Main site > MoneySavingExpert.com Forums > Household & Travel > Techie Stuff > hijack this log - malicious url blocked (Page 1)

IMPORTANT! This is MoneySavingExpert's open forum - anyone can post

Please exercise caution & report any spam, illegal, offensive, racist, libellous post to forumteam@moneysavingexpert.com

  • Be nice to all MoneySavers
  • All the best tips go in the MoneySavingExpert weekly email

    Plus all the new guides, deals & loopholes

  • No spam/referral links
or Login with Facebook
hijack this log - malicious url blocked
Closed Thread
Views: 617
Thread Tools Search this Thread Display Modes
# 1
newnhak
Old 24-10-2012, 8:48 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default hijack this log - malicious url blocked

Hi

I am getting a avast warning telling me it has blocked a URL everytime I use Firefox. I am not sure how to get rid. I have scanned with HijackThis. Can someone take a look and give me some pointers as to what to do.
I ran Malware as well and it didnt find anything
Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:30, on 24/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\vVX6000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wusa.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\C heckSURPackage.EXE
c:\f02c2be91897537883\checksurlauncher.exe
c:\f02c2be91897537883\CheckSUR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?sou...B8E950882F68BC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 8425 bytes
newnhak is offline
Report Post
# 2
waddler_8
Old 24-10-2012, 8:51 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,564
Default

HijackThis is dated.

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:
  • Double click DDS to run it.
  • When it's finished, DDS will open two logs:
  1. DDS.txt
  2. Attach.txt

Save both reports to your desktop.

Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
waddler_8 is offline
Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 3
newnhak
Old 24-10-2012, 9:10 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default

Thanks Waddler_8 - logs to follow

Karen
newnhak is offline
Report Post
# 4
newnhak
Old 24-10-2012, 9:11 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Karen at 21:08:26 on 2012-10-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1027 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\vVX6000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wusa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb& v=2_2&u=5C47D202D32D105030B8E950882F68BC
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Nectar Search Toolbar BHO: {B7C2F0D8-2209-4693-A15D-5A537211D48B} - c:\program files\nectar search toolbar\Toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - c:\program files\nectar search toolbar\Toolbar.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - c:\program files\nectar search toolbar\Toolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{6E195AAC-ED02-483C-B981-1E360F273603} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\pro files\fshwfymj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb& v=2_2&u=5C47D202D32D105030B8E950882F68BC
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components \qfaservices.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_40 2_287.dll
FF - ExtSQL: 2012-10-10 20:52; {da8bd68d-8e90-41cd-8345-a71b294e72e6}; c:\users\karen\appdata\roaming\mozilla\firefox\pro files\fshwfymj.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
FF - ExtSQL: 2012-10-24 19:12; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\karen\appdata\roaming\mozilla\firefox\pro files\fshwfymj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2009-09-03 08:31; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [2011-11-25 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-25 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2011-11-25 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-11-25 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-25 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-24 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-25 676936]
R2 MSSQL$EONENERGYFIT;SQL Server (EONENERGYFIT);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-11-25 22856]
R3 SysMouseFilterF3;SysMouseFilterF3;c:\windows\syste m32\drivers\SysMouseFilterF3.sys [2008-10-28 19448]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-1-29 2074480]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-3 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2012-4-17 250808]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r.sys [2011-11-26 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-3 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 115168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-10-24 19:38:44 -------- d-----w- c:\windows\CheckSur
2012-10-24 18:38:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{35469fe8-4189-436b-9554-61a9bf0c1660}\offreg.dll
2012-10-24 18:18:15 -------- d-----w- c:\users\karen\appdata\roaming\LavasoftStatistics
2012-10-24 18:13:13 -------- d-----w- c:\users\karen\appdata\local\Downloaded Installations
2012-10-10 20:20:31 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 20:20:31 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 20:20:31 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 20:20:24 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 20:20:21 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 20:20:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 20:20:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2012-10-10 16:10:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 16:10:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 21:09:12.13 ===============
newnhak is offline
Report Post
# 5
waddler_8
Old 24-10-2012, 9:12 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,564
Default

Whilst I take a look at that, is it just Firefox or are other browsers affected too?
waddler_8 is offline
Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 6
newnhak
Old 24-10-2012, 9:23 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default

Hi

I dont appear to have a problem in IE9
newnhak is offline
Report Post
# 7
closed
Old 24-10-2012, 9:33 PM
Deliciously Dedicated Diehard MoneySaving Devotee
 
Join Date: Jul 2009
Posts: 10,825
Default

which url???

uninstall fastbrowsersearch

change the homepage and search engine
!! ------> . !!!! ----> .

