Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Default internet browswer keeps popping up tab

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Default internet browswer keeps popping up tab

Unread postby askey127 » January 10th, 2011, 5:39 am

jxhypez,
---------------------------------------------------------
Set Firefox to Ask Where to Save Downloads
Open Firefox, then hit the Alt key once .
At the top click on Tools, and select Options.
Click on the General tab, and check the button "Always ask me where to save files"
Click OK.

Please use Firefox and try again to Download ComboFix from HERE.
Save to the Desktop, then follow the previous instructions about running it. You may prefer to print out the previous instruction first.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Default internet browswer keeps popping up tab

Unread postby jxhypez » January 11th, 2011, 4:02 am

ComboFix 11-01-10.07 - HP 01/11/2011 15:08:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.549 [GMT 8:00]
Running from: c:\documents and settings\HP\Desktop\zzz.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-09 02:01 . 2011-01-09 02:01 -------- d-----w- C:\_OTL
2011-01-03 03:26 . 2011-01-03 03:26 388096 ----a-r- c:\documents and settings\HP\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 03:26 . 2011-01-03 03:26 -------- d-----w- c:\program files\Trend Micro
2011-01-01 14:06 . 2008-04-13 16:15 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2010-12-22 05:11 . 2011-01-02 04:07 -------- d-----w- c:\documents and settings\Guest
2010-12-17 05:15 . 2010-11-06 00:26 5959168 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-12-17 05:15 . 2010-11-06 00:26 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-17 05:15 . 2010-11-06 00:26 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-12-17 05:08 . 2010-11-02 15:17 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-12-17 05:08 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 05:01 . 2010-10-11 14:59 45568 ----a-w- c:\program files\Outlook Express\wab.exe
2010-12-17 05:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-17 04:51 . 2010-12-17 04:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-14 02:25 . 2010-11-08 17:44 4290192 ----a-w- c:\windows\system32\GameMon.des
2010-12-14 02:24 . 2005-01-01 09:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-12-14 02:24 . 2003-07-17 18:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2010-12-14 02:24 . 2010-12-14 02:24 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-12-14 02:13 . 2010-12-14 02:13 -------- d-----w- C:\Game
2010-12-14 01:23 . 2010-12-14 01:23 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-14 01:13 . 2010-12-14 01:13 -------- d-----w- c:\documents and settings\HP\Local Settings\Application Data\Sunbelt Software
2010-12-14 01:03 . 2011-01-05 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-12-12 10:18 . 2010-12-12 10:18 -------- d-sh--w- c:\documents and settings\HP\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-11-18 18:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-10-28 13:13 . 2010-10-28 13:13 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2010-10-26 13:25 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 14:28 . 2010-10-13 14:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-13 14:28 . 2010-10-13 14:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-13 14:28 . 2010-10-13 14:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-13 14:28 . 2010-10-13 14:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-13 14:28 . 2010-10-13 14:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-13 14:28 . 2010-10-13 14:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-13 14:28 . 2010-10-13 14:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-13 14:28 . 2010-10-13 14:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-13 14:28 . 2010-02-11 09:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-13 14:28 . 2010-01-05 10:04 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 12:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 12:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 12:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"HP BTW Detect Program"="c:\program files\HP\HPBTWD.exe" [2009-03-30 319488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-01 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-15 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

c:\documents and settings\HP\Start Menu\Programs\Startup\
Zinio Alert Messenger.lnk - c:\system rollback data\Restore\Archive\00000011\00000001\1\Target\Program Files\Zinio Alert Messenger\Zinio Alert Messenger.exe [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [6/25/2009 3:57 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [6/25/2009 3:57 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/24/2008 10:09 PM 103792]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/13/2010 10:28 PM 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [8/10/2010 12:01 PM 54776]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [6/25/2009 3:57 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/11/2008 10:46 PM 125424]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 12:04 PM 203248]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/10/2010 10:14 AM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/10/2010 10:14 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/10/2010 10:14 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/11/2010 5:40 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/11/2010 5:39 PM 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/25/2009 3:52 PM 113664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/13/2010 10:28 PM 55840]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 5:03 AM 38912]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/13/2010 10:28 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/5/2010 6:04 PM 88544]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/5/2010 6:04 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/13/2010 10:28 PM 84264]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/31/2010 1:52 PM 18432]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [6/25/2009 3:52 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]

2011-01-11 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 04:05]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4166144268-992329058-247108149-1006Core.job
- c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-31 01:56]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4166144268-992329058-247108149-1006UA.job
- c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-31 01:56]

2011-01-09 c:\windows\Tasks\Norton Security Scan for HP.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-11 02:04]

