Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    newnhak
    hijack this log - malicious url blocked
    • #1
    • 24th Oct 12, 8:48 PM
    hijack this log - malicious url blocked 24th Oct 12 at 8:48 PM
    Hi

    I am getting a avast warning telling me it has blocked a URL everytime I use Firefox. I am not sure how to get rid. I have scanned with HijackThis. Can someone take a look and give me some pointers as to what to do.
    I ran Malware as well and it didnt find anything
    Thanks

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:45:30, on 24/10/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\vVX6000.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wusa.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SoftwareDistribution\Download\Install\C heckSURPackage.EXE
    c:\f02c2be91897537883\checksurlauncher.exe
    c:\f02c2be91897537883\CheckSUR.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb& v=2_2&u=5C47D202D32D105030B8E950882F68BC
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

    --
    End of file - 8425 bytes
Page 1
  • waddler_8
    • #2
    • 24th Oct 12, 8:51 PM
    • #2
    • 24th Oct 12, 8:51 PM
    HijackThis is dated.

    Download DDS from the link below and save it to your desktop:

    Link

    After you've downloaded it and saved it to your desktop:
    • Double click DDS to run it.
    • When it's finished, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt

    Save both reports to your desktop.

    Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
  • newnhak
    • #3
    • 24th Oct 12, 9:10 PM
    • #3
    • 24th Oct 12, 9:10 PM
    Thanks Waddler_8 - logs to follow

    Karen
  • newnhak
    • #4
    • 24th Oct 12, 9:11 PM
    • #4
    • 24th Oct 12, 9:11 PM
    DDS (Ver_2012-10-19.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Run by Karen at 21:08:26 on 2012-10-24
    Microsoft Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3060.1027 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\vVX6000.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wusa.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb& v=2_2&u=5C47D202D32D105030B8E950882F68BC
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uSearch Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Nectar Search Toolbar BHO: {B7C2F0D8-2209-4693-A15D-5A537211D48B} - c:\program files\nectar search toolbar\Toolbar.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - c:\program files\nectar search toolbar\Toolbar.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - c:\program files\nectar search toolbar\Toolbar.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [VX6000] c:\windows\vVX6000.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{6E195AAC-ED02-483C-B981-1E360F273603} : DHCPNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\pro files\fshwfymj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
    FF - prefs.js: browser.search.selectedEngine - blekko
    FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb& v=2_2&u=5C47D202D32D105030B8E950882F68BC
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
    FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components \qfaservices.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_40 2_287.dll
    FF - ExtSQL: 2012-10-10 20:52; {da8bd68d-8e90-41cd-8345-a71b294e72e6}; c:\users\karen\appdata\roaming\mozilla\firefox\pro files\fshwfymj.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
    FF - ExtSQL: 2012-10-24 19:12; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\karen\appdata\roaming\mozilla\firefox\pro files\fshwfymj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    FF - ExtSQL: !HIDDEN! 2009-09-03 08:31; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [2011-11-25 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-25 355632]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2011-11-25 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-11-25 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-25 44808]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-24 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-25 676936]
    R2 MSSQL$EONENERGYFIT;SQL Server (EONENERGYFIT);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-11-25 22856]
    R3 SysMouseFilterF3;SysMouseFilterF3;c:\windows\syste m32\drivers\SysMouseFilterF3.sys [2008-10-28 19448]
    R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-1-29 2074480]
    S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-3 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2012-4-17 250808]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r.sys [2011-11-26 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-3 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 115168]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-10-24 19:38:44 -------- d-----w- c:\windows\CheckSur
    2012-10-24 18:38:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{35469fe8-4189-436b-9554-61a9bf0c1660}\offreg.dll
    2012-10-24 18:18:15 -------- d-----w- c:\users\karen\appdata\roaming\LavasoftStatistics
    2012-10-24 18:13:13 -------- d-----w- c:\users\karen\appdata\local\Downloaded Installations
    2012-10-10 20:20:31 985088 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 20:20:31 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 20:20:31 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 20:20:24 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-10-10 20:20:21 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-10 20:20:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-10-10 20:20:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    ==================== Find3M ====================
    .
    2012-10-10 16:10:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-10 16:10:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
    .
    ============= FINISH: 21:09:12.13 ===============
  • waddler_8
    • #5
    • 24th Oct 12, 9:12 PM
    • #5
    • 24th Oct 12, 9:12 PM
    Whilst I take a look at that, is it just Firefox or are other browsers affected too?
  • newnhak
    • #6
    • 24th Oct 12, 9:23 PM
    • #6
    • 24th Oct 12, 9:23 PM
    Hi

    I dont appear to have a problem in IE9
  • closed
    • #7
    • 24th Oct 12, 9:33 PM
    • #7
    • 24th Oct 12, 9:33 PM
    which url???

    uninstall fastbrowsersearch

    change the homepage and search engine
    Last edited by closed; 24-10-2012 at 9:38 PM.
    !! ------> . !!!! ----> .
  • newnhak
    • #8
    • 24th Oct 12, 9:43 PM
    • #8
    • 24th Oct 12, 9:43 PM
    Hi closed

    It appears to be picking up all sorts of URLs.
    Sorry I am not sure how to uninstall fastbrowsersearch
  • waddler_8
    • #9
    • 24th Oct 12, 9:49 PM
    • #9
    • 24th Oct 12, 9:49 PM
    Upload this file to Virustotal

    https://www.virustotal.com/

    Code:
    c:\users\karen\appdata\roaming\mozilla\firefox\profiles\fshwfymj.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
    Click on choose file and copy/paste all of the above into the file name field of the file open dialogue box that will open, then click open

    Then on the virustotal page, click scan it!
  • closed
    http://help.fastbrowsersearch.com/uninstall.aspx

    or backup your bookmarks, uninstall firefox, delete firefox profile, reinstall firefox, reload bookmarks
    !! ------> . !!!! ----> .
  • newnhak
    Hi
    Did this but it didnt come up with much. No results against any of the scans
    . The other file in that folder did come up with something 'Adware.FreeCause.2'
    K
    Last edited by newnhak; 24-10-2012 at 10:07 PM.
  • newnhak
    hi closed

    Fastbrowsersearch doesn appear in my extensions list
  • closed
    can you give examples of the urls.

    does avast alert as soon as you launch firefox, or when you search, or click on search results?
    !! ------> . !!!! ----> .
  • waddler_8
    Hi
    Did this but it didnt come up with much. No results against any of the scans
    . The other file in that folder did come up with something 'Adware.FreeCause.2'
    K
    Originally posted by newnhak
    Can you post a link to te virustotal reports?

    Which was the other - This one?
    FF - ExtSQL: 2012-10-24 19:12; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\karen\appdata\roaming\mozilla\firefox\pro files\fshwfymj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    Redirections in firefox are usually the fault of a malicious extension. I'm thinking it's one of the two .xpi files.

    Start firefox in it's own safe mode without extensions and see if Avast still warns of malicious url's.

    http://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems#w_3-restart-firefox-in-safe-mode
  • newnhak
    Hi

    Analysis below

    https://www.virustotal.com/file/8a88a8d5e1336a31cd7a45febe1288219fa71a9ed954a1a720 5d8e2886e593a0/analysis/
    https://www.virustotal.com/file/0095625a4cbcfc15404a9c9cc0e6a704bce77d487cd78d472f 83ef5e771740d2/analysis/

    Interestingly I have no problem today in either normal mode or safe mode. Not sure what has changed as I haven't used the PC all day!
    Last edited by newnhak; 25-10-2012 at 6:35 PM.
  • waddler_8
    This one: https://www.virustotal.com/file/8a88a8d5e1336a31cd7a45febe1288219fa71a9ed954a1a720 5d8e2886e593a0/analysis/
    Adware.FreeCause.2
    ...relates to your Nectar toolbar.
    BHO: Nectar Search Toolbar BHO: {B7C2F0D8-2209-4693-A15D-5A537211D48B} - c:\program files\nectar search toolbar\Toolbar.dll

    TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - c:\program files\nectar search toolbar\Toolbar.dll
    Seems like there was a problem yesterday after an Avast update - looks like they've corrected it now. There were a few reporting the same issue on the Avast forums.

    http://forum.avast.com/index.php?topic=107662.0
    http://forum.avast.com/index.php?topic=107620.0
  • newnhak
    Thanks for all the help
  • waddler_8
    No problem. You can delete DDS & it's logfiles now.
Welcome to our new Forum!

Our aim's to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

4,222Posts Today

9,363Users online

Martin's Twitter
  • On train home from Birmingham. Had dinner by the canal there this evening. Lovely area, very sunny and picturesque.

  • Fantastic run by new UK star Zharnell Hughes in @BritAthletics #BritishChamps 200m.I was v proud to present the medal http://t.co/sSSXpM1SBZ

  • Ok a wee bit chuffed. Just been asked if I'd like to present a medal at #Britishchamps, someone is now missing a hand as I bit it off!

  • Follow Martin