Jump to content


Photo
- - - - -

"Save as ..." stalls firefox after uninstalling ad-aware

uninstall registry save as

  • Please log in to reply
8 replies to this topic

#1 virucidator

virucidator

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 20 July 2012 - 09:40 PM

Hi,
some weeks ago, I installed the then advertised latest adaware-freeware on my XP machine. I had had older adaware-versions for many years and was always happe to have a tool to assist in the search for suspect files.

Now, that seems to have changed, adaware appears as very aggressive, takes possession of resources I would even not allow my wife to touch (like the IP configuration), and - in short - it was so annoying that I deinstalled it. The revenge looks bad. Since that day, Firefox stalls when I try to perform the very basic Save as... function. Not just the tab in which it happens, but the whole instance - no more reaction to anything. Other FF-instances running at the same time are not subject to any problems.

As a work-around, I use down-them-all which works fine. The same is true for any non-Firefox browser. Otoh, some funtions built into some webpages where basically the save-as-function is hidden behind some elements (buttons etc.) and then works instantly will also stop the browser. Not good.

Of course, I have no proof yet that adaware resp. its remainders are the culprit, but two things speak for that. a ) the timely coincidence, b ) the fact that a friend of mine experienced exactly the same - no connection between the machines in any way, just coincidence.

So here is my question: How and where can I look for any remaining parts of adaware that still think they are in charge to control my computer, and how can I purge them without risking more damage? A complete re-installation is absolutely impossible. I thought malware protection is a protection against malware, but even the aggressive "insemination" was undesirable. If I have a fixed IP on my computer, I have to reasons to have it, and I want at least to be asked if I'd allow to change that. But changing it without asking or describing before what is going to happen is bad practice.

Thanks for any good advice!

Cheers,

'The Viducidator' (ridiculous nickname, I know. I could have said very unhappy not-any-longer-user...)

#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6767 posts

Posted 20 July 2012 - 10:42 PM

Hi virucidator,

Malware gets worse and worse. If antivirus programs shall be able to combat malware, they too have to develop new strategies and dig deep into the operating system including adding drivers that connect to the network adapters. I can't remember that anyone else has written that any general IP configuration, as dynamic/fixed IP address, has been changed.

To see if there are any left-overs from Ad-Aware we can use DDS. Save DDS to your desktop: http://download.blee...om/sUBs/dds.scr

Double-click on the DDS tool to run it.

When finished, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save them to your desktop and paste the content of DDS.txt into your answer.

#3 virucidator

virucidator

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 20 July 2012 - 11:38 PM

The first attempt to get dds.scr and save it resulted in Firefox being stalled again. Then, the scr - suffix woke up my script blocker - and I am not willing to change that. After checking dds.scr with several other tools, I renamed it to dds.exe and ran it.
Now I have those two txt files. but after looking at them I decided to not publish them. There is too much privacy to be given up - and that's again just what I criticize - this lack of modesty.

So, let me and us know what I should look for in dds. txt, then I can try to identify that, and we are in business.

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6767 posts

Posted 20 July 2012 - 11:57 PM

Internet is full of DDS logs, it is a standard tool in all forums dedicated to cleaning infected computers. For example, bleepingcomputer.com requires a DDS log to help a person to clean an infected computer, see http://www.bleepingc...topic34773.html item 7.

If your name is visible in the log, you can change it to something else, of course. It is impossible to say that the log belongs to you as a physical person, no one knows your real name, address etc. by reading a DDS log.

I would look for files that are part of Ad-Aware in the log, I can't their names by heart but I recognize them when I see them.

#5 virucidator

virucidator

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 21 July 2012 - 10:26 AM

OK, here is my dds.txt, slightly edited (purged lines that I don't want to see here which are surely all unrelated to this problem) Mentioning problems - at the same time that the save-as-issue started, I discovered that the IP settings, when opened via sys control - network settings, showed that everything was set dynamically. The properties, when called as such, show the manual fixed settings, too. This started not before the latest ad-aware installation.

