Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My browser upon opening opens a second page i

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 26th, 2009, 11:12 am

Hi Windhlz.
I am trying to help you with your pc. If a re-install was needed i would let you know.
We already fixed the problems you had with IE and are trying to fix the Firefox problem, so be patient. Yes, we might need to use more tools.

You didn't answer my question, Are you still having problems with FireFox?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 26th, 2009, 11:46 am

Yes:
Firefox is still opening unrequested pages.
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 26th, 2009, 12:42 pm

Hi Windhlz thank you.
We need find out what is causing this.

Download HostsXpert and unzip it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program.
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • Click on Make ReadOnly to secure it against further infection.
  • Exit the program.

Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

In your next reply.

1. Gmer log.
2. How is FireFox performing now?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 26th, 2009, 2:35 pm

Firefox is still loading extra pages. Here's the log.
thanx,

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-26 11:30:15
Windows 5.1.2600 Service Pack 3
Running: tdr5rzbr.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\ugpdqfod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat A8843D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 27th, 2009, 7:15 am

Hi Windhlz.

I need a bit of information about your FireFox problem.
1. When you say extra pages are loading what exactly is happening, can you give me more details? Are they empty white pages or do you get redirect to any sites?
2. Do you have the latest version of FireFox which is 3.5.3?

To find out in FireFox got to Help > About Mozilla Firefox. The version you have will be listed there.
If you have an older version update to the latest version Here

Next.

In FireFox go to Tools. > Options. > Advanced. and click on Clear now.

Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan. *This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.

Now i would like you to do the following, and let me know if the FireFox problem still happens.

Run FF with no add-ons.

Go to Start
In the Start Search window, type Firefox (do not hit enter - search results will be displayed as you type)
Then select Mozilla Firefox (Safe Mode) to launch Firefox with all Add-ons disabled.

In your next reply.

1. more details about what is happening with FireFox.
2. Kaspersky log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 27th, 2009, 11:08 pm

Hi:
Ba--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 27, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 27, 2009 18:39:50
Records in database: 2927818
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 33584
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:30:52

No threats found. Scanned area is clean.

Selected area has been scanned.

Basically nothing has changed. Firefox when it opens always opens a second page at the same time that it opens the home page. The second page is an advertisement ,the last one was for lottery information for a while it was opening a page to date adults in your area, etc.
When firefox is running pages can open automatically as well. I did all of the above, however I had to reload FF, because the safe mode was missing until I deleted FF and downloaded it again. However, there was no difference the same thing occured in safe mode. Below is the Karpsky log.
Thanks Again
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 28th, 2009, 7:38 am

Hi Windhlz.
I ran GooredFix.exe below is the log. The first time I ran it I had downloaded through firefox so I ran it again through IE.

You say you ran Gooredfix with IE did you run it with FireFox?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 28th, 2009, 12:21 pm

I am not sure I understand your request? I downloaded GooredFix using IE and not FF as the browser you said "Ensure all Firefox windows are closed". So I ran it with ff closed, does that make sense?
Thanks
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 28th, 2009, 1:26 pm

Hi Windhlz.

Set Your Computer to Show All Files/Folders.

  • Click Start.
  • Click My Computer (Computer in Vista)..
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading, select Show hidden files and folders.
  • Uncheck Hide protected operating system files (recommended).
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

Next.

Please follow the file path below and find the hosts file.

C:\WINDOWS\system32\drivers\etc\hosts

could you please tell me what size the hosts file on your system is?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 28th, 2009, 11:30 pm

Here are the results:

hosts are 1k
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 29th, 2009, 10:41 am

Hi Windhlz



Disable AVG8

  • Open AVG8 Control Center, by right clicking on AVG8 icon on task bar.
  • Click on Tools.
  • Select Advanced.
  • In the left hand pane, scroll down to Resident Shield.
  • In the main pane, deselect the option to Enable Resident Shield.
  • Note: Don't forget to re-enable it after the fix.

Next.

Download and Run ComboFix

  • Please download ComboFix, and find instructions on how to properly run it from Here
    Make sure you install the recovery console if asked to.
    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
    Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. Normal scan time is 10-20 minutes. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

In your next reply.

1. ComboFix log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 29th, 2009, 11:48 pm

After running ComboFix I opend FF tonight AVG Shield advised me of a web page attempt to open and blocked it and advised me not to go there. I reinstalled AVG yesterday after having deleted it to run Kaspersky, I didn't know about the shield deactivation then. Below is the log from ComboFix:



ComboFix 09-09-29.01 - Michael 09/29/2009 20:22.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.490 [GMT -7:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2297251999-738724385-1645878046-1003
c:\recycler\S-1-5-21-504221711-2657588388-2843214241-1003
c:\recycler\S-1-5-21-861567501-1202660629-1935655697-1003

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-28 03:26 . 2009-09-28 03:26 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\AVG Security Toolbar
2009-09-28 03:20 . 2009-09-28 03:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-28 03:20 . 2009-09-28 03:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-28 03:20 . 2009-09-28 03:20 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-28 03:20 . 2009-09-28 03:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-28 03:19 . 2009-09-30 03:10 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-28 03:19 . 2009-09-28 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-28 03:12 . 2009-09-28 03:12 -------- d-----w- c:\documents and settings\Michael\Application Data\AVG8
2009-09-27 17:34 . 2009-09-27 17:34 -------- d-----w- c:\windows\Sun
2009-09-27 17:25 . 2009-09-27 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-27 17:25 . 2009-09-27 17:25 -------- d-----w- c:\program files\Java
2009-09-27 16:58 . 2009-09-27 16:58 -------- d-----w- c:\program files\MSXML 4.0
2009-09-24 21:23 . 2009-09-24 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-24 21:21 . 2009-09-26 03:50 -------- d-----w- C:\Rooter$
2009-09-23 22:19 . 2009-09-23 22:19 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2009-09-23 22:19 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 22:19 . 2009-09-23 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 22:19 . 2009-09-23 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 22:19 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 22:06 . 2009-09-23 22:06 -------- d-----w- C:\_OTM
2009-09-23 22:01 . 2009-09-23 22:02 -------- d-----w- c:\program files\ERUNT
2009-09-22 18:08 . 2009-09-22 18:08 -------- d-----w- C:\rsit
2009-09-17 03:55 . 2009-09-17 03:55 -------- d-----w- c:\program files\Trend Micro
2009-09-11 03:45 . 2009-09-11 03:45 -------- d-----w- c:\documents and settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Mozilla
2009-09-11 00:24 . 2009-09-11 03:23 -------- d-----w- c:\program files\Windows Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 03:20 . 2009-02-12 06:26 -------- d-----w- c:\program files\MailFrontier
2009-09-28 03:19 . 2009-02-08 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-11 03:45 . 2009-09-11 03:44 152 ----a-w- c:\documents and settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\fusioncache.dat
2009-09-03 05:03 . 2009-02-12 06:27 -------- d-----w- c:\documents and settings\Michael\Application Data\MailFrontier
2009-08-20 05:26 . 2009-03-06 05:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 05:24 . 2009-08-19 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-20 05:10 . 2009-08-20 05:08 -------- d-----w- c:\documents and settings\Michael\Application Data\GetRightToGo
2009-08-10 05:09 . 2008-09-11 11:51 -------- d-----w- c:\program files\Windows Live
2009-08-05 09:01 . 2008-08-09 14:32 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:48 . 2009-07-29 04:03 104120 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-17 19:01 . 2008-08-09 14:32 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 04:34 . 2009-07-15 04:34 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-14 06:43 . 2008-08-09 14:32 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Matador"="c:\progra~1\MAILFR~1\mantispm.exe" [2006-01-20 894544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-23 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-03 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-03 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-03-14 360448]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-27 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-28 2007832]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-31 16806912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-28 03:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2009 8:20 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2009 8:20 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2009 8:19 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2009 8:19 PM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [9/11/2008 4:17 AM 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [9/11/2008 3:18 PM 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [1/2/2002 12:51 PM 36864]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9/11/2008 7:42 PM 625024]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 16:09]

2009-09-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2009-09-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\yia5z0fe.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... imes.com//
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 20:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1368)
c:\windows\system32\WININET.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\windows\system32\ieframe.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-30 20:31
ComboFix-quarantined-files.txt 2009-09-30 03:31

Pre-Run: 76,350,705,664 bytes free
Post-Run: 76,633,423,872 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

175 --- E O F --- 2009-09-28 15:10
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » September 30th, 2009, 12:21 pm

Hi Windhlz.
Lets try this.

In FireFox go to Tools > Options > Main. Where it says Home page click on restore to default.
Now close FireFox and reboot your pc.

Please post back and let me know if that has fixed the problem.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My browser upon opening opens a second page i

Unread postby Windhlz » September 30th, 2009, 2:23 pm

It seems to be working!!! There was a weird page in there something like prizeday in conjunction with my usual home page NYTIMES. Thanks so much for your patience and help. It was an interesting learning experience for me. I didn't realize all the resources that are on the web to deal with these kinds of infections. Let me know if you think I should be using any other protection.
Thanks Again,
Michael Windholz
Windhlz
Regular Member
 
Posts: 17
Joined: September 17th, 2009, 12:17 am

Re: My browser upon opening opens a second page i

Unread postby Cypher » October 1st, 2009, 11:22 am

Hi Windhlz.
Thanks so much for your patience and help.

Your welcome, glad we could help :)

your latest set of logs are clean!

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Next.

Clean up with OTM

  • Double-click OTM.exe to start the program.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now remove any other tools we used that remain on your desktop.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Hide system files

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Do not show hidden files and folders.
  6. Check (tick) Hide extensions of known file types.
  7. Check (tick) Hide protected operating system files (Recommended).
  8. Click OK.
  9. Close My Computer.



    You version of Adobe Reader is outdated

    Update to the latest version Here



    Firewall

    Looking over your log it seems you don't have any evidence of a third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

    If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

    I would recommend you install a free firewall for personal use from one of these excellent vendors. Choice is yours:





    Create a new, clean System Restore point

    1. Click on Start > All Programs > Accessories > System Tools > System Restore.
    2. On the Welcome Page, select Create a restore point. Click Next.
    3. Give this restore point a descriptive name and click Create.
    4. When done, click Close.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.



Flush infected System Restore points

1. Right click on My Computer and select Properties.
2. Select the System Restore tab.
3. Check (tick) Turn off system restore on all drives box.
4. Click Apply.
5. Uncheck (untick) Turn off system restore on all drives box.
6. Click OK.
7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.



Here are some free programs I recommend that could help you improve your computer's security.



I recommend you keep Malwarebytes Anti-malware.


Install Sitehound
SiteHound is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

Safe surfing! :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware