Firefox opens random pages (added dds log)
Hi,
since today firefox opens random pages while trying to open google's results.
I've already tried several things before I found this forum. Right now, my problem seems to be gone but of course I don't know that for sure. Anyway I hope I haven't done anything wrong by just running different programs.
Here is what I have done:
1) Used MS Security Essentials.
2) Used Malwarebytes' Anti-Malware (Full Scan)
3) Used Otl with some Custom Code I found in this forum. Maybe not the best idea...
4) Right now I'm running GMER. I've just cancelled the scan.
I would appreciate it a lot if someone could help me bringing some system (and knowledge) into what I'm doing here. I already thought about formatting, but this doesn't seem to be the best way right now...
Here is the DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Besitzer at 20:03:18,65 on 08.04.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.170 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\nvraidservice.exe
svchost.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\RALINK\Common\RaUI.exe
C:\Programme\Dropbox\Dropbox.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\programme\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\programme\hotspot shield\hssie\HssIE.dll
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [NVRaidService] "c:\windows\system32\nvraidservice.exe"
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\besitzer\startm~1\progra~1\autost~1\dropbox.lnk - c:\programme\dropbox\Dropbox.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\ralink~1.lnk - c:\programme\ralink\common\RaUI.exe
IE: &Download by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249733233125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
IFEO: googleearth.exe - "c:\programme\tuneup utilities 2011\TUAutoReactivator32.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokume~1\besitzer\anwend~1\mozilla\firefox\profiles\qjcg67o0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\qjcg67o0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\dokumente und einstellungen\besitzer\anwendungsdaten\mozilla\firefox\profiles\qjcg67o0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\programme\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\dokumente und einstellungen\besitzer\lokale einstellungen\anwendungsdaten\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programme\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\programme\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programme\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\google\update\1.2.183.7\npGoogleOneClick8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programme\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-24 47640]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2009-7-9 34304]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-6 218688]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S1 MpKsl12b9258c;MpKsl12b9258c;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b91aeede-5022-4c63-8de6-ca2443699ae7}\mpksl12b9258c.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b91aeede-5022-4c63-8de6-ca2443699ae7}\MpKsl12b9258c.sys [?]
S1 MpKsl1ca42619;MpKsl1ca42619;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{2b5102d8-a168-4186-b694-e4066fcc72ab}\mpksl1ca42619.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{2b5102d8-a168-4186-b694-e4066fcc72ab}\MpKsl1ca42619.sys [?]
S1 MpKsl28b7528a;MpKsl28b7528a;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bfee04c5-f2a0-48f7-8be9-cd81c5e1a1a6}\mpksl28b7528a.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bfee04c5-f2a0-48f7-8be9-cd81c5e1a1a6}\MpKsl28b7528a.sys [?]
S1 MpKsl581ccb4d;MpKsl581ccb4d;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b91aeede-5022-4c63-8de6-ca2443699ae7}\mpksl581ccb4d.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b91aeede-5022-4c63-8de6-ca2443699ae7}\MpKsl581ccb4d.sys [?]
S1 MpKslb5a08d0f;MpKslb5a08d0f;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{012f67bb-0e32-40d7-bab6-ca817b7e676b}\mpkslb5a08d0f.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{012f67bb-0e32-40d7-bab6-ca817b7e676b}\MpKslb5a08d0f.sys [?]
S1 MpKslc199fa06;MpKslc199fa06;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{012f67bb-0e32-40d7-bab6-ca817b7e676b}\mpkslc199fa06.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{012f67bb-0e32-40d7-bab6-ca817b7e676b}\MpKslc199fa06.sys [?]
S1 MpKsle1b7d25c;MpKsle1b7d25c;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b91aeede-5022-4c63-8de6-ca2443699ae7}\mpksle1b7d25c.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b91aeede-5022-4c63-8de6-ca2443699ae7}\MpKsle1b7d25c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\gemeinsame dateien\creative labs shared\service\CTAELicensing.exe [2011-2-5 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate1c985708702798c;Google Update Service (gupdate1c985708702798c);c:\programme\google\update\GoogleUpdate.exe [2009-2-2 133104]
S4 HssWd;Hotspot Shield Monitoring Service;c:\programme\hotspot shield\bin\hsswd.exe -product hss --> c:\programme\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\programme\logmein\x86\LMIGuardianSvc.exe [2010-9-16 374152]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-04-08 12:10:26 -------- d-----w- c:\dokume~1\besitzer\anwend~1\Malwarebytes
2011-04-08 12:10:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-08 12:10:12 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2011-04-08 12:10:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-08 12:10:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-04-08 10:02:03 0 ----a-w- c:\windows\Kcenol.bin
2011-04-08 10:02:02 -------- d-----w- c:\dokume~1\besitzer\lokale~1\anwend~1\{830E392E-075A-485C-A920-6A81FD1DE32F}
2011-04-03 19:30:56 6792528 ----a-w- c:\dokume~1\alluse~1\anwend~1\microsoft\microsoft antimalware\definition updates\{bfee04c5-f2a0-48f7-8be9-cd81c5e1a1a6}\mpengine.dll
2011-04-02 13:57:56 142296 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2011-04-02 13:57:55 781272 ----a-w- c:\programme\mozilla firefox\mozsqlite3.dll
2011-04-02 13:57:55 728024 ----a-w- c:\programme\mozilla firefox\libGLESv2.dll
2011-04-02 13:57:55 1975768 ----a-w- c:\programme\mozilla firefox\D3DCompiler_42.dll
2011-04-02 13:57:55 1893336 ----a-w- c:\programme\mozilla firefox\d3dx9_42.dll
2011-04-02 13:57:55 1874904 ----a-w- c:\programme\mozilla firefox\mozjs.dll
2011-04-02 13:57:55 15832 ----a-w- c:\programme\mozilla firefox\mozalloc.dll
2011-04-02 13:57:55 142296 ----a-w- c:\programme\mozilla firefox\libEGL.dll
2011-03-16 17:43:21 -------- d-----w- c:\dokume~1\besitzer\lokale~1\anwend~1\Identities
.
==================== Find3M ====================
.
2011-02-04 23:00:07 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-04 23:00:07 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:03:57,26 ===============
