Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware opens web page randomly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware opens web page randomly

Unread postby Somi90 » December 22nd, 2009, 2:57 pm

Hi, I need help.I got some malware in my computer which opens randomly some stupid link (evem when I turn on my computer he opens mozilla by himself so he can load it), site is this one-(http://www.mainstories.com/index.php/finance)

I tried everything but with no success..I tried scaning with avast some other anti-malware programs but no help , they cant find it..Im desperate! :(

Here is DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Milos Radovic at 19:40:41.32 on Tue 12/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2517 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 091220-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Milos Radovic\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Taskman=d:\recycler\s-1-5-21-0086104417-9301490715-349306869-8625\nissan.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\milosr~1\applic~1\mozilla\firefox\profiles\u9ipy9du.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox ... S:official
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============



Thanks anyway.

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-12-16 114768]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-12-16 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-16 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-16 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-16 352920]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2009-12-14 1684736]
S3 GarenaPEngine;GarenaPEngine;d:\docume~1\milosr~1\locals~1\temp\AWH296.tmp [2009-12-20 25616]

=============== Created Last 30 ================

2009-12-22 18:07:08 3245 ----a-w- d:\windows\system32\wbem\Outlook_01ca8331939df31e.mof
2009-12-22 18:05:08 21504 -c--a-w- d:\windows\system32\dllcache\hidserv.dll
2009-12-22 18:05:08 21504 ----a-w- d:\windows\system32\hidserv.dll
2009-12-22 18:05:06 14592 -c--a-w- d:\windows\system32\dllcache\kbdhid.sys
2009-12-22 18:05:06 14592 ----a-w- d:\windows\system32\drivers\kbdhid.sys
2009-12-22 18:05:04 10368 -c--a-w- d:\windows\system32\dllcache\hidusb.sys
2009-12-22 18:05:04 10368 ----a-w- d:\windows\system32\drivers\hidusb.sys
2009-12-22 18:05:03 32384 -c--a-w- d:\windows\system32\dllcache\usbccgp.sys
2009-12-22 18:05:03 32384 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2009-12-22 16:28:57 0 d-----w- D:\_OTM
2009-12-21 00:43:49 0 d-----w- d:\docume~1\alluse~1\applic~1\AntiSpyInfo
2009-12-20 18:39:40 0 d-----w- d:\docume~1\milosr~1\applic~1\mIRC
2009-12-20 18:31:03 262 ----a-w- d:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-12-20 18:30:53 0 d-----w- d:\program files\common files\Wise Installation Wizard
2009-12-20 15:12:10 77835 ----a-w- d:\windows\War3Unin.dat
2009-12-20 15:12:10 2829 ----a-w- d:\windows\War3Unin.pif
2009-12-20 15:12:10 139264 ----a-w- d:\windows\War3Unin.exe
2009-12-19 12:19:19 545 ----a-w- d:\windows\UC.PIF
2009-12-19 12:19:19 545 ----a-w- d:\windows\RAR.PIF
2009-12-19 12:19:19 545 ----a-w- d:\windows\PKZIP.PIF
2009-12-19 12:19:19 545 ----a-w- d:\windows\PKUNZIP.PIF
2009-12-19 12:19:19 545 ----a-w- d:\windows\NOCLOSE.PIF
2009-12-19 12:19:19 545 ----a-w- d:\windows\LHA.PIF
2009-12-19 12:19:19 545 ----a-w- d:\windows\ARJ.PIF
2009-12-19 12:19:19 0 d-----w- d:\docume~1\milosr~1\applic~1\GHISLER
2009-12-18 20:45:48 376 ----a-w- d:\windows\ODBC.INI
2009-12-18 20:45:44 28040 ----a-w- d:\windows\system32\mdimon.dll
2009-12-18 20:45:06 0 d-----w- d:\program files\Microsoft ActiveSync
2009-12-18 20:44:19 0 d-----w- d:\windows\SHELLNEW
2009-12-18 20:41:11 0 d-----w- d:\windows\system32\appmgmt
2009-12-17 23:40:40 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-12-17 02:37:14 0 d-----w- d:\program files\MSXML 4.0
2009-12-17 02:36:44 0 d--h--w- d:\windows\$hf_mig$
2009-12-17 02:23:38 0 d-----w- d:\docume~1\milosr~1\applic~1\uTorrent
2009-12-16 22:23:48 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-12-16 22:18:58 0 d-----r- d:\program files\Skype
2009-12-16 20:39:31 52224 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2009-12-16 20:39:31 459264 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2009-12-16 20:39:31 268288 -c----w- d:\windows\system32\dllcache\iertutil.dll
2009-12-16 20:39:30 991232 -c----w- d:\windows\system32\dllcache\ieframe.dll.mui
2009-12-16 20:39:30 63488 -c----w- d:\windows\system32\dllcache\icardie.dll
2009-12-16 20:39:30 380928 -c----w- d:\windows\system32\dllcache\ieapfltr.dll
2009-12-16 20:39:30 2452872 -c----w- d:\windows\system32\dllcache\ieapfltr.dat
2009-12-16 20:39:30 13824 -c----w- d:\windows\system32\dllcache\ieudinit.exe
2009-12-16 20:39:29 6070784 -c----w- d:\windows\system32\dllcache\ieframe.dll
2009-12-16 20:04:46 455936 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2009-12-16 19:51:45 2189312 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2009-12-16 19:51:45 2145280 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-16 19:51:44 2023936 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2009-12-16 19:06:54 0 d-----w- d:\windows\system32\SoftwareDistribution
2009-12-15 19:13:59 414272 ----a-w- d:\windows\system32\DivXc32f.dll
2009-12-15 19:13:59 414272 ----a-w- d:\windows\system32\DivXc32.dll
2009-12-15 19:13:59 291408 ----a-w- d:\windows\system32\DivXa32.acm
2009-12-15 19:13:59 240400 ----a-w- d:\windows\system32\DivX_c32.ax
2009-12-15 19:11:00 5794 ----a-w- d:\windows\MDVDP.Ini
2009-12-15 17:14:50 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-12-14 22:22:44 0 d-----w- d:\docume~1\milosr~1\applic~1\Microsoft Games
2009-12-14 21:53:07 0 d-----w- d:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-12-14 21:53:05 0 d-----w- d:\program files\DAEMON Tools Toolbar
2009-12-14 21:48:53 721904 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-14 21:48:51 0 d-----w- d:\docume~1\milosr~1\applic~1\DAEMON Tools Lite
2009-12-14 20:57:07 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-14 20:54:42 0 d-----w- d:\program files\common files\ATI Technologies
2009-12-14 20:52:13 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-14 20:52:11 311296 ----a-r- d:\windows\system32\atiiiexx.dll
2009-12-14 20:52:11 18440 ----a-r- d:\windows\atiogl.xml
2009-12-14 20:52:08 446464 ----a-r- d:\windows\system32\ATIDEMGX.dll
2009-12-14 20:52:07 7167 ----a-r- d:\windows\system32\atifglpf.xml
2009-12-14 20:52:06 887724 ----a-r- d:\windows\system32\ativva6x.dat
2009-12-14 20:52:06 3 ----a-r- d:\windows\system32\ativva5x.dat
2009-12-14 20:52:06 197655 ----a-r- d:\windows\system32\atiicdxx.dat
2009-12-14 20:51:52 0 d-----w- d:\program files\ATI Technologies
2009-12-14 20:43:18 0 d-----w- d:\docume~1\milosr~1\applic~1\AVG8
2009-12-14 20:42:58 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
2009-12-14 20:27:38 0 d-----w- d:\windows\system32\ReinstallBackups
2009-12-14 20:27:35 290816 ----a-w- d:\windows\vncutil.exe
2009-12-14 20:27:34 39424 ----a-w- d:\windows\system32\RtkCoInstXP.dll
2009-12-14 20:27:34 104992 ----a-w- d:\windows\RtkAudioService.exe
2009-12-14 20:27:31 1389056 ----a-w- d:\windows\system32\drivers\Monfilt.sys
2009-12-14 20:27:29 1684736 ----a-w- d:\windows\system32\drivers\Ambfilt.sys
2009-12-14 20:27:29 0 d-----w- d:\program files\Realtek
2009-12-14 20:27:22 528384 ------r- d:\windows\RtlExUpd.dll
2009-12-14 20:10:42 552 ----a-w- d:\windows\system32\d3d8caps.dat
2009-12-14 19:45:17 0 d-sh--w- d:\documents and settings\all users\DRM
2009-12-14 19:45:06 0 d--h--w- d:\program files\WindowsUpdate
2009-12-14 19:45:00 0 d-----w- d:\program files\Windows Media Connect 2
2009-12-14 19:44:28 0 d-----w- d:\program files\common files\MSSoap
2009-12-14 19:43:31 0 d-----w- d:\program files\Online Services
2009-12-14 19:43:28 0 d-----w- d:\program files\Messenger
2009-12-14 19:43:25 0 d-----w- d:\program files\MSN Gaming Zone
2009-12-14 19:42:55 0 d-----w- d:\program files\Windows NT
2009-12-14 19:39:18 0 d-----w- d:\program files\common files\ODBC
2009-12-14 19:39:16 0 d-----w- d:\program files\common files\SpeechEngines
2009-12-14 19:38:59 0 d-----r- d:\documents and settings\all users\Documents

==================== Find3M ====================

2009-12-14 19:49:59 9985 ----a-w- D:\hwids.dat
2009-12-14 19:43:35 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-11-09 03:21:18 59388 ----a-w- d:\windows\system32\drivers\scdemu.sys
2009-10-29 07:45:44 841216 ----a-w- d:\windows\system32\wininet.dll
2009-10-29 07:45:42 78336 ----a-w- d:\windows\system32\ieencode.dll
2009-10-29 07:45:42 17408 ----a-w- d:\windows\system32\corpol.dll
2009-10-13 10:30:16 270336 ----a-w- d:\windows\system32\oakley.dll
2009-10-12 17:58:48 150016 ----a-w- d:\windows\system32\rastls.dll
2009-10-12 13:28:47 79872 ----a-w- d:\windows\system32\raschap.dll

============= FINISH: 19:40:49.46 ===============
Somi90
Active Member
 
Posts: 1
Joined: December 22nd, 2009, 2:46 pm
Advertisement
Register to Remove

Re: Malware opens web page randomly

Unread postby NonSuch » December 23rd, 2009, 11:43 pm

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log by pasting it into your post. Do not utilize attachments.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 20 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware