[RESOLVED] Strange page keeps opening in FF

Started By PeggyB, Oct 24 2011 11:09 PM

Next
»

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

75 replies to this topic

#1 PeggyB

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 24 October 2011 - 11:09 PM

What the heck.....every time I open my FF browser a small little page opens up. It has never done this before. I ran all security and did find a few thing that weren't right and took care of them I think. This is the page that keeps opening.....
http_s04_cltrda_com

With small pic sample below.

Attached Images

Edited by Broni, 25 October 2011 - 12:11 AM.
Made link not clickable

Back to top

#2 Broni Re: [RESOLVED] Strange page keeps opening in FF

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:46 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 25 October 2011 - 12:12 AM

It's a spam site: http://www.mywot.com.../s04.cltrda.com

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Back to top

#3 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 25 October 2011 - 02:04 AM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:02 on 24/10/2011 (Owner)
Firefox version 6.0.1 (en-US)

========== GooredScan ==========

Removing Orphan:
"m3ffxtbr@mywebsearch.com"="C:\Program Files\MyWebSearch\bar\firefox\" -> Success!
Removing Orphan:
"$FFkey$"="$ff_user_default$\extensions\" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:15 01/09/2011]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zb38uopj.default\extensions\
textlinks@epicplay.com [18:04 18/10/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:38 28/06/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [23:20 15/09/2010]

-=E.O.F=-

Back to top

#4 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 25 October 2011 - 02:05 AM

Just to let you know......after running that program and I opened FF to post the above the same box showed up again.

Back to top

#5 Broni Re: [RESOLVED] Strange page keeps opening in FF

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:46 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 25 October 2011 - 02:10 AM

Yeah, you have more stuff there.

Complete all steps from here: http://www.smartestc...ease-read-this/

Back to top

#6 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 25 October 2011 - 02:30 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8014

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/24/2011 09:28:37 PM
mbam-log-2011-10-24 (21-28-37).txt

Scan type: Quick scan
Objects scanned: 209751
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E72625B-99E3-4644-BFF0-315AA91294FA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBD14491-A5A0-4809-9C5A-C9FC6DF0ACB0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{160113F2-1A31-44a1-9D1D-7CF92D815698} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BBD1449B-A5A0-4809-9C5A-C9FC6DF0ACB0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuizulousBar.DynamicBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuizulousBar.DynamicBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuizulousBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuizulousBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuizulousBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuizulousBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuizulousBar.XMLSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuizulousBar.XMLSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ANTRAX (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\ANTRAX\NewIdentification (Malware.Trace) -> Value: NewIdentification -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Back to top

#7 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 25 October 2011 - 02:34 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2011-10-24 21:33:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdapob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE5B9D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE5B9BC5]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE6399A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Back to top

#8 Broni Re: [RESOLVED] Strange page keeps opening in FF

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:46 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 25 October 2011 - 03:27 AM

Peggy, Peggy....pay attention...LOL
This is your topic, not where you posted your logs originally.
I moved those two logs here.

Back to top

#9 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 25 October 2011 - 03:35 AM

This is the only way I can show you the aswMBR saved file. Nothing would open it......

Attached Images

Back to top

#10 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 25 October 2011 - 03:43 AM

Step 4 has a problem.......

Attached Images

Back to top

#11 Broni Re: [RESOLVED] Strange page keeps opening in FF

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:46 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 25 October 2011 - 04:35 AM

Make sure aswMBR is not running anymore.

Going to bed :)

Back to top

#12 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 25 October 2011 - 07:20 AM

LOL....I went to bed also. Way to much stress, but couldn't sleep so back up again at 2:20AM...lol.
Nothing is running now.

Back to top

#13 Broni Re: [RESOLVED] Strange page keeps opening in FF

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:46 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 25 October 2011 - 11:03 PM

Go ahead with DDS.

