| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 71097 | 2006-07-26 10:15:00 | my FireFox!!! | Grandier (10819) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 473744 | 2006-07-26 10:15:00 | i need help from those experts out there... my internet browser is Mozilla Firefox v1.0.7 and is currently invaded by ads... here's what happen. i was peacefully browsing through pcworld.co.nz, and suddenly the browser got smaller and the ad image+link appears on the browser, replacing the current URL i am in (ie. if i press back, i go back to the previous page, which in this case, pcworld.co.nz) as far as i could remember, this problem started 2 days ago when i was scrolling through seri***.com to look for a crack and CD-key for my friend's software. several clicks later, i get this problem instead of the cd key i'm looking for. although the ad isn't really a problem, its really bugging me when i'm playing game AND writing this topic. not only it happens occasionally when the browser is on, it also happen when the browser is OFF!!! so once again i'm begging, is there any expert that can help me with this? |
Grandier (10819) | ||
| 473745 | 2006-07-26 10:31:00 | You may have picked up trojans, or spyware. Going to warez/crack sites. I would also update FF. Its up to 1.5.0.4 now, or the V2 beta. Get the file in my sig below and post the log here. |
Speedy Gonzales (78) | ||
| 473746 | 2006-07-26 10:49:00 | wow, thanks for the quick reply Speedy, i appreciate it :) anyway, i did the scan thing, and here's the log -_-_-_-_-_-_-_-_-_-_ Logfile of HijackThis v1.99.1 Scan saved at 9:45:15 p.m., on 26/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\UmVldmUgTnVyYWRp\command.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe D:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\RK Launcher\RKLauncher.exe D:\iPOD\bin\iPodService.exe D:\Program Files\ Yahoo! \WidgetEngine\YahooWidgetEngine.exe D:\Program Files\ Yahoo! \WidgetEngine\YahooWidgetEngine.exe C:\PROGRA~1\MOZILL~1\firefox.exe C:\Documents and Settings\Matthew\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe O4 - HKCU\..\Run: [urou] C:\Program Files\Common Files\urou\uroum.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\ Yahoo! \WidgetEngine\YahooWidgetEngine.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - www.creative.com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - www.creative.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\m4640ejqehoe0.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UmVldmUgTnVyYWRp\command.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\iPOD\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -_-_-_-_-_-_-_-_-_-_ |
Grandier (10819) | ||
| 473747 | 2006-07-26 11:04:00 | You've got worms and other things . Turn system restore OFF . Boot into safe mode run hijackthis again (unzip the file u downloaded first) . Tick these entries and tick fix checked . C:\WINDOWS\UmVldmUgTnVyYWRp\command . exe - This belongs to a virus C:\Program Files\Network Monitor\netmon . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar . findthewebsiteyouneed . com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar . findthewebsiteyouneed . com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar . findthewebsiteyouneed . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar . findthewebsiteyouneed . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar . findthewebsiteyouneed . com O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE . dll (file missing) O4 - HKLM\ . . \Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater . exe /S O4 - HKLM\ . . \Run: [defender] C:\\dfndref_7 . exe O4 - HKLM\ . . \Run: [keyboard] C:\\kybrdef_7 . exe O4 - HKCU\ . . \Run: [urou] C:\Program Files\Common Files\urou\uroum . exe O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\m4640ejqehoe0 . dll - delete this file in safe mode . O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32 . dll - delete this file in safe mode . O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UmVldmUgTnVyYWRp\command . exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon . exe I would also get this ( . simplysup . com/tremover/download . html" target="_blank">www . simplysup . com) install it, update it click on scan, then select the 3rd-7th option under the utilities menu . I would also get Stinger ( . nai . com/vil/stinger/" target="_blank">vil . nai . com) and run it after . And I suggest u stay away from warez/crack sites . |
Speedy Gonzales (78) | ||
| 473748 | 2006-07-26 11:29:00 | No harm in reinstalling your Firefox as well. :thumbs: Cheers :) |
Renmoo (66) | ||
| 473749 | 2006-07-26 14:57:00 | [edit: post removed] [edit: please do not give advice on how to get keygens or other illegal stuff from downloaded files. PressF1 does not encourage piracy] |
hamstar (4) | ||
| 473750 | 2006-07-27 07:36:00 | ok, thanks Speedy, u've been a great help . the virus threat had been eliminated however, the ad problem is still occassionally keep on going . i just thought up a possible solution, which is creating a new account, and use that one until the next time i format my computer . i wonder if that would work? anyway, if u had a solution to this ad problem, then thanks a bunch once again |
Grandier (10819) | ||
| 473751 | 2006-07-27 07:43:00 | Get Spybot (www.spybot.info) Download the program and the detection updates. Install it then the updates then scan. |
Speedy Gonzales (78) | ||
| 473752 | 2006-07-27 11:03:00 | well now the ad shows up less than before. thanks speedy. its still pops up, but not as frequent as before. | Grandier (10819) | ||
| 473753 | 2006-07-27 11:07:00 | Take a snapshot of this ad. And paste it into a graphics program, if u have 1. Post it here (www.imagef1.net.nz) and post the link it gives u back here. Get this (http://www.ccleaner.com) as well and it'll get rid of the crap on your hdd. |
Speedy Gonzales (78) | ||
| 1 2 | |||||