New Tab Opens in Firefox every now and then

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Goose13

Thread Starter
Joined
Apr 9, 2010
Messages
2
Hi all!
To start, I take many risks. Still have not learned when I get the bad gut feeling.
I seemed to have had a virus or malaware on my system a couple of days ago.
I use the free version of Comodo Internet Security. My Antivirus software alerted me after I
tried to install a app to convert avi to amv. It alerted of a dll32.exe in Program Files/HostServices.
It flagged it as the following: [email protected]
I noticed a process called Hgubia.exe (from Process Explorer - like Task Manager but more info).
I killed the running process Hgubia.exe but Comodo kept popping up. I asked it to delete and it would go away and come right back. I noticed the file in the Program Files\HostServices\dll32.exe would go away and come back. I even deleted the HostServices directory and it would come back.
I then ran Windows Doctor 2.0 and did a scan on my Registry and on my system. I seem to have cleared
it off but it still shows the Hgubia.exe in running processes. I killed it. Rebooted in safe mode. Ran
Comodo antivirus. Removed a couple of things I found. Booted up in normal mode and ran Comodo again. Removed some of the same tings and even a program I normally use to shutdown automatically at a certain time. It was flagged but I always used it. This time I just decided to get rid of everything flagged. All seems well. No more Hgubia.exe process and no more HostSrvices directory in program files and no more alerts from Comodo. However, every now and then while browsing, a new Tab opens with a site I have never visited. Never the same site. Does not happen often. I have been on for maybe 2 hours and only happened once. I feel that something is still here but I can not detect it. I ran CwShredder but it found nothing. I just don't feel right...
Any assistance in looking at log and helping out is greatly appreciated. If I really need to I can load a
a saved Ghost image on my machine but that would put me back a few programs and XP updates away.
But hey, rather be safe than sorry!
Thanks!

Following is my HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:15:37 AM, on 4/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Systernals Process Explorer\procexp.exe
C:\Documents and Settings\Jose\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.magicjack.com/
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Jose\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B577BEE-3A0B-4FFD-B9B7-DA698FE6F07C}: NameServer = 93.188.162.189,93.188.161.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.189,93.188.161.116
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.189,93.188.161.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.189,93.188.161.116
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4003 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top