Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked yahoo search results


  • This topic is locked This topic is locked
6 replies to this topic

#1 tsattar

tsattar

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 11 July 2009 - 05:14 PM

The search results from yahoo seem to be hijacked. It goes to a page results.yahoo.com and then that is the address that is displayed no matter what site I go to. I seem to be redirected to sites with search results and links to other sites. The contents of the DDS.txt file are pasted here:


DDS (Ver_09-06-26.01) - NTFSx86
Run by tsattar at 16:52:09.72 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2006.862 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\lxbxcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\palmOne\Palm.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Temp\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0

\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security

solution\tvtpwm_ie_com.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\progra~1\thinkv~2\amsg\Amsg.exe /startup
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [wanActivate] c:\program files\lenovo\activatewan\WanActivate.exe -check
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
mRun: [LXBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBXtime.dll,_RunDLLEntry@16
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\acroba~1.lnk - c:\program

files\adobe\acrobat 6.0\acrobat\Acrobat.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\ad-aware.lnk - c:\program

files\lavasoft\ad-aware\Ad-Aware.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\adobep~1.lnk - c:\program

files\adobe\photoshop 5.0\Photoshp.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\adober~1.lnk - c:\program

files\adobe\reader 9.0\reader\AcroRd32.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\deskto~1.lnk - c:\program

files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\excel2~1.lnk -

c:\windows\installer\{90120000-0016-0000-0000-0000000ff1ce}\xlicons.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\eyebeam.lnk - c:\program

files\xtennetworksinc\eyebeam\eyeBeam.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\hotsyn~1.lnk - c:\program

files\palmone\HOTSYNC.EXE
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\intern~1.lnk - c:\program

files\internet explorer\iexplore.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\messen~1.lnk - c:\program

files\windows live\messenger\msnmsgr.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\mozill~1.lnk - c:\program

files\mozilla firefox\firefox.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\palmde~1.lnk - c:\program

files\palmone\Palm.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\powerp~1.lnk -

c:\windows\installer\{90120000-0018-0000-0000-0000000ff1ce}\pptico.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\printe~1.lnk - c:\program

files\lexmark 7100 series\lxbxlpx.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\turbot~1.lnk -

c:\windows\installer\{88214092-836f-4e22-a5ac-569ac9ee6a0f}\TurboTax.exe
StartupFolder: c:\users\tsattar\appdata\roaming\micros~1\windows\startm~1\programs\startup\tariq\word20~1.lnk -

c:\windows\installer\{90120000-001b-0000-0000-0000000ff1ce}\wordicon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line

detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{89291966-cf6b-

4dc7-9d72-8c9034a194d9}\IcoUltraMon.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security

solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12

\REFIEBAR.DLL
Trusted Zone: advancedmd.com
Trusted Zone: intuit.com
Trusted Zone: turbotax.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://rs7.advancedmd.com/rs-current/components/smsx.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} - hxxps://c-app.advancedmd.com/practicemanager/ppmdcontrols/ppmdforms.cab
DPF: {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} - hxxps://c-app.advancedmd.com/practicemanager/ppmdcontrols/amdscontrols50.cab
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://98.162.198.152:5000/WinWebPush.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B15C3921-CCFA-4403-9E6F-4470839E835E} - hxxps://c-app.advancedmd.com/practicemanager/ppmdcontrols/leadtools.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC99A86F-EA5D-414A-8231-7C3F1B10A644} - hxxps://c-app.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} - hxxps://c-app.advancedmd.com/practicemanager/ppmdcontrols/ppmdvbdownload.cab
TCP: NameServer = 85.255.112.138,85.255.112.9
TCP: {680AE8A2-474E-4B99-9155-644C108CA533} = 85.255.112.138,85.255.112.9
TCP: {C63E5F50-49E5-40A5-AA1F-12E1025E1AB9} = 85.255.112.138,85.255.112.9
TCP: {F7B5FD01-0FB1-4FBE-8CEE-B399BC9D9633} = 85.255.112.138,85.255.112.9
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
LSA: Notification Packages = scecli psqlpwd ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\tsattar\appdata\roaming\mozilla\firefox\profiles\yjexcuno.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin:

c:\users\tsattar\appdata\roaming\mozilla\firefox\profiles\yjexcuno.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx

.dll
FF - plugin:

c:\users\tsattar\appdata\roaming\mozilla\firefox\profiles\yjexcuno.default\extensions\moveplayer@movenetworks.com\platform\wi

nnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2009-1-28 117800]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32

\drivers\NETw5v32.sys [2009-3-4 4232704]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-12-18 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

=============== Created Last 30 ================

2009-07-11 16:52 359,929 a------- c:\temp\dds.scr
2009-07-11 16:42 812,344 a------- c:\temp\HJTInstall.exe
2009-07-11 16:39 <DIR> --d----- c:\program files\CCleaner
2009-07-11 16:38 3,252,640 a------- c:\temp\ccsetup221.exe
2009-07-11 15:22 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-11 15:22 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-11 15:14 60,857,536 a------- c:\temp\Ad-AwareAE.exe
2009-07-11 14:21 <DIR> --d----- c:\program files\VideoLAN
2009-07-10 10:54 1 a------- c:\windows\system32\drivers\MSIVXserv.sys
2009-07-07 12:48 <DIR> --d----- C:\download
2009-07-07 09:53 168,448 a------- c:\windows\system32\unrar.dll
2009-07-07 09:53 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-07-05 15:24 <DIR> --d----- c:\users\tsattar\Roaming
2009-07-05 15:24 <DIR> --d----- c:\programdata\Roaming
2009-07-05 15:24 <DIR> --d----- c:\progra~2\Roaming
2009-07-05 15:23 <DIR> --d----- c:\program files\Cisco
2009-07-05 15:22 <DIR> --d----- c:\program files\common files\Intel
2009-07-05 14:14 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-05 14:14 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-05 14:14 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-05 13:07 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-05 13:05 1,381,376 a------- c:\windows\system32\Query.dll
2009-07-05 13:04 714,240 a------- c:\windows\system32\timedate.cpl
2009-07-05 13:03 247,808 a------- c:\windows\system32\drvstore.dll
2009-07-05 11:40 40,384 a------- c:\windows\system32\drivers\tvtfilter.sys
2009-07-05 11:22 615,712 -------- c:\windows\system32\PWMCP32V.cpl
2009-07-02 13:00 53,248 a------- c:\windows\system\TVicPort.dll
2009-07-02 13:00 20,512 a------- c:\windows\system32\drivers\TVicPort.sys
2009-07-02 13:00 <DIR> --d----- c:\program files\TPFanControl
2009-07-01 22:58 <DIR> --d----- c:\program files\VideoViewer
2009-07-01 22:58 1,204,224 -------- c:\windows\system32\AVC_JPEG.dll
2009-07-01 22:58 905,216 -------- c:\windows\system32\AVC_LIVE.dll
2009-07-01 22:58 794,624 -------- c:\windows\system32\AVC_H264.dll
2009-07-01 22:58 778,240 -------- c:\windows\system32\AVC_PB.dll
2009-07-01 22:58 598,016 -------- c:\windows\system32\AVC_MPEG4.dll
2009-07-01 22:58 225,280 -------- c:\windows\system32\AVC_RTSP.dll
2009-07-01 22:58 131,072 -------- c:\windows\system32\AVC_NATT.dll
2009-07-01 17:24 <DIR> --d----- c:\programdata\VideoViewer
2009-07-01 17:24 <DIR> --d----- c:\progra~2\VideoViewer
2009-07-01 17:24 1,268,736 -------- c:\windows\system32\XY_quartz.dll
2009-07-01 17:24 559,616 -------- c:\windows\system32\XY_qedit.dll
2009-07-01 17:24 17,408 a------- C:\psapi.dll
2009-07-01 17:24 1,645,320 -------- c:\windows\system32\gdiplus.dll
2009-07-01 17:24 704,512 -------- c:\windows\system32\ijl20.dll
2009-07-01 17:24 1,204,224 -------- c:\windows\system32\AVC_AP_JPEG.dll
2009-07-01 17:24 917,504 -------- c:\windows\system32\AVC_AP_LIVE.dll
2009-07-01 17:24 815,104 -------- c:\windows\system32\AVC_AP_PB.dll
2009-07-01 17:24 794,624 -------- c:\windows\system32\AVC_AP_H264.dll
2009-07-01 17:24 598,016 -------- c:\windows\system32\AVC_AP_MPEG4.dll
2009-07-01 17:24 225,280 -------- c:\windows\system32\AVC_AP_RTSP.dll
2009-07-01 03:43 21,376 a------- c:\windows\system32\drivers\psadd.sys
2009-07-01 03:32 <DIR> --d----- c:\program files\common files\ThinkVantage Fingerprint Software
2009-07-01 03:32 <DIR> --d----- c:\program files\common files\SPBA
2009-06-28 14:34 530,132 a------- c:\temp\tpfc_v062.zip
2009-06-26 13:04 <DIR> --d----- C:\videodvdmaker
2009-06-26 13:04 <DIR> --d----- c:\users\tsattar\appdata\roaming\Video DVD Maker FREE
2009-06-26 13:02 <DIR> --d----- c:\program files\Video DVD Maker
2009-06-26 10:42 <DIR> --d----- c:\program files\uTorrent
2009-06-26 10:41 288,048 a------- c:\temp\utorrent.exe
2009-06-25 19:14 <DIR> --d----- c:\programdata\Google
2009-06-25 13:51 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-06-25 13:51 36,864 a------- c:\windows\system32\trayicon_handler.ocx
2009-06-25 13:20 299,008 a------- c:\windows\system32\TubeFinder.exe
2009-06-25 13:20 364,544 a------- c:\windows\system32\PropertyGrid.ocx
2009-06-25 13:20 208,500 a------- c:\windows\system32\ReyXpBasics.tlb
2009-06-25 13:20 119,568 a------- c:\windows\system32\VB6FR.DLL
2009-06-25 13:20 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-06-25 13:20 84,512 a------- c:\windows\system32\PICCLP32.OCX
2009-06-25 13:20 9,728 a------- c:\windows\system32\PCCLPFR.DLL
2009-06-25 13:20 141,312 a------- c:\windows\system32\MSCMCFR.DLL
2009-06-25 13:20 32,768 a------- c:\windows\system32\CMDLGFR.DLL
2009-06-25 13:20 24,576 a------- c:\windows\system32\ControlSubX.ocx
2009-06-25 13:20 <DIR> --d----- c:\program files\Free FLV Converter
2009-06-25 00:05 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-06-25 00:05 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-25 00:05 <DIR> --d----- c:\program files\DivX
2009-06-24 22:09 <DIR> --d----- c:\programdata\VistaCodecs
2009-06-24 22:09 <DIR> --d----- c:\progra~2\VistaCodecs
2009-06-21 18:54 <DIR> --d----- c:\program files\CodecX
2009-06-19 08:36 <DIR> --d----- C:\LAFEMMENIKITA_DISC1
2009-06-14 20:50 <DIR> --d-h--- C:\VJVod_Cache
2009-06-13 08:11 <DIR> --d----- c:\windows\system32\nagasoft

==================== Find3M ====================

2009-07-05 15:23 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-05 15:23 51,200 a------- c:\windows\inf\infpub.dat
2009-07-05 15:23 143,360 a------- c:\windows\inf\infstor.dat
2009-07-05 14:14 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-03 09:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-26 19:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-13 16:56 129,784 -------- c:\windows\system32\pxafs.dll
2009-05-13 16:56 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-13 16:56 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-13 16:54 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-13 16:54 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-13 16:54 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-13 16:54 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-13 16:54 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-13 16:54 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-13 16:54 685,056 a------- c:\windows\system32\DivX.dll
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-05 03:03 238,080 a------- c:\windows\UltraMon.scr
2009-05-05 02:56 218,624 a------- c:\windows\system32\UltraMonIndDisp.exe
2009-05-05 02:56 302,592 a------- c:\windows\system32\UltraMon.dll
2009-05-05 02:56 83,968 a------- c:\windows\system32\UltraMonHook.dll
2009-05-05 02:56 81,920 a------- c:\windows\system32\UltraMonIndDispHook.dll
2009-04-23 07:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 07:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-21 06:39 2,034,688 a------- c:\windows\system32\win32k.sys
2009-04-16 02:50 111,904 -------- c:\windows\PWMBTHLV.EXE
2008-12-26 13:02 87,608 a------- c:\users\tsattar\appdata\roaming\inst.exe
2008-12-26 13:02 47,360 a------- c:\users\tsattar\appdata\roaming\pcouffin.sys
2008-08-11 03:21 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-10 21:50 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:55:03.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 AM

Posted 13 July 2009 - 01:56 PM

Hello tsattar,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 13
    Java™ 6 Update 7
    Java™ SE Runtime Environment 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.
*******************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

*******************

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 13 July 2009 - 02:01 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 tsattar

tsattar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 13 July 2009 - 11:12 PM

Here are the contents from the notepad window that opened up after the security check.

Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 2
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
McAfeeSecurityCenter
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Ad-Aware
CCleaner (remove only)
Java™ 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````


Scan took 5 seconds.
`````````End of Log```````````

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 AM

Posted 14 July 2009 - 12:33 AM

Hi tsattar,

You forgot to post the Malwarebytes log. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 tsattar

tsattar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 14 July 2009 - 07:57 AM

Following is the long for MBAM.

Thanks for your help.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6002 Service Pack 2

7/14/2009 7:45:21 AM
mbam-log-2009-07-14 (07-45-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 250338
Time elapsed: 1 hour(s), 34 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 16
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{680ae8a2-474e-4b99-9155-644c108ca533}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c63e5f50-49e5-40a5-aa1f-12e1025e1ab9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f7b5fd01-0fb1-4fbe-8cee-b399bc9d9633}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f7b5fd01-0fb1-4fbe-8cee-b399bc9d9633}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{680ae8a2-474e-4b99-9155-644c108ca533}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c63e5f50-49e5-40a5-aa1f-12e1025e1ab9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f7b5fd01-0fb1-4fbe-8cee-b399bc9d9633}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f7b5fd01-0fb1-4fbe-8cee-b399bc9d9633}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{680ae8a2-474e-4b99-9155-644c108ca533}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{680ae8a2-474e-4b99-9155-644c108ca533}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c63e5f50-49e5-40a5-aa1f-12e1025e1ab9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f7b5fd01-0fb1-4fbe-8cee-b399bc9d9633}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f7b5fd01-0fb1-4fbe-8cee-b399bc9d9633}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.138,85.255.112.9 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 AM

Posted 14 July 2009 - 09:09 AM

Hi tsattar,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your McAfeeSecurityCenter , Lavasoft Ad-Watch Live! Anti-Virus, Windows Defender and ad-Watch before running ComboFix, as they will prevent it from running.

To Disable McAfee Security Center
Posted Image


Disable Ad-Watch to make sure it won't interfere fixing.

To disable AD-AWARE AD-WATCH in Ad-Aware Anniversary Edition (and Pro version)
Start Ad-Aware
Click the Ad-Watch tab
Click the Settings button
Ensure all highlighted options bellow are unchecked:(some settings may be used or changed only in the Pro version)

Under the General tab
Processes Protection
Registry Protection
Network Protection

Under the Detection Layers tab:
Spyware heuristics
AntiVirus engine
OK your way out, and close the main Ad-Aware window.
Shut down Ad-Aware and Ad-Watch Live! by right clicking on the system tray icon, and selecting Exit Ad-Aware.
OK the change

To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 AM

Posted 24 July 2009 - 09:55 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users