2011-01-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 08:12]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} - hxxp://presentur.ntu.edu.sg/aculearn-id ... viewer.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 15:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-11 15:35:20
ComboFix-quarantined-files.txt 2011-01-11 07:35

Pre-Run: 86,131,941,376 bytes free
Post-Run: 86,176,284,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D2CF2DD9887D1D895E33BD468D1ADCD2
jxhypez
Regular Member
 
Posts: 23
Joined: January 2nd, 2011, 11:19 pm

Re: Default internet browswer keeps popping up tab

Unread postby askey127 » January 11th, 2011, 8:40 am

jxhypez,
-----------------------------------------------------
Let's check whether you have any other leftover infected files or settings.
This scan can take a long time (hours), but it is very thorough. Please start it when you can let it finish.
It doesn't remove anything. The report, however, is very valuable.

Run an Online Kaspersky WebScan
  • Please click here on Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Default internet browswer keeps popping up tab

Unread postby jxhypez » January 13th, 2011, 1:33 pm

I am having problems doing the virus scan from Kaspersky.

It says, "Update has failed The program could not be started. Please close the window of Kaspersky Online Scannner 7.0 and start the program again from the website of the Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is establish. [ERROR: License has expired]"

I have tried to restart the scan a few times but it always end up with this pop up.
jxhypez
Regular Member
 
Posts: 23
Joined: January 2nd, 2011, 11:19 pm

Re: Default internet browswer keeps popping up tab

Unread postby askey127 » January 13th, 2011, 2:41 pm

jxhypez,
Yes, it's kind of fussy sometimes.
Let's do this one instead.
-----------------------------------------------
Run Scan with the Eset Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Win7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Default internet browswer keeps popping up tab

Unread postby jxhypez » January 15th, 2011, 10:06 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=48f80d325a054f46be5195a3764477f8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-15 06:06:41
# local_time=2011-01-16 02:06:41 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 236493 236493 0 0
# compatibility_mode=5121 16777189 100 75 1691093 24380578 0 0
# compatibility_mode=8192 67108863 100 0 1058 1058 0 0
# scanned=89444
# found=1
# cleaned=0
# scan_time=17950
C:\Documents and Settings\HP\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
jxhypez
Regular Member
 
Posts: 23
Joined: January 2nd, 2011, 11:19 pm

Re: Default internet browswer keeps popping up tab

Unread postby askey127 » January 16th, 2011, 8:12 am

jxhypez,
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    File::
    C:\Documents and Settings\HP\My Documents\Downloads\registrybooster.exe
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Default internet browswer keeps popping up tab

Unread postby jxhypez » January 16th, 2011, 9:24 pm

ComboFix 11-01-16.02 - HP 01/17/2011 8:57.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.566 [GMT 8:00]
Running from: c:\documents and settings\HP\Desktop\zzz.exe
Command switches used :: c:\documents and settings\HP\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\HP\My Documents\Downloads\registrybooster.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP\My Documents\Downloads\registrybooster.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-17 to 2011-01-17 )))))))))))))))))))))))))))))))
.