Back to top

#14 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 25 October 2011 - 11:53 PM

DDS............Don't know if this is all of it. Had same problem with it as in Post #10
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Ask Toolbar
ATT-PRT22
avast! Free Antivirus
BellSouth FastAccess DSL Report Agent
Big Fish Games: Game Manager
Bonjour
BroadJump PPPoE
Burn4Free CD & DVD 4.9.0.0
CCleaner
Cleanse Uninstaller Pro 5
Diskeeper Home Edition
DVD Suite
Empty Temp Folders 2.8.3
ESET Online Scanner v3
EVEREST Home Edition v2.20
Foxit Reader
Google Toolbar for Internet Explorer
Google Update Helper
Hidden Mysteries®: The Fateful Voyage - Titanic
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Software Update
Image Resizer Powertoy for Windows XP
IncrediMail
IrfanView (remove only)
Jasc Animation Shop 3
Lost Chronicles: Fall of Caesar
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox 6.0.1 (x86 en-US)
MRU-Blaster v1.5 (Database 3/28/2004)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Control Panel 280.26
NVIDIA Drivers
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA nView 135.94
NVIDIA nView Desktop Manager
NVIDIA Update 1.4.28
NVIDIA Update Components
OpenOffice.org 3.2
Phantasmat
Power2Go 5.0
PowerDVD
Quick Startup 2.8.0.718
RapidBIT Suite
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Soft Data Fax Modem with SmartCP
Spare Backup
SpywareBlaster 4.4
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
The Fall Trilogy Chapter 3: Revelation
tinySpell 1.7.010
Unlocker 1.8.9
Update for Windows XP (KB2467659)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Webshots Desktop
Windows Backup Utility
Windows Driver Package - NVIDIA (NVENETFD) Net (11/27/2006 65.4.8)
Windows Driver Package - NVIDIA (nvnetbus) NVIDIA Network Bus Enumerator (11/27/2006 65.4.8)
Windows Imaging Component
Windows Installer Clean Up
Windows Presentation Foundation
Windows XP Service Pack 3
WinPatrol 2008
WinThemes Studio Pro
Wisdom-soft ScreenHunter 4.0 Free
Wondershare Photo Recovery 1.0
WOT for Internet Explorer
Yahoo! Messenger
.
==== End Of File ===========================

Back to top

#15 Broni Re: [RESOLVED] Strange page keeps opening in FF

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:46 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 25 October 2011 - 11:58 PM

...and DDS.txt...

Back to top

#16 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 26 October 2011 - 12:25 AM

That was the only one they showed me.

Back to top

#17 Broni Re: [RESOLVED] Strange page keeps opening in FF

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:46 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 01:01 AM

Re-run it.

Back to top

#18 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 26 October 2011 - 01:46 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 20:42:02 on 2011-10-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.417 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\KPService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1314719575140
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224873348187
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B536847E-E48A-4A33-9D4E-5FC53A007C66} : DhcpNameServer = 192.168.1.254
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\zb38uopj.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/default.aspx?mypg=1
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\epicplay\npEpicHost.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-2 64160]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-28 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-5-19 320856]
R1 KernelPatch_Helper;KernelPatch_Helper;c:\windows\system32\KPHelper.sys [2010-6-27 3192]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-19 20568]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2005-2-2 9344]
.
=============== Created Last 30 ================
.
2011-10-25 02:29:21 54016 ----a-w- c:\windows\system32\drivers\mjjdwbm.sys
2011-10-18 18:06:19 -------- d-----w- c:\documents and settings\all users\application data\JollyBear
2011-10-18 18:05:51 -------- d-----w- c:\program files\Ask.com
2011-10-18 18:05:44 -------- d-----w- c:\documents and settings\owner\local settings\application data\AskToolbar
2011-10-18 18:04:36 -------- d-----w- c:\program files\EpicPlay
.
==================== Find3M ====================
.
2011-10-16 13:31:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-31 22:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 04:42:16 280888 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-29 04:42:16 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-29 04:41:40 280888 -c--a-w- c:\windows\system32\nvdrsdb1.bin
.
============= FINISH: 20:44:05.25 ===============

Next One......................................................................................................................................................................................