Neither avast nor malware bytes not mrt nor ad-aware ( in the time phase when it was installed) show(ed) any malware. I have avast constantly screening all file writings. Of course, some spam mail contains bad things, but these are automatically instantly purged.

It is still possible that firefox, whenever it calls the save-as-routine, still branches to where it expects a part of adaware, for - this is probably doubtlessly given - adaware saw it as it's task to also check downloaded files. If firefox does not find anything there, it just sits and waits.

I discussed this already in two firefox fora, they had no advice but to contact adaware - that's how I landed here.

So, two focus points: a) why does firefox stall, b) why is the IP-settings "possessed"?

Here the dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Administrator at 0:20:04 on 2012-07-21
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.808 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\Programme\AVAST Software\Avast\AvastSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Programme\D-Link\Bluetooth Software\bin\btwdins.exe
C:\Programme\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Programme\D4\D4.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Programme\HP Web Jetadmin\hpwebjetd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\LCR-Autoloader\lcr.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HAUPPA~1\MVPStart.exe
C:\PROGRA~1\HAUPPA~1\Hardware\DglSvcMain.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\NMSAccessU.exe
C:\PROGRA~1\HAUPPA~1\Hardware\HcwSms.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Programme\HP Web Jetadmin\hpwebjetd.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\D4\D4.exe
C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
C:\Programme\AVAST Software\Avast\avastUI.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Desktop Tray Clock\DTClock.exe
C:\Programme\Ditto\Ditto.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\D-Link\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Programme\Agent\agent.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
C:\Programme\PMAIL\Programs\winpm-32.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tksock.exe
C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Opera\opera.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.de
uInternet Connection Wizard,ShellNext = hxxp://www.xxxxxxxxx.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icqtoolbar\toolbaru.dll
mWinlogon: Userinit=c:\windows\system32\rdpinit.exe,
uWindows: load=
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\programme\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programme\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\programme\icqtoolbar\toolbaru.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\programme\orbitdownloader\GrabPro.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programme\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\mi0464~1\office12\GRA8E1~1.DLL
uRun: [SkinClock] c:\programme\desktop tray clock\DTClock.exe
uRun: [Ditto] c:\programme\ditto\Ditto.exe
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
uRun: [H/PC Connection Agent] "c:\programme\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [y7bhQMXlgpYK1YD] c:\dokumente und einstellungen\administrator\anwendungsdaten\AudioTreiber_x64.exe
uRun: [WMPNSCFG] c:\programme\windows media player\WMPNSCFG.exe
uRun: [<NO NAME>]
uRunOnce: [ICQ Lite] c:\programme\icqlite\ICQLite.exe -trayboot
mRun: [ICQ Lite] "c:\programme\icqlite\ICQLite.exe" -minimize
mRun: [Dimension4] c:\programme\d4\D4.exe
mRun: [LWS] c:\programme\logitech\lws\webcam software\LWS.exe -hide
mRun: [avast] "c:\programme\avast software\avast\avastUI.exe" /nogui
mRun: [EM_EXEC] c:\progra~2\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\programme\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ToolBoxFX] "c:\programme\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe
mRun: [TrueImageMonitor.exe] c:\programme\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\programme\gemeinsame dateien\acronis\schedule2\schedhlp.exe"
mRun: [ISUSPM Startup] "c:\programme\gemeinsame dateien\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\programme\gemeinsame dateien\installshield\updateservice\issch.exe" -start
mRun: [APSDaemon] "c:\programme\gemeinsame dateien\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [PcSync] c:\programme\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
uExplorerRun: [Policies] c:\windows\system32\windir\sercg.exe
mExplorerRun: [Policies] c:\windows\system32\windir\sercg.exe
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\agente~1.lnk - c:\programme\agent\agent.exe
StartupFolder: c:\dokumente und einstellungen\administrator\startmenü\programme\autostart\desktopini.old
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\dropbox.lnk - c:\dokumente und einstellungen\administrator\anwendungsdaten\dropbox\bin\Dropbox.exe
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\mozill~1.lnk - c:\programme\mozilla firefox\firefox.exe
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\pegasu~1.lnk - c:\programme\pmail\programs\winpm-32.exe
StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\skype.lnk - c:\programme\skype\phone\Skype.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\bttray.lnk - c:\programme\d-link\bluetooth software\BTTray.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\logite~2.lnk - c:\programme\logitech\harmony remote\HarmonyClient.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\spyder~1.lnk - c:\programme\datacolor\spyder3pro\utility\Spyder3Utility.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\vr-net~1.lnk - c:\programme\vr-networld\vrtoolcheckorder.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\dokumente und einstellungen\all users\anwendungsdaten\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: add to &BOM - c:\\progra~1\\biet-o~1\\\\AddToBOM.hta
IE: Add to MVP Favorite Radio Stations - c:\programme\hauppauge mediamvp\mvp.htm
IE: Do&wnload selected by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\dokumente und einstellungen\administrator\anwendungsdaten\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\administrator\anwendungsdaten\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\programme\icqlite\ICQLite.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programme\d-link\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi0464~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\programme\winhttrack\WinHTTrackIEBar.dll
IE: {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - {AC41D38F-B56D-40AD-94E0-B493D130C959} - c:\programme\mindjet\mindmanager 6\Mm6InternetExplorer.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi0464~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266661319250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{A79E7437-BA84-477E-B437-371812192DF5} : NameServer = 192.168.1.7,192.168.1.9
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi0464~1\office12\GR99D3~1.DLL
Handler: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} - c:\programme\login\loginventory5\LoginProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
Notify: RailNotification - winlogonnotification.dll\0\0
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\programme\symantec\winfax\WfxSeh32.Dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi0464~1\office12\GRA8E1~1.DLL
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\programme\pixiepack codec pack\InstallerHelper.exe
mASetup: {OBPCT831-N313-R02S-HK6B-Y3E6FU1QF25Q} - c:\windows\system32\windir\sercg.exe
Hosts: 127.0.0.1 www.spywareinfoforum.com
Hosts: 192.168.1.33
Hosts: 192.168.1.49
Hosts: 192.168.1.77
Hosts: 192.168.1.88
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\fob1u32v.default\
FF - prefs.js: browser.search.selectedEngine - Whois2
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.ftp - 192.168.1.09
FF - prefs.js: network.proxy.ftp_port - 800
FF - prefs.js: network.proxy.gopher - 192.168.1.09
FF - prefs.js: network.proxy.gopher_port - 800
FF - prefs.js: network.proxy.socks - 192.168.1.09
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - 192.168.1.09
FF - prefs.js: network.proxy.ssl_port - 800
FF - prefs.js: network.proxy.type - 0
FF - component: c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\fob1u32v.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\fob1u32v.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\fob1u32v.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\programme\adobe\cs5\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\programme\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programme\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\programme\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\programme\mozilla firefox\plugins\NPILM500.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\programme\opera\program\plugins\np_gp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2012-2-14 76768]
R0 OODrvled;OODrvled;c:\windows\system32\drivers\OODrvled.sys [2004-9-22 15488]
R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-5-29 102400]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-14 13496]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2012-2-16 902432]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-10-30 77312]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-2-14 126112]
R0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\drivers\vsflt58.sys [2012-2-14 84512]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-3-13 11264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-30 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-30 353688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-10-5 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-10-5 41424]
R2 AcronisAgent;Acronis Remote Agent Service;c:\programme\gemeinsame dateien\acronis\agent\agent.exe [2010-11-30 1914768]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programme\gemeinsame dateien\acronis\cdp\afcdpsrv.exe [2012-2-16 2326912]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-30 21256]
