1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random Popups in Firefox

Discussion in 'Virus & Other Malware Removal' started by Kesuki, Jan 26, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Kesuki

    Kesuki Thread Starter

    Joined:
    Jan 26, 2011
    Messages:
    4
    Hello, I have been getting this for awhile. When using Mozilla Firefox on Windows 7 I get random pop ups on Firefox which have been coming up in separate windows. Most of them are ads and some pop up just showing my home page (which is google). After a while, I decided to just wipe my drive and install a fresh copy of windows 7. I put any files I needed into a 2nd hard drive and went ahead with wiping my computer. After I finished the installation I let Windows Update install any important updates and I went about installing the following programs: Firefox, Skype, Msn hotmail and messenger, League of Legends, Avira Antivir, MalwareBytes, Spybot S&D, Itunes, and Nvidia update for my video card. From my other hard drive I just opened a themepack for my background, soundpack, and opened process explorer for a for better stats. After doing scans on Spybot and Avira, I felt that everything was okay and I began to browse Newegg on firefox. When I clicked on a link to view a product, a pop up appeared...
    I thought it was done but apparently it managed to somehow... survive through a wipe? Or is it possible to be in my 2nd hard drive... I am not sure if this type of virus/malware is through videos, music, documents, or pictures because that is all my 2nd hard drive is for.
    Also I do not know if this has any importance to it but my sister's computer also seems to have the problem too. We are connected through a 10 port router... Is it possible for it to spread through the network?
    Please any help be greatly appreciated!
    Thank you

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:20:27 PM, on 1/26/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Riot Games\League of Legends\lol.launcher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Users\Yui-Nyan\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8142 bytes

    DDS

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Yui-Nyan at 20:28:01.66 on Wed 01/26/2011
    Internet Explorer: 8.0.7601.17514
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8187.6077 [GMT -8:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Riot Games\League of Legends\lol.launcher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Yui-Nyan\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Yui-Nyan\AppData\Roaming\Mozilla\Firefox\Profiles\cfxj6gro.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ============= SERVICES / DRIVERS ===============

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-26 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-26 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-1-26 83120]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-26 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-26 155752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-20 34816]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]

    =============== Created Last 30 ================

    2011-01-27 04:16:10 -------- d-----w- C:\Users\Yui-Nyan\AppData\Roaming\Windows Live Writer
    2011-01-27 04:16:10 -------- d-----w- C:\Users\Yui-Nyan\AppData\Local\Windows Live Writer
    2011-01-27 03:07:50 -------- d-----w- C:\Users\Yui-Nyan\AppData\Local\Apple Computer
    2011-01-27 03:07:14 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-01-27 03:07:14 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-01-27 03:07:14 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-01-27 03:06:30 -------- d-----w- C:\Program Files\iPod
    2011-01-27 03:06:29 -------- d-----w- C:\Program Files\iTunes
    2011-01-27 03:06:29 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-01-27 03:06:29 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-01-27 02:57:06 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2011-01-27 02:51:28 -------- d-----w- C:\NVIDIA
    2011-01-27 02:49:19 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2011-01-27 02:46:33 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2011-01-27 02:42:10 -------- d-----w- C:\Users\Yui-Nyan\AppData\Local\{13AA6EEF-EEC0-41D2-B0E2-D2916F4DEE6E}
    2011-01-27 02:41:58 -------- d-----w- C:\Users\Yui-Nyan\Tracing
    2011-01-27 02:36:01 -------- d-----w- C:\Windows\PCHEALTH
    2011-01-27 02:35:03 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cca8dd4b1cbbdca08\Silverlight.4.0.exe
    2011-01-27 02:33:28 -------- d-----w- C:\Users\Yui-Nyan\AppData\Local\Windows Live
    2011-01-27 02:33:26 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2011-01-27 02:27:56 -------- d-----r- C:\Program Files (x86)\Skype
    2011-01-27 02:20:47 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
    2011-01-27 02:20:46 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
    2011-01-27 02:20:46 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2011-01-27 02:20:46 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2011-01-27 02:20:46 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2011-01-27 02:17:06 -------- d-----w- C:\Riot Games
    2011-01-27 00:22:16 -------- d-----w- C:\Users\Yui-Nyan\AppData\Roaming\Avira
    2011-01-27 00:09:14 -------- d-----w- C:\Users\Yui-Nyan\AppData\Local\PMB Files
    2011-01-27 00:09:13 -------- d-----w- C:\PROGRA~3\PMB Files
    2011-01-27 00:08:59 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2011-01-26 16:22:09 -------- d-----w- C:\Users\Yui-Nyan\AppData\Roaming\Malwarebytes
    2011-01-26 16:22:06 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-26 16:22:06 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-01-26 16:22:03 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-01-26 16:22:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-01-26 16:19:56 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-01-26 16:19:56 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2011-01-26 16:13:11 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-01-26 16:13:10 -------- d-----w- C:\Program Files (x86)\Avira
    2011-01-26 16:13:10 -------- d-----w- C:\PROGRA~3\Avira
    2011-01-26 15:49:31 -------- d-sh--w- C:\Windows\Installer
    2011-01-26 15:49:27 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
    2011-01-26 15:49:25 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2011-01-26 15:47:38 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-01-26 15:47:37 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A5226482-A8E3-4EFA-B949-B0D003184BD7}\mpengine.dll
    2011-01-26 15:43:04 -------- d-----w- C:\Users\Yui-Nyan\AppData\Local\VirtualStore
    2011-01-26 10:59:04 -------- d-----w- C:\Windows\Panther
    2011-01-08 04:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-01-08 04:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-01-08 04:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-01-08 04:48:58 61032 ----a-w- C:\Windows\System32\nvshext.dll
    2011-01-08 04:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-01-08 04:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe

    ==================== Find3M ====================

    2010-12-02 09:12:08 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
    2010-11-30 01:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-30 01:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-21 03:26:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2010-11-21 03:26:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2010-11-21 03:24:52 9728 ----a-w- C:\Windows\System32\spwmp.dll
    2010-11-21 03:23:59 61440 ----a-w- C:\Windows\SysWow64\tcpmonui.dll
    2010-11-11 23:10:56 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
    2010-11-11 23:10:49 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2010-11-10 10:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

    ============= FINISH: 20:28:31.45 ===============

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-26 20:47:47
    Windows 6.1.7601 Service Pack 1
    Running: 9u2yyp9z.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\Yui-Nyan\AppData\Roaming\Mozilla\Firefox\Profiles\cfxj6gro.default\sessionstore-1.js 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Kesuki

    Kesuki Thread Starter

    Joined:
    Jan 26, 2011
    Messages:
    4
    I did the scan with GMER, the first time I ran the scan the log was blank... I did it the 2nd time and then I got
    File C:\Users\Yui-Nyan\AppData\Roaming\Mozilla\Firefox\Profiles\cfxj6gro.default\sessionstore-1.js 0 bytes
    I followed the thread instructions so I assume that is how it works?
    I also scanned my 2nd hard drive on a separate scan and it was blank too.
     
  3. Kesuki

    Kesuki Thread Starter

    Joined:
    Jan 26, 2011
    Messages:
    4
  4. Kesuki

    Kesuki Thread Starter

    Joined:
    Jan 26, 2011
    Messages:
    4
    bump
    and Update: whatever this thing is that is infecting my computer is using my email to send random blogspot link sites... If someone is available I really wish to end this. I cannot imagine spreading this virus/malware to other users who happen to click on a link sent through my email >_<!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977248

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice