Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mystart toolbar


  • This topic is locked This topic is locked
8 replies to this topic

#1 Crashoveride420

Crashoveride420

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:27 AM

Posted 15 February 2012 - 01:50 PM

Here is the logs from my previous post. again I am having trouble removing mystart search for some reason. Thanks for taking the time to help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by steven at 13:14:42 on 2012-02-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.954.326 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\WinFLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb115?a=6R8jLYoGn0&i=26
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WinFLTray] c:\windows\system32\WinFLTray.exe
uRun: [Google Update] "c:\documents and settings\steven\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [StickyPassword] c:\program files\sticky password\stpass.exe
uRun: [FLBackup] c:\program files\newsoftware's\folder lock\FLComServCtrl.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\steven\startm~1\programs\startup\kremli~1.lnk - c:\program files\mach5 software\kremlin\Kremlin Sentry.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B4F71B0E-7F89-4C9B-80D7-072BB697703B} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: schannel.dll, credssp.dll, digest.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steven\application data\mozilla\firefox\profiles\mufmn07r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb115/?loc=IB_DS&a=6R8jLYoGn0&&i=26&search=
FF - plugin: c:\documents and settings\steven\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\sticky password\npSPAutofill.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8jLYoGn0&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 70daf26e00000000000000ff95e69075
FF - user.js: extensions.incredibar_i.hardId - 70daf26e00000000000000ff95e69075
FF - user.js: extensions.incredibar_i.instlDay - 15383
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2723:19:38
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8jLYoGn0
FF - user.js: extensions.incredibar_i.upn2n - 92823840945612570
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-9-14 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-9-14 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-9-14 13616]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsldf127e18;MpKsldf127e18;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b89e0c11-c061-4187-9269-9954c6bc1c3f}\MpKsldf127e18.sys [2012-2-14 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2012-2-1 29584]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 FLService;FLService;c:\windows\system32\WinFLService.exe [2012-2-1 91736]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-28 652360]
R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [2012-2-1 188176]
R2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2012-2-1 228112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-28 20464]
RUnknown MpKsl522becb7;MpKsl522becb7; [x]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2012-1-29 2430128]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-2-6 24064]
.
=============== Created Last 30 ================
.
2012-02-15 05:41:19 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b89e0c11-c061-4187-9269-9954c6bc1c3f}\MpKsldf127e18.sys
2012-02-15 05:12:55 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b89e0c11-c061-4187-9269-9954c6bc1c3f}\mpengine.dll
2012-02-15 01:18:46 -------- d-----w- c:\windows\system32\appmgmt
2012-02-13 05:18:56 -------- d-----w- c:\program files\RAR Password Cracker
2012-02-11 06:31:13 -------- d-----w- C:\pq
2012-02-11 06:06:18 -------- d-----w- C:\PQ4
2012-02-11 04:02:25 -------- d-----w- c:\documents and settings\steven\local settings\application data\Microsoft Help
2012-02-11 03:07:06 -------- d-----w- C:\jtr
2012-02-10 23:39:58 92208 ----a-w- c:\windows\system\WING.DLL
2012-02-10 23:39:58 91952 ----a-w- c:\windows\system\WINGBUG.EXE
2012-02-10 23:39:58 6736 ----a-w- c:\windows\system\WINGDIB.DRV
2012-02-10 23:39:58 27136 ----a-w- c:\windows\system\WAVMIX16.DLL
2012-02-10 23:39:58 188960 ----a-w- c:\windows\system\WINGDE.DLL
2012-02-10 23:39:58 12800 ----a-w- c:\windows\system\WING32.DLL
2012-02-10 23:39:58 -------- d-----w- C:\GAMES
2012-02-10 23:39:58 -------- d-----w- c:\documents and settings\steven\WINDOWS
2012-02-10 23:08:12 -------- d-----w- C:\cc
2012-02-10 21:58:10 -------- d-----w- C:\Blue Force
2012-02-10 21:21:36 -------- d-----w- C:\madw
2012-02-10 21:20:54 -------- d-----w- C:\mad
2012-02-10 21:12:17 -------- d-----w- C:\jb
2012-02-10 21:12:11 -------- d-----w- C:\bond
2012-02-10 21:10:28 -------- d-----w- c:\documents and settings\steven\local settings\application data\DOSBox
2012-02-10 21:09:40 -------- d-----w- c:\program files\DOSBox-0.74
2012-02-08 19:09:23 -------- d-----w- c:\windows\system32\NtmsData
2012-02-08 04:18:08 -------- d-----w- c:\program files\RegScrubXP
2012-02-07 06:54:23 -------- d-----w- c:\windows\pss
2012-02-07 04:48:50 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-02-07 04:48:33 637464 ----a-w- c:\windows\system32\igfxcfg.exe
2012-02-07 04:48:33 2027520 ----a-w- c:\windows\system32\ig4dev32.dll
2012-02-07 04:48:32 170520 ----a-w- c:\windows\system32\igfxzoom.exe
2012-02-07 04:48:30 147456 ----a-w- c:\windows\system32\igfxCoIn_v4964.dll
2012-02-07 04:48:29 270336 ----a-w- c:\windows\system32\igfxresp.lrc
2012-02-07 04:48:18 920088 ----a-w- c:\windows\system32\igxpun.exe
2012-02-06 22:50:17 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-02-06 17:39:50 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-02-06 02:58:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-06 02:55:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-05 23:06:59 388096 ----a-r- c:\documents and settings\steven\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-05 23:06:58 -------- d-----w- c:\program files\Trend Micro
2012-02-05 07:14:34 -------- d-----w- c:\documents and settings\steven\application data\Airytec
2012-02-05 07:09:38 -------- d-----w- c:\program files\Airytec
2012-02-05 06:53:15 -------- d-----w- c:\documents and settings\steven\local settings\application data\Mozilla
2012-02-04 23:24:46 -------- d-----w- c:\documents and settings\steven\application data\SUPERAntiSpyware.com
2012-02-04 23:23:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-04 23:23:43 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-02-03 19:42:11 -------- d-----w- c:\documents and settings\steven\application data\TeamViewer
2012-02-03 19:42:00 -------- d-----w- c:\program files\TeamViewer
2012-02-03 16:46:50 -------- d-----w- c:\program files\Ares
2012-02-03 04:27:52 -------- d-----w- c:\program files\ElcomSoft
2012-02-01 18:01:14 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-01 17:55:51 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-02-01 17:55:50 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-02-01 17:55:50 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-01 17:18:21 -------- d-----w- c:\documents and settings\steven\application data\QuickScan
2012-02-01 17:11:22 -------- d-----w- c:\program files\common files\BitDefender
2012-02-01 17:10:46 305449 ----a-w- c:\documents and settings\all users\application data\bdinstall.bin
2012-02-01 09:34:10 -------- d-----w- c:\program files\Mach5 Software
2012-02-01 09:21:57 29584 ----a-w- c:\windows\system32\WinFLAdrv.sys
2012-02-01 09:21:55 188176 ----a-w- c:\windows\system32\WinVDEdrv6.sys
2012-02-01 09:21:54 228112 ----a-w- c:\windows\system32\WinVDEdrv.sys
2012-02-01 09:21:38 91736 ----a-w- c:\windows\system32\WinFLService.exe
2012-02-01 09:21:37 14936 ----a-w- c:\windows\system32\WinFLMsgService.exe
2012-02-01 09:21:36 40960 ----a-w- c:\windows\system32\nwsftUninstall.exe
2012-02-01 09:21:35 293976 ----a-w- c:\windows\system32\WinFLTray.exe
2012-02-01 09:21:34 293976 ----a-w- c:\windows\system32\WinFLTrayShred.exe
2012-02-01 09:21:33 479832 ----a-w- c:\windows\system32\WinFLCtxMenu.dll
2012-02-01 09:21:31 -------- d-----w- c:\program files\NewSoftware's
2012-02-01 09:13:23 -------- d-----w- c:\documents and settings\steven\application data\Lamantine
2012-02-01 09:11:19 -------- d-----w- c:\program files\Sticky Password
2012-02-01 05:16:51 -------- d-----w- c:\program files\Foxit Software
2012-02-01 05:01:06 -------- d-----w- c:\documents and settings\steven\application data\CheckPoint
2012-02-01 05:00:55 -------- d-----w- c:\program files\CheckPoint
2012-01-31 04:45:32 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2012-01-31 04:44:31 -------- d-----w- c:\windows\ie8updates
2012-01-31 04:41:20 -------- d-----w- c:\documents and settings\steven\local settings\application data\Downloaded Installations
2012-01-31 04:33:03 94536 ----a-w- c:\windows\system32\UDBDef.exe
2012-01-31 04:33:03 -------- d-----w- c:\program files\Disktrix
2012-01-29 19:59:53 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-01-29 19:59:50 -------- d-----w- c:\program files\CyberGhost VPN
2012-01-29 02:45:29 -------- d-----w- c:\windows\system32\LogFiles
2012-01-29 02:08:16 -------- d-----w- c:\documents and settings\steven\application data\Malwarebytes
2012-01-29 02:08:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-29 02:08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-29 02:08:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-29 02:06:42 -------- d-----w- c:\documents and settings\steven\application data\TuneUp Software
2012-01-29 02:06:15 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software
2012-01-29 02:05:30 -------- d-sh--w- c:\documents and settings\all users\application data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-01-29 00:06:47 -------- d--h--w- c:\windows\$hf_mig$
2012-01-28 22:03:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-28 22:03:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-28 22:03:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-28 22:03:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-28 22:03:44 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-01-28 22:03:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-28 04:49:18 -------- d-----w- c:\documents and settings\steven\.frostwire5
2012-01-28 04:48:41 -------- d-----w- c:\program files\FrostWire 5
2012-01-28 04:48:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-28 04:48:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-28 01:33:37 -------- d---a-w- c:\program files\password
2012-01-27 08:25:56 -------- d-----w- c:\program files\S.W.A.T. 4
2012-01-26 21:25:11 -------- d-----w- c:\program files\LinuxLive USB Creator
2012-01-26 18:42:35 -------- d-----w- c:\program files\VideoLAN
2012-01-26 13:28:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-01-26 13:25:45 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-01-26 13:18:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-01-26 13:08:20 -------- d-----w- c:\program files\Driver-Soft
2012-01-26 12:56:10 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-01-26 12:56:10 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-01-26 12:56:07 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-01-26 12:56:07 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-01-26 12:56:04 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-01-26 12:56:04 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-01-26 12:55:55 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-01-26 12:55:55 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-01-26 08:51:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-01-26 08:50:09 -------- d-----w- c:\program files\AVG
2012-01-26 08:36:57 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-01-25 23:35:04 1315776 ----a-w- c:\windows\system32\drivers\athw.sys
2012-01-25 23:35:04 1315776 ----a-w- c:\windows\system32\athw.sys
2012-01-25 23:35:04 -------- d-----w- c:\program files\Atheros
2012-01-25 23:35:03 -------- d-----w- c:\windows\Options
2012-01-25 23:34:43 -------- d-----w- C:\temp
2012-01-25 23:34:35 -------- d-----w- c:\documents and settings\all users\application data\Atheros
2012-01-25 23:34:07 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M ====================
.
2012-02-13 19:50:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-25 19:45:56 315392 ----a-w- c:\windows\HideWin.exe
2011-11-25 21:56:26 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
.
============= FINISH: 13:15:44.56 ===============

Attached Files


Edited by Noviciate, 15 February 2012 - 03:36 PM.
Added DDS from attachment


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:27 AM

Posted 15 February 2012 - 03:42 PM

Good evening. :)

Are you seeing this issue in both Firefox and Internet Explorer, or just FF?

So long, and thanks for all the fish.

 

 


#3 Crashoveride420

Crashoveride420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:27 AM

Posted 15 February 2012 - 05:30 PM

Evening....this all started on Fire Fox, i dont use Chrome or IE at the house. At first i new what happened, i uninstalled my firewall and got lazy, downloaded something and toolbar/search bar got installed. Ok. So i went to add remove programs, found the little booger, uninstalled it. Ok. So i restart fire fox, and it says it is updating and all that good stuff, and lo and behold the search's get redirected to MyStart. Usually i search straight from the address bar and it goes to google. Every scan i have done, MBAM, MSE, SASW, get nothing. MBAM runs constantly so if it is malware it is a sneaky little booger.
I have ran TDS killer and it found nothing as well. Kinda stumped on this one.

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:27 AM

Posted 16 February 2012 - 04:28 PM

Good evening. :)

What you may not know is that Firefox has a set of configuration options that aren't immediately obvious to the "naked eye" and it may be that one of these has been altered. This would mess with your searches without the need for any active malicious programs to be present and running.
We'll start by taking a peek at things, but do bear in mind that madly changing stuff in here could break FF - think twice before you poke at the keyboard! :busy:

Fire up FF and Copy and Paste the following into the Address bar, (that bit that normally has www. etc in it): about:config
You should get a warning message which you'll need to OK.
Now Copy and Paste the following into the Filter box at the top: browser.search.defaultenginename
Wait a second or two for the magic to happen!

On my system this results in Status: default, Type string, Value Google. Can you tell me what you see.

So long, and thanks for all the fish.

 

 


#5 Crashoveride420

Crashoveride420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:27 AM

Posted 16 February 2012 - 05:19 PM

There seems to always we something to learn...i like that. ok

String--user set

type--sting

value--empty???

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:27 AM

Posted 17 February 2012 - 04:43 PM

Good evening. :)

Open up about:config and use mystart as the filter and see what lines show up - right clicking a line gives you a Copy option so you can Paste any that you find.

So long, and thanks for all the fish.

 

 


#7 Crashoveride420

Crashoveride420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:27 AM

Posted 17 February 2012 - 05:47 PM

The only thing that comes up is from the filter word my...it gives me

keyword.URL;http://mystart.incredibar.com/mb115/?loc=IB_DS&a=6R8jLYoGn0&&i=26&search=

This is also happening on Chrome, so this problem is not just limited.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:27 AM

Posted 17 February 2012 - 08:35 PM

One at a time. I want you to call up that line again, right click it and select Modify - in the box that appears paste the following into it and hit OK:

http://www.google.com.my/search?q=
restart FF and tell me if it plays nicely now.

So long, and thanks for all the fish.

 

 


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:27 AM

Posted 24 February 2012 - 05:03 PM

Helpers are limited in the number of logs they can take by the time they have available and having threads sit idle means that somebody else who could be being helped has to wait.
Given that there has been no response for at least five days, and I have no way of knowing when there will be one, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users