Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tabs in Firefox appearing with gibberish URL


  • This topic is locked This topic is locked
3 replies to this topic

#1 bodkin

bodkin

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 01 December 2009 - 06:53 PM

I believe my problem is pretty similar to the problem posted by this user (pretty new problem):
http://www.bleepingcomputer.com/forums/t/275535/multiple-internet-explorer-cannot-find-http-gibberish-errors/

Using Firefox, I will create a new tab, click my homepage button, my google homepage loads, but then when I'm typing in the search box another tab pops up with the url: hxxp://xn--i-dda0ypa30g.../

Tabs with this URL will keep popping up in new tabs randomly as I type.

I was experiencing a similar problem with Internet Explorer, with the same gibberish URL in an error box popping up.

After running spybot and fixing some errors (I've attached a log), I can't get IE to create the problem again. Firefox still shows the problem.

Thank you for any help you can provide.


DDS (Ver_09-12-01.01) - NTFSx86
Run by rheitman at 15:26:21.79 on 12/01/09
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.295 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ClamWin\bin\OlAddin.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\UltraVNC\vncviewer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rheitman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\rheitman\startm~1\programs\startup\E-mail.lnk -
StartupFolder: c:\docume~1\rheitman\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\rheitman\startm~1\programs\startup\x-mous~1.lnk - c:\program files\highresolution enterprises\x-mouse button control\XMouseButtonControl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238528141586
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {2042C2C7-94DD-46DC-AC4A-7457B2940007} = 192.168.1.8,192.168.1.2,192.168.1.13,192.168.1.34
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.48.100 glaraj
Hosts: 192.168.48.106 roseanne
Hosts: 192.168.48.107 tracy
Hosts: 192.168.48.110 gloria

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rheitman\applic~1\mozilla\firefox\profiles\0odoe5gb.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\documents and settings\rheitman\application data\mozilla\firefox\profiles\0odoe5gb.default\extensions\{a2049def-a235-488f-878c-b41f8071fa9c}\components\BossKey.dll
FF - plugin: c:\documents and settings\rheitman\application data\mozilla\firefox\profiles\0odoe5gb.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-8-21 6016]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2008-10-8 10304]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 FileMonService;FileMonService;c:\program files\mckesson direct\FileMonService.exe [2008-9-10 49152]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 ivusb;Initio Driver for 1530 USB Default Controller;c:\windows\system32\drivers\ivusb_x86.sys --> c:\windows\system32\drivers\ivusb_x86.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]

============== File Associations ===============

txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1"

=============== Created Last 30 ================

2009-11-25 20:41:09 143360 ----a-w- c:\windows\jre620.exe
2009-11-23 22:22:02 143360 ----a-w- c:\windows\jre611.exe
2009-11-21 00:32:04 32009 ----a-w- c:\windows\system32\winsurm.dat
2009-11-21 00:32:04 1904 ----a-w- c:\windows\system32\expscvzw.dat
2009-11-21 00:32:04 0 ----a-w- c:\windows\system32\kbdburyz.dat
2009-11-20 21:41:26 3752 ----a-w- c:\windows\system32\MFC7DESP.dat
2009-11-20 21:41:26 315 ----a-w- c:\windows\system32\d3diA700.dat
2009-11-20 21:41:26 2134 ----a-w- c:\windows\system32\HPBMINRY.dat
2009-11-20 21:41:26 0 ----a-w- c:\windows\system32\p2pQ.dat
2009-11-18 22:01:21 0 d-----w- c:\program files\WinDjView

==================== Find3M ====================

2009-11-26 15:11:24 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 19:38:53 726008 ----a-w- c:\documents and settings\rheitman\gotomypc_438.exe
2009-09-17 16:47:05 721912 ----a-w- c:\documents and settings\rheitman\gotomypc_428.exe
2007-06-07 23:34:10 88 --sh--r- c:\windows\system32\325116C597.sys
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-06-07 23:35:37 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 15:28:17.22 ===============

Attached Files


Edited by Orange Blossom, 01 December 2009 - 10:12 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 bodkin

bodkin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 02 December 2009 - 11:49 AM

I've noticed some more strange behavior in my Fixfox that appears related to this problem.

I currently use the addon NoScript to block javascripts.

Right now I have google.com on my whitelist, but when I add google.com to my blacklist, search for something, and click on a link, I get a page that is a redirect to hxxp://regshareware.com/search.php with a link that I dare not click.

Hopefully this will help some.

Thank you.

#3 bodkin

bodkin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 03 December 2009 - 11:58 AM

This problem is now fixed. Following the advice of the mozilla bug community, I ran ComboFix and now the problem is resolved. This thread can be closed now.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:39 PM

Posted 15 December 2009 - 06:19 AM

Topic closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users