2011-01-15 12:50 . 2011-01-15 12:50 -------- d-----w- c:\program files\ESET
2011-01-12 15:10 . 2011-01-12 15:12 -------- d-----w- c:\program files\Bonjour
2011-01-11 08:20 . 2011-01-11 08:20 -------- d-----w- c:\windows\system32\drivers\NSS
2011-01-11 08:20 . 2011-01-11 08:20 -------- d-----w- c:\program files\Norton Security Scan
2011-01-09 02:01 . 2011-01-09 02:01 -------- d-----w- C:\_OTL
2011-01-03 03:26 . 2011-01-03 03:26 388096 ----a-r- c:\documents and settings\HP\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 03:26 . 2011-01-03 03:26 -------- d-----w- c:\program files\Trend Micro
2011-01-01 14:06 . 2008-04-13 16:15 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2010-12-22 05:11 . 2011-01-11 15:10 -------- d-----w- c:\documents and settings\Guest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-14 01:23 . 2010-12-14 01:23 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-18 18:12 . 2010-11-18 18:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2010-11-09 14:52 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 17:44 . 2010-12-14 02:25 4290192 ----a-w- c:\windows\system32\GameMon.des
2010-11-06 00:26 . 2010-12-17 05:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2010-12-17 05:16 916480 ------w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2010-12-17 05:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2010-12-17 05:16 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2010-12-17 05:08 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2010-10-28 13:13 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2010-10-26 13:25 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-11_07.28.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-17 00:38 . 2011-01-17 00:38 16384 c:\windows\temp\Perflib_Perfdata_9c.dat
+ 2011-01-17 00:38 . 2011-01-17 00:38 16384 c:\windows\temp\Perflib_Perfdata_448.dat
+ 2008-06-25 01:26 . 2011-01-15 12:40 72306 c:\windows\system32\perfc009.dat
- 2008-06-25 01:26 . 2010-12-21 02:51 72306 c:\windows\system32\perfc009.dat
- 2010-07-27 10:44 . 2010-07-27 10:44 75040 c:\windows\system32\jdns_sd.dll
+ 2010-10-07 04:23 . 2010-10-07 04:23 75040 c:\windows\system32\jdns_sd.dll
- 2010-07-27 10:44 . 2010-07-27 10:44 91424 c:\windows\system32\dnssd.dll
+ 2010-10-07 04:23 . 2010-10-07 04:23 91424 c:\windows\system32\dnssd.dll
- 2011-01-09 02:54 . 2011-01-10 01:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-09 02:54 . 2011-01-17 00:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-20 01:27 . 2011-01-10 01:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-20 01:27 . 2011-01-17 00:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-01-11 15:19 . 2011-01-17 00:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-01-20 01:27 . 2011-01-10 01:32 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-15 14:44 . 2011-01-12 23:34 35088 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-08-15 14:44 . 2010-12-17 07:38 35088 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-08-15 14:44 . 2011-01-12 23:34 18704 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-08-15 14:44 . 2010-12-17 07:38 18704 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-08-15 14:44 . 2011-01-12 23:34 20240 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-08-15 14:44 . 2010-12-17 07:38 20240 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-25 01:26 . 2011-01-15 12:40 444596 c:\windows\system32\perfh009.dat
- 2008-06-25 01:26 . 2010-12-21 02:51 444596 c:\windows\system32\perfh009.dat
- 2010-07-27 10:44 . 2010-07-27 10:44 197920 c:\windows\system32\dnssdX.dll
+ 2010-10-07 04:23 . 2010-10-07 04:23 197920 c:\windows\system32\dnssdX.dll
+ 2010-10-07 04:23 . 2010-10-07 04:23 107808 c:\windows\system32\dns-sd.exe
- 2010-07-27 10:44 . 2010-07-27 10:44 107808 c:\windows\system32\dns-sd.exe
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2010-08-15 14:44 . 2010-12-17 07:38 845584 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-08-15 14:44 . 2011-01-12 23:34 845584 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe
- 2010-08-15 14:44 . 2010-12-17 07:38 217864 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\misc.exe
+ 2010-08-15 14:44 . 2011-01-12 23:34 217864 c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\misc.exe
+ 2011-01-12 15:13 . 2011-01-12 15:13 897024 c:\windows\Installer\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}\SafariIco.exe
+ 2010-10-06 23:57 . 2011-01-11 15:15 897024 c:\windows\Installer\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}\SafariIco.exe
- 2010-10-06 23:57 . 2010-10-29 19:32 897024 c:\windows\Installer\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}\SafariIco.exe
+ 2010-12-16 16:17 . 2010-12-16 16:17 3362304 c:\windows\Installer\1b61203.msp
+ 2011-01-12 15:13 . 2011-01-12 15:13 3140608 c:\windows\Installer\17e4d7.msi
+ 2011-01-12 15:12 . 2011-01-12 15:12 1984000 c:\windows\Installer\17e4c9.msi
+ 2010-02-17 03:13 . 2011-01-12 23:34 37403080 c:\windows\system32\MRT.exe
+ 2010-12-21 05:06 . 2010-12-21 05:06 11570688 c:\windows\Installer\1b611f6.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 12:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 12:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 12:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"HP BTW Detect Program"="c:\program files\HP\HPBTWD.exe" [2009-03-30 319488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-01 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-15 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

c:\documents and settings\HP\Start Menu\Programs\Startup\
Zinio Alert Messenger.lnk - c:\system rollback data\Restore\Archive\00000011\00000001\1\Target\Program Files\Zinio Alert Messenger\Zinio Alert Messenger.exe [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-7 600680]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [6/25/2009 3:57 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [6/25/2009 3:57 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/24/2008 10:09 PM 103792]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/13/2010 10:28 PM 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [8/10/2010 12:01 PM 54776]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [6/25/2009 3:57 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/11/2008 10:46 PM 125424]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 12:04 PM 203248]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/10/2010 10:14 AM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/10/2010 10:14 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/10/2010 10:14 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/11/2010 5:40 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/11/2010 5:39 PM 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/25/2009 3:52 PM 113664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/13/2010 10:28 PM 55840]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 5:03 AM 38912]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/13/2010 10:28 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/5/2010 6:04 PM 88544]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/5/2010 6:04 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/13/2010 10:28 PM 84264]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/31/2010 1:52 PM 18432]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [6/25/2009 3:52 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]

2011-01-17 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 04:05]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4166144268-992329058-247108149-1006Core.job
- c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-31 01:56]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4166144268-992329058-247108149-1006UA.job
- c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-31 01:56]

2011-01-13 c:\windows\Tasks\Norton Security Scan for HP.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-11 14:06]

2011-01-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 08:12]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} - hxxp://presentur.ntu.edu.sg/aculearn-id ... viewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-17 09:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-17 09:20:31
ComboFix-quarantined-files.txt 2011-01-17 01:20
ComboFix2.txt 2011-01-11 07:35

Pre-Run: 83,758,346,240 bytes free
Post-Run: 83,907,502,080 bytes free

- - End Of File - - 185A07A0B497E59176623052625AEFA0
jxhypez
Regular Member
 
Posts: 23
Joined: January 2nd, 2011, 11:19 pm

Re: Default internet browswer keeps popping up tab

Unread postby askey127 » January 17th, 2011, 7:54 am

jxhypez,
Looking quite good.
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 0
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 0
    
    :Files
    c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    c:\windows\Tasks\Norton Security Scan for HP.job
    c:\program files\Norton Security Scan
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Tell me how it's running
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Default internet browswer keeps popping up tab

Unread postby jxhypez » January 17th, 2011, 1:36 pm

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
========== FILES ==========
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
c:\windows\Tasks\Norton Security Scan for HP.job moved successfully.
c:\program files\Norton Security Scan\Engine\3.0.1.8 folder moved successfully.
c:\program files\Norton Security Scan\Engine folder moved successfully.
c:\program files\Norton Security Scan folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 118869501 bytes
->Temporary Internet Files folder emptied: 766603 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 16456704 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 814 bytes

User: HP
->Temp folder emptied: 410017 bytes
->Temporary Internet Files folder emptied: 2676315 bytes
->Java cache emptied: 128094 bytes
->Google Chrome cache emptied: 322682411 bytes
->Apple Safari cache emptied: 10526720 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 9345 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Shared
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 451.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.1 log created on 01182011_012057

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\hsperfdata_Guest\772 not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\fla28.tmp not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\fla36.tmp not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\fla72.tmp not found!
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\fla7E.tmp not found!

Registry entries deleted on Reboot...
jxhypez
Regular Member
 
Posts: 23
Joined: January 2nd, 2011, 11:19 pm

Re: Default internet browswer keeps popping up tab

Unread postby askey127 » January 17th, 2011, 2:19 pm

How is the machine running?
Do we need to look further for any defects?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Default internet browswer keeps popping up tab

Unread postby jxhypez » January 18th, 2011, 12:02 am

It's running fine. The main problem which i came here for doesnt seem to be a problem anymore. There hasnt been any pop up since we started doing the clean up. However, my comp does run abit slowly. But i think that's because im using a netbook.
jxhypez
Regular Member
 
Posts: 23
Joined: January 2nd, 2011, 11:19 pm

Re: Default internet browswer keeps popping up tab

Unread postby jxhypez » January 18th, 2011, 12:34 am

I don't know if this problem is related to this forum. But i will just post to ask if i can have any advice. There is smtg wrong with my sd card reader. I cannot read sd card that is inserted. this is a recent problem, so i don't know if it is a result of scanning and removing the malware.
jxhypez
Regular Member
 
Posts: 23
Joined: January 2nd, 2011, 11:19 pm

Re: Default internet browswer keeps popping up tab

Unread postby askey127 » January 18th, 2011, 7:51 am

jxhypez,
Double-click or right click the McAfee taskbar icon and open SecurityCenter.
Click Real Time Scanning
Click Real Time Scanning Settings (right) and start the real time guard.
Also start the McAfee firewall.

Tell me why you disabled the Adobe activation site.
If you downloaded a set of cracked Adobe files, that would be a major reason your computer got infected.

In any case, You should go to Start > All Programs > Accessories > System Tools > Disk defragmenter and defragment the C: Drivce.
In a netbook, this is necessary every few weeks to keep the speed up.

I don't know why your SD card reader doesn't work properly.
You could go to the manufacturer's web site , plug in your model, and see what drivers are available for download.

If you don't use the Search function on your netbook often, you can speed it up by disabling the Indexing on the C: drive, and also disabling the Indexing Service.
See the page here: http://www.malwareremoval.com/tutorials ... owly.php#5.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Default internet browswer keeps popping up tab

Unread postby jxhypez » January 20th, 2011, 12:48 am

I'm not sure what is adobe activation site. I had previously downloaded adobe photoshop using torrent but has since deleted the program.

How do i check for the model of my sd card reader? its a build in card reader.
jxhypez
Regular Member
 
Posts: 23
Joined: January 2nd, 2011, 11:19 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 20 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware