Quantcast
Channel: Tech Support Forum - Virus/Trojan/Spyware Help
Viewing all articles
Browse latest Browse all 2798

A failed download at each launch of Firefox

$
0
0
I get this in my download history list each time I launch Firefox. My home page is att.yahoo.com.

"Gorilla_Uninstaller_Download_File.exe
Failed - Uninstallation.com - 8:39 AM"

Could this be a result of a Trojan or Spyware?

Here is my dds and attach and ark

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17496
Run by Harry at 13:00:44 on 2014-12-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.1773 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Icecream Screen Recorder\bin\recorder.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uProxyServer = hxxp=127.0.0.1:13081
uProxyOverride = <-loopback>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [OutfoxTV] c:\program files\outfoxtv\outfoxtv\DesktopContainer.exe
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [Malwarebytes Anti-Exploit] c:\program files\malwarebytes anti-exploit\mbae.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\harry\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2000\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{7669C1D6-12A7-41A4-8586-A356F9A59885} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{7669C1D6-12A7-41A4-8586-A356F9A59885}\8416272797 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{7669C1D6-12A7-41A4-8586-A356F9A59885}\E45445745414255393 : DHCPNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\harry\appdata\roaming\mozilla\firefox\profiles\mxhymq34.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\glance29\npglance.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-10-29 213784]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
R3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2014-12-10 34080]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2013-7-3 225280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-10 102912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-5-26 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-5-26 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-5-16 1343400]
.
=============== Created Last 30 ================
.
2014-12-11 13:38:23 -------- d-----w- c:\program files\Icecream Screen Recorder
2014-12-11 12:54:08 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-10 12:46:59 10948096 ----a-w- c:\program files\internet explorer\F12Resources.dll
2014-12-10 12:46:58 815280 ----a-w- c:\program files\internet explorer\iexplore.exe
2014-12-10 12:45:54 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 12:45:45 1174528 ----a-w- c:\windows\system32\crypt32.dll
2014-12-10 12:45:38 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 12:45:35 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 12:45:34 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 12:45:34 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 12:45:34 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 12:45:34 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 12:40:07 34080 ----a-w- c:\windows\system32\drivers\glancedrv.sys
2014-12-10 12:40:07 33824 ----a-w- c:\windows\system32\glancedrv.dll
2014-12-10 12:40:07 -------- d-----w- c:\program files\Glance29
2014-11-24 21:21:18 -------- d-sh--w- c:\users\harry\appdata\local\EmieBrowserModeList
2014-11-19 12:40:02 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 12:40:02 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 20:13:24 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{56ec69a8-9412-4ca3-b56b-1207ad75f30a}\mpengine.dll
2014-11-18 19:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-17 17:43:15 450560 ----a-w- c:\windows\system32\fldrvw90.ocx
2014-11-17 17:43:15 1005088 ----a-w- c:\windows\system32\TList8.ocx
2014-11-17 17:43:14 89888 ----a-w- c:\windows\system32\mtFrame.ocx
2014-11-17 17:43:14 86016 ----a-w- c:\windows\system32\mtSplitter.ocx
2014-11-17 17:43:14 77504 ----a-w- c:\windows\system32\mtScrollContainer.ocx
2014-11-17 17:43:14 44736 ----a-w- c:\windows\system32\mtSubclass.dll
2014-11-17 17:43:14 2369456 ----a-w- c:\windows\system32\Codejock.CommandBars.v13.4.2.ocx
2014-11-17 17:43:14 171752 ----a-w- c:\windows\system32\mtRTF2.ocx
2014-11-17 17:43:14 -------- d-----w- c:\users\harry\appdata\roaming\AllDup
2014-11-17 17:43:14 -------- d-----w- c:\programdata\AllDup
2014-11-17 17:43:14 -------- d-----w- c:\program files\AllDup
2014-11-14 15:36:53 -------- d-----w- c:\program files\VS Revo Group
.
==================== Find3M ====================
.
2014-12-11 12:45:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 12:45:11 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-22 02:20:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:16 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-22 01:55:14 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22:49 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-18 23:16:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-18 23:16:36 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-04 19:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-31 00:44:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-30 02:34:52 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 20:13:58 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 09:23:55 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- c:\windows\system32\credssp.dll
.
============= FINISH: 13:01:32.51 ===============

Attached Files
File Type: zip attach.zip (101.7 KB)
File Type: zip ark.zip (1.6 KB)

Viewing all articles
Browse latest Browse all 2798

Trending Articles