S3 0VsComm12;VitalAgent Serial Port Driver 12.4;\??\c:\program files\ins\vitalagent\program\VsComm12.sys [2005-3-9 15443]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\owner\locals~1\temp\cdrmkaun.sys []
S3 PacketNTx;Packet helper driver;\??\c:\windows\system32\drivers\PacketNTx.sys [2004-12-20 24544]
S4 vmserverdWin32;VMware Registration Service;c:\program files\vmware\vmware server\vmserverdWin32.exe [2006-2-4 1744978]
S4 WinDefend;Windows Defender Service;"c:\program files\windows defender\MsMpEng.exe" [2006-4-3 14032]

=============== Created Last 30 ================

2009-01-01 21:06 250 a------- c:\windows\gmer.ini
2009-01-01 18:08 19,024 a--sh--- c:\windows\system32\RqXwDJlm.ini2
2009-01-01 15:42 1,262,075 ---sh--- c:\windows\system32\agiretid.ini
2009-01-01 09:07 <DIR> --d----- c:\program files\Trend Micro
2009-01-01 01:12 120 ---sh--- c:\windows\system32\fbpvcqsw.ini
2009-01-01 01:12 89,600 a------- c:\windows\system32\wsqcvpbf.dll
2009-01-01 01:07 130,560 a------- c:\windows\system32\gvwsyx.dll
2009-01-01 01:07 130,560 a------- c:\windows\system32\lsfuhiqy.dll
2009-01-01 01:06 290,304 a------- c:\windows\system32\wvUlkKCs.dll
2008-12-31 22:25 130,560 a------- c:\windows\system32\nxgvhr.dll
2008-12-31 22:25 130,560 a------- c:\windows\system32\ohitheyo.dll
2008-12-31 22:19 120 ---sh--- c:\windows\system32\phwglbvp.ini
2008-12-31 18:50 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-31 18:50 1,409 a------- c:\windows\QTFont.for
2008-12-31 18:36 143 a------- c:\windows\system32\mcrh.tmp
2008-12-31 15:45 72,192 a------- c:\windows\system32\pmnllifE.dll
2008-12-31 10:09 50,176 a------- c:\windows\system32\awtrRIbx.dll
2008-12-31 10:07 89,600 a------- c:\windows\system32\ydmvljjs.dll
2008-12-31 10:00 290,304 a------- c:\windows\system32\nnnliFyv.dll
2008-12-31 01:56 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-31 01:56 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-31 01:56 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-31 01:56 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-31 01:43 <DIR> --d----- c:\program files\Lavasoft
2008-12-30 22:20 126,976 a------- c:\windows\system32\nkhofs.dll
2008-12-30 22:20 126,976 a------- c:\windows\system32\mgisbhoe.dll
2008-12-30 22:17 19,024 a--sh--- c:\windows\system32\RqXwDJlm.ini
2008-12-30 22:17 290,304 a------- c:\windows\system32\mlJDwXqR.dll
2008-12-28 22:37 <DIR> --d----- c:\program files\VistaMare
2008-12-28 18:45 <DIR> --d----- c:\program files\Auran
2008-12-20 13:40 <DIR> --d----- C:\Garmin
2008-12-14 13:33 74 a------- C:\PERSONA2.CUE
2008-12-07 01:22 <DIR> --d----- c:\program files\common files\DirectX
2008-12-07 00:59 <DIR> --d----- C:\AeriaGames
2008-12-05 23:51 <DIR> --d----- c:\docume~1\owner\applic~1\Toblo

==================== Find3M ====================

2008-12-05 23:50 409,600 a------- c:\windows\system32\wrap_oal.dll
2008-12-05 23:50 114,688 a------- c:\windows\system32\OpenAL32.dll
2008-11-16 04:30 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-11-15 08:07 508 a---h--- C:\os062307.bin
2008-11-05 11:33 4,684 a------- c:\windows\mozver.dat
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 05:20 667,648 a------- c:\windows\system32\wininet.dll
2005-12-30 16:19 54 a------- c:\docume~1\owner\applic~1\Sskdmns.dll
2005-12-01 20:51 233,472 a------- c:\documents and settings\owner\libmySQL.dll
2005-12-01 20:51 50,688 a------- c:\documents and settings\owner\GMSQL.dll
2005-12-01 20:51 14,106 a------- c:\documents and settings\owner\mbox.dll
2003-08-27 17:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll
2000-11-08 13:15 28,672 a------- c:\windows\inf\regshext.exe
1997-01-19 00:48 1,821,047 a------- c:\documents and settings\owner\INSTALL.EXE
1997-01-19 00:44 412 a------- c:\documents and settings\owner\READ_ME.BAT
2004-12-22 20:14 0 a--sh--- c:\windows\sminst\HPCD.sys
0000-00-00 00:00 61,440 a--sh--- c:\windows\system32\hugeloko.dll
0000-00-00 00:00 61,440 a--sh--- c:\windows\system32\misoselo.dll

============= FINISH: 21:19:37.53 ===============
Attached Files
File Type: zip Attach.zip (14.5 KB, 15 views)
amccour is offline  

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question

» Site Navigation
 > FAQ
Powered by vBadvanced CMPS v3.2.3

All times are GMT -7. The time now is 07:47 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts