Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Biggest issue is Yahoo search being redirected


  • This topic is locked This topic is locked
10 replies to this topic

#1 titan39

titan39

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 10 July 2009 - 07:09 PM

Hello,

In my haste i have mistakenly posted a HJT log and apologize for it. Just so frustrating with this issue. I hope I did everything correctly. I've been looking around the net searching for ways to rid of this issue. I have found similar problems and attempted to do what they did. The antivirus programs have discover a bunch of trojans and those are gone, but yet my search reqeust still get redirected. I see it's something called overclick. Any help will be greatly appreciated. Here is my DDS log...

DDS (Ver_09-06-26.01) - NTFSx86
Run by Tran at 16:58:16.28 on Fri 07/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.468 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tran\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BrowserHelper Class: {ebcdda60-2a68-11d3-8a43-0060083cfb9c} - c:\windows\system32\nzdd.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\realdo~1.lnk - c:\program files\real\realdownload\Realdownload1.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - hxxp://www.windowsecurity.com/trojanscan/TDECntrl.CAB
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
DPF: {5A447319-0EA2-447B-A063-A5F849B097D0} - hxxps://www.stopzilla.com/scanner/binaries/SZScanLE.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232571366421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232571347218
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38070.8843171296
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://www.windowsecurity.com/trojanscan/axscan.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4795/mcfscan.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX/kdx.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\system32\nzdd.dll
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\system32\nzdd.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tran\applic~1\mozilla\firefox\profiles\2j2pax9c.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-15 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-15 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-15 108552]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-7-10 186128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 298776]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys --> c:\windows\system32\drivers\viasraid.sys [?]
S2 a2free;a-squared Free Service;"c:\program files\a-squared free\a2service.exe" --> c:\program files\a-squared free\a2service.exe [?]
S2 KDE;Loading Outpost Connections;c:\windows\system32\cmdtel.exe --> c:\windows\system32\cmdtel.exe [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-5-5 23856]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 jbridgep;jbridgep;\??\c:\docume~1\tran\locals~1\temp\jbridgep.sys --> c:\docume~1\tran\locals~1\temp\jbridgep.sys [?]

=============== Created Last 30 ================

2009-07-10 15:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-10 13:26 2,171,936 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-10 13:26 29,924 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-10 13:26 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-07-10 13:26 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-07-10 13:24 3,038 a------- C:\rollback.ini
2009-07-10 13:13 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-07-10 13:13 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\ParetoLogic
2009-07-10 11:19 335,752 a------- c:\windows\system32\drivers\avgldx86.sys.prepare
2009-07-10 01:21 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-07-10 01:21 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-10 01:21 <DIR> --d----- c:\docume~1\tran\applic~1\SUPERAntiSpyware.com
2009-07-09 23:47 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-09 23:21 <DIR> a-dshr-- C:\cmdcons
2009-07-09 23:16 161,792 a------- c:\windows\SWREG.exe
2009-07-09 23:16 98,816 a------- c:\windows\sed.exe
2009-07-09 17:11 <DIR> --d----- c:\docume~1\tran\applic~1\Malwarebytes
2009-07-09 16:56 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 16:56 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 16:56 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-09 16:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 13:00 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\14767184
2009-06-13 05:04 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\AVG Security Toolbar

==================== Find3M ====================

2009-06-13 05:04 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-07 11:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2005-09-11 14:12 3,220,608 a------- c:\program files\rminstall.exe
2005-06-04 14:25 25,195,329 a------- c:\program files\klmcodec132.exe
2005-06-04 14:16 1,399,018 a------- c:\program files\klcodec248b.exe
2004-05-27 14:06 1,568 a------- c:\docume~1\tran\applic~1\mpauth.dat
2004-03-27 00:16 1,760,378 a------- c:\program files\aaw6.exe
2004-01-25 19:30 250,659 a------- c:\program files\tag2000audiocodec.exe
2004-01-17 23:51 734,160 a------- c:\program files\VobSub_2.23.exe
2003-12-13 21:36 398,543 a------- c:\program files\XviD-24062003-1.exe
2003-12-13 21:35 146,623 a------- c:\program files\XviD-Dec-230203.exe

============= FINISH: 17:00:33.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 titan39

titan39
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 10 July 2009 - 07:26 PM

Not sure if this is relevant, but i'm a regular user of Firefox, and i just tried using Internet Explorer for the first time in months and it does not seem to be infected by this virus.

#3 titan39

titan39
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 10 July 2009 - 07:50 PM

Oops, i jumped to conclusion, it is also messing with internet explorer.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:46 AM

Posted 14 July 2009 - 11:47 PM

Hello Titan,

The fact that you bumped your thread 2 times explains why you didn't get help yet. :thumbup2:

This because we are always looking at the 0 reply logs. When someone bumps his/her thread, then we assume that someone is already helping you and move on with next thread.

If you still need help download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

***********

Please post the last malwarebytes log so I can see what it found.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 titan39

titan39
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 15 July 2009 - 01:32 AM

Thank you very much for the response. Sorry for the confusion and any help you can give is greatly appreciated.

Here is the info from security check:

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
WindowsLiveOneCaresafetyscanner
AVGFree8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Out of date Spybot installed!
Ad-Aware
Out of date HijackThis installed!
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
SpywareGuard v2.2
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner (remove only)
Java™ 6 Update 14
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
Spybot SDHelper is disabled!
Spybot - Search & Destroy TeaTimer.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````


Scan took 23 seconds.
`````````End of Log```````````



Also here is my last Malwarebyte log scanned on 7/12:
Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 2

7/12/2009 1:54:34 AM
mbam-log-2009-07-12 (01-54-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 290465
Time elapsed: 33 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:46 AM

Posted 15 July 2009 - 05:06 AM

Hi Titan,

Windows XP Service Pack 2 is an out of date service pack!!
You should definitely install SP3 and all critical updates.
Go to Microsoft's windows update site
and do all Critical Updates.


Uninstall Java™ 6 Update 7 as it is an old version. Old Java versions attack malware. :thumbup2:

Uninstall Spybot - Search & Destroy 1.5.2.20
and download and install Spybot 1.6.2

A new version of HijackThis has been released, please download and install the new version by following the instructions here: http://www.download.com/Trend-Micro-Hijack....html?tag=mncol

Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.
Let it install in the default folder C:\Program Files\Trend Micro\HijackThis


Malwarebytes' Anti-Malware 1.38 and Database version: 2401 are both out of date.
The new version is Malwarebytes' Anti-Malware 1.39 and Database version: 2432

Please update Malwarebytes' Anti-Malware and the Database, run a new scan an post the log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 titan39

titan39
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 15 July 2009 - 04:11 PM

Hi Sifu,

I just updated to Service Pack 3. but now I can't get my computer to run. The last thing i see is the Windows XP loading screen then it goes black. I can see the arrow of my mouse but my computer won't load up. I attempted to go into safe mode but it won't allow me to get in safe mode unless i go through msconfig. Please help!

Titan

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:46 AM

Posted 15 July 2009 - 04:54 PM

Probably some hidden malware is causing the problem.

Try this:

Boot into the safe mode and do a system restore.
http://support.microsoft.com/kb/304449

If no joy, try this:
How to start your computer by using the Last Known Good Configuration feature
To start your computer by using the Last Known Good Configuration feature, follow these steps:

Start your computer.
When you see the "Please select the operating system to start" message, press the F8 key.
When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
If you are running other operating systems on your computer, use the ARROW keys to select Microsoft Windows XP, and then press ENTER.

Edited by SifuMike, 15 July 2009 - 05:03 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 titan39

titan39
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 15 July 2009 - 07:12 PM

In my haste i was trying to boot up my system with my Windows XP CD. I read that I can reupgrade windows using the CD to reinstall Windows. SO far it's not working, it will not allow me to finish installing and states that there was a fatal error.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:46 AM

Posted 15 July 2009 - 08:15 PM

Hi titan39,

Your best course of action is to go to our Windows XP Home and Professional forum where one of experts can help you.

When posting to any other forum, do not post a HijackThis log/DDS log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis/DSS is used for and that is what we specialize in here in this forum.

Also, when posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:46 AM

Posted 24 July 2009 - 10:01 PM

Since your problem appears to be resolved, this thread will now be closed.

Edited by SifuMike, 24 July 2009 - 10:04 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users