R2 avast! Antivirus;avast! Antivirus;c:\programme\avast software\avast\AvastSvc.exe [2011-6-30 44808]
R2 DMS;Acronis Disk Management Service;c:\programme\acronis\diskdirectoradvanced\mms.exe [2010-11-30 4638352]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 HPWebJetadmin;HP Web Jetadmin;c:\programme\hp web jetadmin\hpwebjetd.exe [2006-9-17 13312]
R2 LCR Updater;LCR Updater - Telefonsparbuch.de;c:\programme\lcr-autoloader\lcr.exe --dir c:/programme/lcr-autoloader --> c:\programme\lcr-autoloader\lcr.exe --dir C:/Programme/LCR-Autoloader [?]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\marxdev1.sys [2009-1-14 11296]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\marxdev2.sys [2009-1-14 11296]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\marxdev3.sys [2009-1-14 11296]
R2 MVPMedia;MVPMedia;c:\progra~1\hauppa~1\MVPStart.exe [2010-3-27 81920]
R2 MVPMediaSvc;MVPMediaSvc;c:\progra~1\hauppa~1\hardware\DglSvcMain.exe [2010-3-27 45056]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [2006-9-28 27200]
R2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\all users\anwendungsdaten\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-2-16 152704]
R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [2005-11-24 53632]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [2006-6-8 37568]
R3 DectEnum;DectEnum;c:\windows\system32\drivers\DectEnum.sys [2005-3-1 8448]
R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;c:\windows\system32\drivers\fpcibase.sys [2006-6-8 444416]
R3 Gigusb;Dect USB Driver;c:\windows\system32\drivers\Gigusb.sys [2005-3-1 53632]
R3 HRCMPA;ISDN Wan driver (Ver. 1.20.0032);c:\windows\system32\drivers\hrcmpa.sys [2004-9-8 263751]
R3 IUAPIWDM;ISDN USB Interface (Ver. 1.20.0032);c:\windows\system32\drivers\IUAPIWDM.sys [2004-9-8 50759]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2011-6-21 31848]
R3 SbieDrv;SbieDrv;c:\programme\sandboxie\SbieDrv.sys [2010-8-9 123112]
R3 siellif;siellif;c:\windows\system32\drivers\siellif.sys [2005-3-1 113408]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [2007-4-5 951284]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]
S1 DVBNet;DVB Net Adaptor;c:\windows\system32\drivers\DVBNet.sys [2011-11-8 48814]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DVBUSB_2102_Sevice;USB 2102 DVB-S Device;c:\windows\system32\drivers\usb_2102.sys [2011-11-6 287128]
S2 DVBUSB2102;DVB-S2102 USB Device;c:\windows\system32\drivers\dvbusbs2102.sys [2011-11-5 30910]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-4-5 136176]
S2 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2012-7-3 160944]
S2 UDSTDrv;DVB-S USB BOX;c:\windows\system32\drivers\udstdrv.sys --> c:\windows\system32\drivers\UDSTDrv.sys [?]
S2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\vpcappsv.sys [2003-3-14 10374]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2006-6-8 23936]
S3 BrlAPI;BrlAPI;c:\programme\cygwin\bin\cygrunsrv.exe [2009-12-21 68096]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\magix\common\database\bin\fbserver.exe [2009-6-9 1527900]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-4-5 136176]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2012-2-6 20504]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-1-14 41864]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-1-14 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-1-14 81288]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2011-3-28 38976]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2011-6-21 31848]
S3 scsiscan;SCSI-Scannertreiber;c:\windows\system32\drivers\scsiscan.sys [2006-6-8 11520]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\spyware doctor\pctsAuxs.exe [2008-1-14 747912]
S3 sdCoreService;PC Tools Security Service;c:\programme\spyware doctor\pctsSvc.exe [2008-1-14 946568]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\skynet.sys --> c:\windows\system32\drivers\SkyNET.SYS [?]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2010-2-24 12288]
S3 SwitchBoard;SwitchBoard;c:\programme\gemeinsame dateien\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-5-31 23288]
S3 U2SG54HP;BUFFALO WLI-U2-SG54HP Wireless LAN Driver;c:\windows\system32\drivers\u2sg54hp.sys [2008-7-17 347776]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-6-28 223128]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-10-5 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-5-29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xControlCOM;xControlCOM;c:\programme\gigaset dect\talk&surf_6_0\xcontrolcom.exe [2005-3-1 327680]
S4 Adpro0l;Adpro0l; [x]
S4 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2006-5-29 17328]
S4 syncagentsrv;Acronis Sync Agent Service;"c:\programme\gemeinsame dateien\acronis\syncagent\syncagentsrv.exe" --> c:\programme\gemeinsame dateien\acronis\syncagent\syncagentsrv.exe [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.

2012-07-09 20:39:59 -------- d-----w- c:\dokumente und einstellungen\administrator\anwendungsdaten\FrontDesign
2012-07-09 20:36:28 -------- d-----w- c:\programme\FrontDesign
2012-07-06 20:29:14 -------- d-----w- C:\yavdr-Kram
.
==================== Find3M ====================
.
2012-07-12 10:21:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 10:21:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-19 13:46:41 60304 ----a-w- c:\dokumente und einstellungen\administrator\g2mdlhlpx.exe
2012-06-16 19:54:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 19:54:51 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-16 19:54:51 472840 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 0:24:31,93 ===============

#6 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6767 posts

Posted 21 July 2012 - 12:30 PM

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
This is a driver belonging to Ad-Aware. Does the file exist or is it only a reference in the register?

That is the only sign of Ad-Aware that I can find in the log.

You aren't running Firefox inside Sandboxie, are you?

Have you tried to start Firefox without any add-ons activated and checked if you have the same problem?
Have you searched for Ad-Aware/Lavasoft in the advanced configuration (about:config) of Firefox?

--------------------------
If you are interested, possible safety issues:

uRun: [y7bhQMXlgpYK1YD] c:\dokumente und einstellungen\administrator\anwendungsdaten\AudioTreiber_x64.exe
That is a sign of a possible infection, see http://www.systemloo...er_x64_exe.html
But maybe the file is no longer there, only the reference to it.

mASetup: {OBPCT831-N313-R02S-HK6B-Y3E6FU1QF25Q} - c:\windows\system32\windir\sercg.exe
That file name have been used by a malicious file: http://r.virscan.org...b7aa1108c3adbb8
Maybe you should investigate that further.

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
That are old versions of Java with known security vulnerabilities. By using them a web page can easy infect the computer.

#7 virucidator

virucidator

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 23 July 2012 - 04:29 PM

Second attempt of a reply, the previous was killed by a one-second-power outage :(.

ok, sbredrv.sys cannot be found, the deinstallation seems to have left the reg entry, or?

Nope, ff runs in the wild outback here, not in a sandbox.

The Audiotreiber file does also not exist.

sercg... caused some fun several years ago here, but it's gone (btw - the only virus chaser that was able to cure that was MS' simple mrt!)

The java-zombies really should have gone. Surprised you could spot that pointer.

I'll carry on to find the cause... Thanks again for your time and engagement!

Cheers!

#8 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6767 posts

Posted 23 July 2012 - 05:04 PM

You are welcome :)

Bad that you had to rewrite your post, I find it very boring when I have to do that.

I'm glad that none of the malicious files exists in your computer.

Have you tested the two Firefox suggestions?
I'm always curious ;) and it is nice to know if someone else comes here with the same problem.

#9 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 6767 posts

Posted 23 July 2012 - 05:32 PM

I have now talked to my contact person at Lavasoft and he says that Ad-Aware doesn't contain any code that changes any IP settings, or even read the settings, since Ad-Aware doesn't care what the IP settings are.

Edit:
But Windows sometimes loses network configuration, for example when a driver connected to the network adapter is uninstalled or if a network adapter is disabled and then enabled. Since Ad-Aware 10.1 has a (firewall) driver that is connected to the network adapter, it is possible that the configuration was lost during the uninstallation of that driver.Not because Ad-Aware does anything strange, but since Windows seems to be buggy.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users