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2008 11:22:58 AM
System Uptime: 10/24/2011 02:12:18 PM (30 hours ago)
.
Motherboard: Gateway | | MCP61SM2MA
Processor: AMD Sempron™ Processor LE-1250 | Socket AM2 | 2210/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 106.296 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 2.572 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP414: 7/27/2011 11:14:16 PM - System Checkpoint
RP415: 7/29/2011 04:10:24 AM - System Checkpoint
RP416: 7/30/2011 09:36:57 AM - System Checkpoint
RP417: 7/31/2011 10:23:01 AM - System Checkpoint
RP418: 8/1/2011 10:54:17 AM - System Checkpoint
RP419: 8/2/2011 11:45:42 AM - System Checkpoint
RP420: 8/3/2011 01:01:56 AM - Installed DirectX
RP421: 8/4/2011 01:44:18 AM - System Checkpoint
RP422: 8/5/2011 10:24:28 AM - System Checkpoint
RP423: 8/6/2011 12:08:24 PM - System Checkpoint
RP424: 8/7/2011 12:41:00 PM - System Checkpoint
RP425: 8/8/2011 01:18:11 PM - System Checkpoint
RP426: 8/9/2011 07:30:42 PM - System Checkpoint
RP427: 8/10/2011 10:15:40 PM - System Checkpoint
RP428: 8/12/2011 12:09:43 AM - System Checkpoint
RP429: 8/13/2011 12:26:06 AM - System Checkpoint
RP430: 8/14/2011 04:50:45 AM - System Checkpoint
RP431: 8/15/2011 12:21:01 PM - System Checkpoint
RP432: 8/16/2011 12:51:00 PM - System Checkpoint
RP433: 8/17/2011 01:48:07 PM - System Checkpoint
RP434: 8/18/2011 03:36:14 PM - System Checkpoint
RP435: 8/19/2011 06:05:13 PM - System Checkpoint
RP436: 8/20/2011 11:39:34 PM - System Checkpoint
RP437: 8/22/2011 01:22:03 AM - System Checkpoint
RP438: 8/23/2011 06:38:45 AM - System Checkpoint
RP439: 8/24/2011 07:03:23 AM - System Checkpoint
RP440: 8/25/2011 08:21:18 AM - System Checkpoint
RP441: 8/26/2011 09:13:17 AM - System Checkpoint
RP442: 8/26/2011 11:35:45 AM - Restore Operation
RP443: 8/26/2011 11:40:12 PM - Software Distribution Service 3.0
RP444: 8/26/2011 11:44:20 PM - Installed Windows Internet Explorer 8.
RP445: 8/26/2011 11:44:29 PM - Software Distribution Service 3.0
RP446: 8/27/2011 10:50:37 AM - Installed Java™ 6 Update 27
RP447: 8/28/2011 01:08:17 PM - System Checkpoint
RP448: 8/29/2011 02:34:10 PM - System Checkpoint
RP449: 8/30/2011 04:07:39 PM - System Checkpoint
RP450: 8/31/2011 08:59:43 AM - Removed J2SE Runtime Environment 5.0 Update 15
RP451: 9/1/2011 09:40:37 AM - System Checkpoint
RP452: 9/2/2011 09:51:43 AM - System Checkpoint
RP453: 9/3/2011 10:05:11 AM - System Checkpoint
RP454: 9/4/2011 12:42:35 PM - System Checkpoint
RP455: 9/5/2011 02:00:02 PM - System Checkpoint
RP456: 9/6/2011 02:42:31 PM - System Checkpoint
RP457: 9/7/2011 09:09:13 PM - System Checkpoint
RP458: 9/9/2011 12:01:01 AM - System Checkpoint
RP459: 9/10/2011 12:37:05 AM - System Checkpoint
RP460: 9/11/2011 01:05:50 AM - System Checkpoint
RP461: 9/12/2011 02:17:50 AM - System Checkpoint
RP462: 9/13/2011 02:46:45 AM - System Checkpoint
RP463: 9/14/2011 02:51:29 AM - System Checkpoint
RP464: 9/15/2011 03:51:29 AM - System Checkpoint
RP465: 9/16/2011 04:51:29 AM - System Checkpoint
RP466: 9/17/2011 05:17:04 AM - System Checkpoint
RP467: 9/18/2011 06:04:35 AM - System Checkpoint
RP468: 9/19/2011 07:04:35 AM - System Checkpoint
RP469: 9/20/2011 11:09:42 AM - System Checkpoint
RP470: 9/21/2011 12:13:03 PM - System Checkpoint
RP471: 9/22/2011 12:44:08 PM - System Checkpoint
RP472: 9/23/2011 03:43:35 PM - System Checkpoint
