please help me with trojan.fakefirefox

[jerrycsr]

Malwarebytes has found trojan.fakefirefox but it can't remove it from my system.

Could somebody here help me do that?

Much appreciated.

DDS log below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by work laptop at 15:36:09 on 2012-03-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.271 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe

C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant =

mSearchAssistant =

uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll

TB: {FEEEB9C2-E466-4A83-876C-6FD2DDF1A3D1} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TDispVol] TDispVol.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [AudioCommander] "c:\program files\andrea electronics\audiocommander\AudioCommander.exe" /tray

mRun: [AEFltrs] "c:\program files\andrea electronics\audiocommander\AEFltrs.exe" /NoDlg

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 205.171.2.65 68.94.156.1 12.127.16.67

TCP: Interfaces\{802C6D86-497D-496C-B42F-1FB5EE0B51E5} : DhcpNameServer = 205.171.2.65 68.94.156.1 12.127.16.67

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [2008-12-15 21760]

S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [2007-7-23 22528]

S3 DS2490;DS2490 (USB Host for 1-Wire Microlan);c:\windows\system32\drivers\DS2490.sys [2006-12-26 49108]

S3 F5U103BD;Belkin F5U103 USB-RS232 Bus Driver;c:\windows\system32\drivers\F5U103BD.SYS [2007-1-2 16226]

S3 F5U103UD;Belkin F5U103 USB-RS232 Port Driver;c:\windows\system32\drivers\F5U103UD.SYS [2007-1-2 25267]

S3 MiraUSB;Stenograph élan Mira Service;c:\windows\system32\drivers\MiraUSB.sys [2007-1-2 26631]

S3 MiraUSB2;Stenograph USB Writer Service;c:\windows\system32\drivers\SGUsb.sys [2007-5-17 26208]

S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2005-2-18 10752]

S3 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-4-21 52080]

S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2007-1-3 727908]

S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2007-1-3 44928]

S3 USA19W;USA19W;c:\windows\system32\drivers\usa19w2k.sys [2007-1-3 292920]

S3 USA19w2KP;Keyspan High Speed USB Serial Adapter Port Driver;c:\windows\system32\drivers\usa19w2kp.sys [2007-1-3 40848]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2009-3-26 1522176]

S3 wdfsgusbV2;Stenograph WDF USB Writer Service V2;c:\windows\system32\drivers\wdfsgusb.sys [2009-10-2 18952]

S3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\drivers\wdfsgusb.sys [2009-10-2 18952]

.

=============== Created Last 30 ================

.

2012-03-14 18:45:37 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-03-12 22:46:09 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-12 22:46:09 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2012-03-12 22:46:09 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-12 15:28:35 -------- dc-h--w- c:\windows\ie8

2012-03-12 14:58:56 249856 ----a-w- c:\windows\system32\AECtrl.cpl

2012-03-12 14:57:07 -------- d-----w- c:\documents and settings\work laptop\application data\Stenograph

2012-03-12 14:23:43 53248 ----a-w- c:\windows\system32\rtfcreext.dll

2012-03-12 14:23:43 266240 ----a-w- c:\windows\system32\CatTips.dll

2012-03-12 14:23:33 4826624 ----a-w- c:\windows\system32\cdintf450.dll

2012-03-07 02:09:31 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{3930f80e-f99c-461f-808f-5654c42485fa}\mpengine.dll

2012-02-22 12:18:35 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-22 12:18:35 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-02-05 18:02:35 87608 ----a-w- c:\documents and settings\work laptop\application data\inst.exe

2012-02-05 18:02:35 47360 ----a-w- c:\documents and settings\work laptop\application data\pcouffin.sys

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-29 20:22:55 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH: 15:37:06.67 ===============

[jerrycsr]

DDS attach log below:

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/26/2006 8:12:44 AM

System Uptime: 3/15/2012 9:04:34 AM (0 hours ago)

.

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards

Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U1 | 1596/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 27.483 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP2701: 1/13/2012 8:11:59 PM - System Checkpoint

RP2702: 1/15/2012 7:36:32 AM - System Checkpoint

RP2703: 1/16/2012 11:44:34 AM - System Checkpoint

RP2704: 1/17/2012 7:27:04 PM - System Checkpoint

RP2705: 1/20/2012 5:18:18 PM - System Checkpoint

RP2706: 1/25/2012 7:43:17 PM - System Checkpoint

RP2707: 1/26/2012 8:42:50 PM - System Checkpoint

RP2708: 1/28/2012 9:57:38 AM - System Checkpoint

RP2709: 2/1/2012 9:19:43 PM - Installed iTunes

RP2710: 2/1/2012 9:52:32 PM - Software Distribution Service 3.0

RP2711: 2/5/2012 11:57:01 AM - Configured caseCATalyst4

RP2712: 2/5/2012 2:04:30 PM - Software Distribution Service 3.0

RP2713: 2/22/2012 6:29:06 AM - Software Distribution Service 3.0

RP2714: 3/3/2012 9:45:21 PM - System Checkpoint

RP2715: 3/6/2012 8:09:28 PM - Software Distribution Service 3.0

RP2716: 3/8/2012 7:01:29 PM - System Checkpoint

RP2717: 3/10/2012 4:26:56 PM - System Checkpoint

RP2718: 3/12/2012 9:36:24 AM - Software Distribution Service 3.0

RP2719: 3/12/2012 10:02:18 AM - Removed AudioAdvantageSRM

RP2720: 3/12/2012 10:03:21 AM - Removed iRiver Manager

RP2721: 3/12/2012 10:30:15 AM - Installed Windows Internet Explorer 8.

RP2722: 3/12/2012 10:31:57 AM - Software Distribution Service 3.0

RP2723: 3/12/2012 10:45:30 AM - Software Distribution Service 3.0

RP2724: 3/12/2012 11:56:03 AM - Unsigned driver install

RP2725: 3/12/2012 5:44:29 PM - Removed Java 6 Update 16

RP2726: 3/12/2012 5:45:24 PM - Installed Java 6 Update 31

RP2727: 3/13/2012 4:19:45 PM - Software Distribution Service 3.0

RP2728: 3/13/2012 4:39:23 PM - Software Distribution Service 3.0

RP2729: 3/14/2012 1:30:49 PM - Removed Skype™ 4.1

RP2730: 3/14/2012 1:34:07 PM - Removed iTunes

RP2731: 3/14/2012 1:39:11 PM - Removed Apple Mobile Device Support

RP2732: 3/14/2012 1:39:57 PM - Removed Apple Software Update

RP2733: 3/14/2012 1:40:34 PM - Removed Apple Application Support

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.7

Amazon MP3 Downloader 1.0.3

Andrea Electronics AudioCommander

Andrea Electronics USB Audio

AnyDVD

AT&T Self Support Tool

AT&T Yahoo! Applications

Bluesoleil3.2.2.8 Release 070421

Bluetooth Stack for Windows by Toshiba

Bonjour

Briefs Encountered

BroadJump Client Foundation

Case CATalyst

caseCATalyst4

CCleaner

CD/DVD Drive Acoustic Silencer

CDisplay 1.8

Character Pro 5

Defraggler

Desktop Dialer

Dictionary Jumpstart 7

Dramatica Pro 4.0

Dramatica Pro Story Wizard

DVD-RAM Driver

DVD Shrink 3.2

DVD Snapshot 1.4

DVR Manager DVR-008

Easy CD-DA Extractor 12

Express Burn

FairStars CD Ripper 1.32

Free CD to WAV MP3 WMA AMR AC3 AAC Ripper 2.0

GearPlayer

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Inspiration 6

Instant Briefer 1.1

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet/Wireless Software

InterVideo WinDVD Creator 2

InterVideo WinDVD for TOSHIBA

iRiver Manager

iRiver Updater

J2SE Runtime Environment 5.0 Update 4

Java Auto Updater

Java 6 Update 31

Keyspan High Speed USB Serial Adapter

Keyspan USB Serial Adapter

Malwarebytes Anti-Malware version 1.60.1.1000

mCore

mDrWiFi

Media Player Classic - Home Cinema v. 1.3.1249.0

Media Player Codec Pack 3.6.0

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft WinUsb 1.0

mIWA

mLogView

mMHouse

Motorola Phone Tools

Movie Magic Screenwriter 6

mPfMgr

mPfWiz

mProSafe

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mWlsSafe

mXML

mZConfig

Office 2003 Trial Assistant

OpenOffice.org 3.1

Picasa 3

QuickStory 5

Realtek High Definition Audio Driver

Rhapsody Player Engine

Riva FLV Player

SD Secure Module

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Segoe UI

Skype web features

Sonic Encoders

Sonic RecordNow!

Story Weaver 1_0

Switch Sound File Converter

Synaptics Pointing Device Driver

TaxCut Basic 2006

Testimony Accelerator

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Controls

TOSHIBA Game Console

TOSHIBA Hotkey Utility

Toshiba Media Center Game Console

TOSHIBA PC Diagnostic Tool

TOSHIBA Power Saver

Toshiba Registration

TOSHIBA SD Memory Card Format

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA TouchPad ON/Off Utility

TOSHIBA TV Tuner 4.0.12.73

TOSHIBA Utilities

TOSHIBA Virtual Sound

TOSHIBA Zooming Utility

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2641690)

Viewpoint Media Player

WebFldrs XP

Winamp

Windows Defender

Windows Driver Package - Dallas Semiconductor Maxim (WinUSB) 1-Wire (05/01/2007 6.0.1.0)

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Service Pack 3

Writer's Blocks

.

==== End Of File ===========================

[jerrycsr]

I think I've resolved this. I rebooted my computer in safe mode. Then I ran Malwarebytes. Malwarebytes was unable to clean the infection after a regular boot-up but after booting in safe mode and running it, it seems to be gone.

[Maniac]

Hi and

What is the situation in normal mode?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!