Last edited by closed; 24-10-2012 at 9:38 PM.
closed is offline
Report Post
The Following User Says Thank You to closed For This Useful Post: Show me >>
# 8
newnhak
Old 24-10-2012, 9:43 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default

Hi closed

It appears to be picking up all sorts of URLs.
Sorry I am not sure how to uninstall fastbrowsersearch
newnhak is offline
Report Post
# 9
waddler_8
Old 24-10-2012, 9:49 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,564
Default

Upload this file to Virustotal

https://www.virustotal.com/

Code:
c:\users\karen\appdata\roaming\mozilla\firefox\profiles\fshwfymj.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
Click on choose file and copy/paste all of the above into the file name field of the file open dialogue box that will open, then click open

Then on the virustotal page, click scan it!
waddler_8 is offline
Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 10
closed
Old 24-10-2012, 9:54 PM
Deliciously Dedicated Diehard MoneySaving Devotee
 
Join Date: Jul 2009
Posts: 10,825
Default

http://help.fastbrowsersearch.com/uninstall.aspx

or backup your bookmarks, uninstall firefox, delete firefox profile, reinstall firefox, reload bookmarks
!! ------> . !!!! ----> .
closed is offline
Report Post
The Following User Says Thank You to closed For This Useful Post: Show me >>
# 11
newnhak
Old 24-10-2012, 9:59 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default

Hi
Did this but it didnt come up with much. No results against any of the scans
. The other file in that folder did come up with something 'Adware.FreeCause.2'
K

Last edited by newnhak; 24-10-2012 at 10:07 PM.
newnhak is offline
Report Post
# 12
newnhak
Old 24-10-2012, 10:02 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default

hi closed

Fastbrowsersearch doesn appear in my extensions list
newnhak is offline
Report Post
# 13
closed
Old 24-10-2012, 10:10 PM
Deliciously Dedicated Diehard MoneySaving Devotee
 
Join Date: Jul 2009
Posts: 10,825
Default

can you give examples of the urls.

does avast alert as soon as you launch firefox, or when you search, or click on search results?
!! ------> . !!!! ----> .
closed is offline
Report Post
The Following User Says Thank You to closed For This Useful Post: Show me >>
# 14
waddler_8
Old 25-10-2012, 8:01 AM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,564
Default

Quote:
Originally Posted by newnhak View Post
Hi
Did this but it didnt come up with much. No results against any of the scans
. The other file in that folder did come up with something 'Adware.FreeCause.2'
K
Can you post a link to te virustotal reports?

Which was the other - This one?
Quote:
FF - ExtSQL: 2012-10-24 19:12; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\karen\appdata\roaming\mozilla\firefox\pro files\fshwfymj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Redirections in firefox are usually the fault of a malicious extension. I'm thinking it's one of the two .xpi files.

Start firefox in it's own safe mode without extensions and see if Avast still warns of malicious url's.

http://support.mozilla.org/en-US/kb/...x-in-safe-mode
waddler_8 is offline
Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 15
newnhak
Old 25-10-2012, 6:32 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default

Hi

Analysis below

https://www.virustotal.com/file/8a88...93a0/analysis/
https://www.virustotal.com/file/0095...40d2/analysis/

Interestingly I have no problem today in either normal mode or safe mode. Not sure what has changed as I haven't used the PC all day!

Last edited by newnhak; 25-10-2012 at 6:35 PM.
newnhak is offline
Report Post
# 16
waddler_8
Old 25-10-2012, 7:37 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,564
Default

This one: https://www.virustotal.com/file/8a88...93a0/analysis/
Quote:
Adware.FreeCause.2
...relates to your Nectar toolbar.
Quote:
BHO: Nectar Search Toolbar BHO: {B7C2F0D8-2209-4693-A15D-5A537211D48B} - c:\program files\nectar search toolbar\Toolbar.dll

TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - c:\program files\nectar search toolbar\Toolbar.dll
Seems like there was a problem yesterday after an Avast update - looks like they've corrected it now. There were a few reporting the same issue on the Avast forums.

http://forum.avast.com/index.php?topic=107662.0
http://forum.avast.com/index.php?topic=107620.0
waddler_8 is offline
Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 17
newnhak
Old 25-10-2012, 8:59 PM
MoneySaving Stalwart
 
Join Date: Feb 2005
Posts: 467
Default

Thanks for all the help
newnhak is offline
Report Post
# 18
waddler_8
Old 25-10-2012, 9:24 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,564
Thumbs up

No problem. You can delete DDS & it's logfiles now.
waddler_8 is offline
Report Post
Closed Thread

Bookmarks
 
 




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

 Forum Jump  

Contact Us - MoneySavingExpert.com - Archive - Privacy Statement - Top

Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

All times are GMT. The time now is 7:45 AM.

 Forum Jump  

Free MoneySaving Email

Top deals: Week of 26 November 2014

Get all this & more in MoneySavingExpert's weekly email full of guides, vouchers and Deals

GET THIS FREE WEEKLY EMAIL Full of deals, guides & it's spam free

Latest News & Blogs

Martin's Twitter Feed

profile
  • Is what's app going to be made responsible for all communications on it too? And BT?
  • As someone who runs one of the UKs big social networks (MSE forum) I find the call to monitor every post & PM bizarre & counter legal advice
  • RT @theGeoffMcQ: I follow some City fans who like to use extra letters when they're happy... Hi! @AllyFogg @MartinSLewis @HelenHobday http:?

Cheap Travel Money

Find the best online rate for holiday cash with MSE's TravelMoneyMax.

Find the best online rate for your holiday cash with MoneySavingExpert's TravelMoneyMax.

MSE's Twitter Feed

profile
Always remember anyone can post on the MSE forums, so it can be very different from our opinion.
We use Skimlinks and other affiliated links in some of our boards, for some of our users.