RP473: 9/24/2011 04:30:07 PM - System Checkpoint
RP474: 9/25/2011 10:18:20 PM - System Checkpoint
RP475: 9/27/2011 12:04:53 AM - System Checkpoint
RP476: 9/28/2011 12:51:38 AM - System Checkpoint
RP477: 9/29/2011 02:36:01 AM - System Checkpoint
RP478: 9/30/2011 03:32:13 AM - System Checkpoint
RP479: 10/1/2011 04:32:15 AM - System Checkpoint
RP480: 10/2/2011 05:33:19 AM - System Checkpoint
RP481: 10/3/2011 05:35:48 AM - System Checkpoint
RP482: 10/4/2011 06:35:48 AM - System Checkpoint
RP483: 10/5/2011 07:35:48 AM - System Checkpoint
RP484: 10/6/2011 07:59:48 AM - System Checkpoint
RP485: 10/7/2011 09:01:46 AM - System Checkpoint
RP486: 10/8/2011 10:32:58 AM - System Checkpoint
RP487: 10/9/2011 10:35:48 AM - System Checkpoint
RP488: 10/10/2011 11:11:47 AM - System Checkpoint
RP489: 10/11/2011 11:17:18 AM - System Checkpoint
RP490: 10/12/2011 11:35:52 AM - System Checkpoint
RP491: 10/13/2011 12:25:42 PM - System Checkpoint
RP492: 10/14/2011 12:51:21 PM - System Checkpoint
RP493: 10/15/2011 05:32:00 PM - System Checkpoint
RP494: 10/16/2011 06:03:18 PM - System Checkpoint
RP495: 10/17/2011 06:55:15 PM - System Checkpoint
RP496: 10/18/2011 09:16:08 PM - System Checkpoint
RP497: 10/19/2011 10:54:54 PM - System Checkpoint
RP498: 10/21/2011 12:11:14 AM - System Checkpoint
RP499: 10/22/2011 12:22:00 AM - System Checkpoint
RP500: 10/23/2011 12:26:17 AM - System Checkpoint
RP501: 10/24/2011 01:06:28 AM - System Checkpoint
RP502: 10/25/2011 01:16:47 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Ask Toolbar
ATT-PRT22
avast! Free Antivirus
BellSouth FastAccess DSL Report Agent
Big Fish Games: Game Manager
Bonjour
BroadJump PPPoE
Burn4Free CD & DVD 4.9.0.0
CCleaner
Cleanse Uninstaller Pro 5
Diskeeper Home Edition
DVD Suite
Empty Temp Folders 2.8.3
ESET Online Scanner v3
EVEREST Home Edition v2.20
Foxit Reader
Google Toolbar for Internet Explorer
Google Update Helper
Hidden Mysteries®: The Fateful Voyage - Titanic
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Software Update
Image Resizer Powertoy for Windows XP
IncrediMail
IrfanView (remove only)
Jasc Animation Shop 3
Lost Chronicles: Fall of Caesar
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox 6.0.1 (x86 en-US)
MRU-Blaster v1.5 (Database 3/28/2004)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Control Panel 280.26
NVIDIA Drivers
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA nView 135.94
NVIDIA nView Desktop Manager
NVIDIA Update 1.4.28
NVIDIA Update Components
OpenOffice.org 3.2
Phantasmat
Power2Go 5.0
PowerDVD
Quick Startup 2.8.0.718
RapidBIT Suite
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Soft Data Fax Modem with SmartCP
Spare Backup
SpywareBlaster 4.4
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
The Fall Trilogy Chapter 3: Revelation
tinySpell 1.7.010
Unlocker 1.8.9
Update for Windows XP (KB2467659)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Webshots Desktop
Windows Backup Utility
Windows Driver Package - NVIDIA (NVENETFD) Net (11/27/2006 65.4.8)
Windows Driver Package - NVIDIA (nvnetbus) NVIDIA Network Bus Enumerator (11/27/2006 65.4.8)
Windows Imaging Component
Windows Installer Clean Up
Windows Presentation Foundation
Windows XP Service Pack 3
WinPatrol 2008
WinThemes Studio Pro
Wisdom-soft ScreenHunter 4.0 Free
Wondershare Photo Recovery 1.0
WOT for Internet Explorer
Yahoo! Messenger
.
==== End Of File ===========================

Back to top

#19 Broni Re: [RESOLVED] Strange page keeps opening in FF

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:46 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 01:47 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#20 PeggyB Re: [RESOLVED] Strange page keeps opening in FF

Administrator

17,510 posts
Joined: October 04, 2004
695 topics
Age: 64
Skin: Smartest
Local time: 05:46 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 8d 5h 56m 56s

Posted 26 October 2011 - 02:24 AM

ComboFix 11-10-25.04 - Owner 10/25/2011 21:08:23.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.531 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\vso_ts_preview.xml
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\d3d9caps.dat
c:\windows\system32\Temp
c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list
c:\windows\system32\Temp\ajkjclnlrvogjpwpgsow.list
c:\windows\system32\Temp\cumwnoyriaszutfdxupw.list
c:\windows\system32\Temp\ddnapauqusofrpyqzgrh.list
c:\windows\system32\Temp\efyjdzhbcwoscraixnil.list
c:\windows\system32\Temp\ilferzqroctdgwslzebe.list
c:\windows\system32\Temp\jjqulfsvtxeughslzeaf.list
c:\windows\system32\Temp\pwrcmkcborcxvryhstmr.list
c:\windows\system32\Temp\rfogjviirrximhttosko.list
c:\windows\system32\Temp\rhcqhwehoyeegeomhept.list
c:\windows\system32\Temp\svsheimgvhmdwhuzmxva.list
c:\windows\system32\Temp\tcbbcuujpltmivvdcbbf.list
c:\windows\system32\Temp\xjjmbwtexmdxkfupcqyo.list
c:\windows\windl32
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-25 02:29 . 2011-10-25 02:29 54016 ----a-w- c:\windows\system32\drivers\mjjdwbm.sys
2011-10-18 18:06 . 2011-10-18 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2011-10-18 18:05 . 2011-10-18 18:05 -------- d-----w- c:\program files\Ask.com
2011-10-18 18:05 . 2011-10-18 18:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2011-10-18 18:04 . 2011-10-24 05:08 -------- d-----w- c:\program files\EpicPlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 13:31 . 2011-05-14 15:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2010-06-29 23:14 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2008-05-19 17:53 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-02-28 15:40 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-05-19 17:53 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2008-05-19 17:53 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2008-05-19 17:53 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2008-05-19 17:53 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2008-05-19 17:53 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-05-19 17:53 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2008-05-19 17:53 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-31 22:00 . 2010-10-05 00:58 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 11:49 . 2011-08-27 19:45 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-08-27 19:45 145000 -c--a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-08-27 19:45 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-08-27 19:45 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-08-27 19:45 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-08-27 19:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2011-08-27 19:45 914024 -c--a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2011-08-27 19:45 875112 -c--a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2011-08-27 19:45 61440 -c--a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-08-27 19:45 5427200 -c--a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-08-27 19:45 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-08-27 19:45 2387560 -c--a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-08-27 19:45 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-08-27 19:45 17186816 -c--a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-08-27 19:45 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2007-11-09 23:38 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2007-11-09 23:38 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-30 22:59 . 2011-09-01 03:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-20 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-11 15:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-11-29 20:22 58928 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 07:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 02:24 966656 -c--a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 23:10 56928 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-27 07:20 16844800 -c--a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-08-03 06:22 1826816 -c--a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
2007-07-14 00:19 5252936 -c--a-w- c:\program files\Spare Backup\SpareBackup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-10-24 14:19 4615552 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2008-04-25 17:31 333120 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/2/2009 10:46 AM 64160]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/28/2011 10:40 AM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/19/2008 12:53 PM 320856]
R1 KernelPatch_Helper;KernelPatch_Helper;c:\windows\system32\KPHelper.sys [6/27/2010 08:49 PM 3192]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 01:53 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/2/2010 11:15 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/19/2008 12:53 PM 20568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/27/2011 02:46 PM 2255464]
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [8/30/2009 12:53 PM 16690]
R3 VWan2k;BroadJump PPPoE Adapter;c:\windows\system32\drivers\VWAN2K.sys [8/30/2009 12:53 PM 29228]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2011 09:33 PM 136176]
S2 KPService;KPService;c:\windows\system32\KPService.exe [6/27/2010 08:49 PM 36864]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2011 09:33 PM 136176]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2/2/2005 06:29 PM 9344]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/3/2010 10:48 PM 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 05:51 PM 12872]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - aswMBR
*Deregistered* - fxtdapob
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 02:33]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 02:33]
.
2011-10-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zb38uopj.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/default.aspx?mypg=1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 21:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-25 21:21:51
ComboFix-quarantined-files.txt 2011-10-26 02:21
.
Pre-Run: 114,073,321,472 bytes free
Post-Run: 114,051,903,488 bytes free
.
- - End Of File - - 25D38B1190EEADF05C4AB638EF0413AB