Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Torjan and brower redirect

  • This topic is locked This topic is locked
2 replies to this topic

#1 Flyingfish


  • Members
  • 3 posts
  • Local time:10:24 AM

Posted 22 October 2009 - 11:06 PM

Hi, thanks for your help!

Comp has a few problems. Web redirects, taskbar hijack, misc trojans.
When I click on a web link I get redirected to other sites. Can get back to main site by clicking 'back' several times, but sometimes that doesn't work. It took several several tries to navigate the links on this site to gather the info and run scans. I couldn't click the links, but had to type in the link address. Sometimes my browser changes to the basic my computer screen, says it does a scan on my comp and finds many things infected. It offers to DL antivirus software. Windows keep popping up, close one, another opens, rare to be able to get out of the window.

Ran McAfee, spybot, and Mbytes, they'd pick up to 11 things, trojans and redirects adn others that either lock or disable the task bar. Scans said issues were removed, needed reboot to finish cleaning, I'd reboot but everthing would come back. Sometimes on reboot comp would never fully load after clicking on user profile. Taskbar would not load, everything else would clock when clicked. I'd reboot again and it'd be better.

Here's the fun stuff.

DDS (Ver_09-10-13.01) - NTFSx86
Run by Angelina at 17:07:05.07 on Thu 10/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.515 [GMT -5:00]

AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
C:Program FilescomcasttbComcastSpywareScanComcastAntiSpyService.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesBorlandInterbaseBinIBGuard.exe
C:Program FilesCAPPRTbinITMRTSVC.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesNikonWireless Camera Setup UtilityNkPtpEnum.exe
C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
C:WINDOWSSystem32svchost.exe -k imgsvc
C:Program FilesBorlandInterbaseBinIBServer.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:Program FilesDell AIO Printer A940dlbabmgr.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:Program FilesDell AIO Printer A940dlbabmon.exe
C:Program FilesMicrosoft IntelliType Proitype.exe
C:Program FilesMicrosoft IntelliPointipoint.exe
C:Program FilesMicrosoft IntelliType Prodpupdchk.exe
C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesWindows Media PlayerWMPNSCFG.exe
C:Program FilesCreativeSBLiveDiagnosticsdiagent.exe
C:Program FilescomcasttbComcastSpywareScanComcastAntispy.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsAngelinaDesktopdds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uStart Page = hxxp://yahoo.sbc.com/dsl
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlatfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:program filescomcasttbcomcastdx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscanscriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:program filescomcasttbcomcastdx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [userinit] c:windowssystem32ntos.exe
uRun: [UpdateWin] c:windowssystem32adptifn.exe
uRun: [ComcastAntispyClient] "c:program filescomcasttbcomcastspywarescanComcastAntispy.exe" /hide
uRun: [calc] rundll32.exe c:docume~1locals~1ntuser.dll,_IWMPEvents@0
uRunOnce: [FlashPlayerUpdate] c:windowssystem32macromedflashFlashUtil10b.exe
uRunServices: [UpdateWin] c:windowssystem32adptifn.exe
mRun: [Dell AIO Printer A940] "c:program filesdell aio printer a940dlbabmgr.exe"
mRun: [Microsoft Works Update Detection] c:program filescommon filesmicrosoft sharedworks sharedWkUFind.exe
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [itype] "c:program filesmicrosoft intellitype proitype.exe"
mRun: [IntelliPoint] "c:program filesmicrosoft intellipointipoint.exe"
mRun: [ddoctorv2] "c:program filescomcastdesktop doctorbinsprtcmd.exe" /P ddoctorv2
mRun: [LogitechCommunicationsManager] "c:program filescommon fileslogishrdlcommgrCommunications_Helper.exe"
mRun: [mcagent_exe] "c:program filesmcafee.comagentmcagent.exe" /runkey
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [calc] rundll32.exe c:windowssystem32calc.dll,_IWMPEvents@0
mRun: [diagent] "c:program filescreativesblivediagnosticsdiagent.exe" startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
StartupFolder: c:docume~1alluse~1startm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeoffice10OSA.EXE
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
LSP: c:windowssystem32VetRedir.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1angelinaapplic~1mozillafirefoxprofilesdggrcjdk.default
FF - prefs.js: browser.search.selectedEngine - Comcast Search
FF - HiddenExtension: XUL Cache: {4709ABB0-C3AC-40CC-8A0E-43548CB45C51} - c:documents and settingsangelinalocal settingsapplication data{4709ABB0-C3AC-40CC-8A0E-43548CB45C51}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

============= SERVICES / DRIVERS ===============

R2 AntiSpywareService;Comcast AntiSpyware;c:program filescomcasttbcomcastspywarescanComcastAntiSpyService.exe [2009-3-16 616408]
R2 NkPtpEnumP2;NkPtpEnumP2;c:program filesnikonwireless camera setup utilityNkPtpEnum.exe [2005-6-17 24064]
R3 VBus;Virtual Bus;c:windowssystem32driversNkVBus.sys [2005-6-17 17664]
S1 bcbus;BestCrypt bus driver;c:windowssystem32driversbcbus.sys --> c:windowssystem32driversbcbus.sys [?]
S2 0285141256220377mcinstcleanup;McAfee Application Installer Cleanup (0285141256220377);c:windowstemp028514~1.exe c:progra~1common~1mcafeeinstal~1cleanup.ini -cleanup -nolog -service --> c:windowstemp028514~1.exe c:progra~1common~1mcafeeinstal~1cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2009-10-22 09:01 <DIR> --d----- c:docume~1angelinaapplic~1Malwarebytes
2009-10-19 18:32 3 a------- c:windowssystem32o6.dat
2009-10-19 18:32 45 a------- c:windowssystem32pog.dat
2009-10-19 18:32 1 a------- c:windowssystem32qsf.dat
2009-10-19 18:32 1 a------- c:windowssystem32jl.dat
2009-10-19 18:32 1 a------- c:windowssystem32fcd.dat
2009-10-19 13:38 6,967 a------- c:windowssystem32lknm
2009-10-18 11:44 <DIR> --d----- c:docume~1alluse~1applic~1RegCure

==================== Find3M ====================

2009-09-16 10:22 214,664 a------- c:windowssystem32driversmfehidk.sys
2009-09-16 10:22 79,816 a------- c:windowssystem32driversmfeavfk.sys
2009-09-16 10:22 40,552 a------- c:windowssystem32driversmfesmfk.sys
2009-09-16 10:22 35,272 a------- c:windowssystem32driversmfebopk.sys
2009-09-16 10:22 34,248 a------- c:windowssystem32driversmferkdk.sys
2009-09-11 09:18 136,192 a------- c:windowssystem32msv1_0.dll
2009-09-10 14:54 38,224 a------- c:windowssystem32driversmbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:windowssystem32driversmbam.sys
2009-09-04 16:03 58,880 a------- c:windowssystem32msasn1.dll
2009-08-29 02:36 832,512 a------- c:windowssystem32wininet.dll
2009-08-29 02:36 78,336 a------- c:windowssystem32ieencode.dll
2009-08-29 02:36 17,408 a------- c:windowssystem32corpol.dll
2009-08-26 03:00 247,326 a------- c:windowssystem32strmdll.dll
2009-08-05 04:01 204,800 a------- c:windowssystem32mswebdvd.dll
2009-08-04 10:13 2,145,280 a------- c:windowssystem32ntoskrnl.exe
2009-08-04 09:20 2,023,936 a------- c:windowssystem32ntkrnlpa.exe
2009-06-10 20:31 0 a------- c:program filesjre-6u14-windows-i586.exe
2009-06-10 20:26 0 a------- c:program filesjre-6u14-windows-i586.exe.bak
2009-06-10 20:26 1,192 a------- c:program filesjre-6u14-windows-i586.exe.sdm
2007-05-17 21:26 20 ----h--- c:docume~1alluse~1applic~1PKP_DLec.DAT
2006-04-13 13:15 0 a------- c:docume~1angelinaapplic~1wklnhst.dat
2008-09-01 03:23 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008090120080902index.dat
2009-05-12 15:20 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009051220090513index.dat

============= FINISH: 17:09:00.21 ===============

Also, I had to use another profile on the comp to be able to even load the user profile and luanch the browser. I might have been able to do it under the usual profile but it wasn't working well the last few reboots.

Merged posts. ~ OB

Attached Files

Edited by Orange Blossom, 23 October 2009 - 05:06 PM.

BC AdBot (Login to Remove)


#2 Flyingfish

  • Topic Starter

  • Members
  • 3 posts
  • Local time:10:24 AM

Posted 24 October 2009 - 10:22 AM

Hey guys!

So I was looking through other posts with similar titles and it looks like the average response time is 2-3 weeks. I can't have my issue lingering for that long. I moved my issue to another forum that responds within 3 days.

So I am not sure whats going on here, maybe a limit to posters per day would help, more staff, i dunno, I have heard you guys do a good job but 2-3 weeks is really bad.

If I just had a question like, hey, what do think is a good key-board, then the wait might not be bad. BUt with critical system issues 2-3 week is an eternity.

Maybe an option is to not accept anymore more malicious software posts, lock that s**t out, clear out current posts, and then close down this section of your forum since you can't keep up with demand in a reasonable time frame and focus on the areas you are really good at???

It's kinda like if I went to resturant and I was seated, but then it took 4 hours for a waitress to come up and give us water, then say, "do you need a min?", and then walk away again.

I hope you're not offended, just my thoughts. :(

So you can close my thread. BFF?

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,110 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:24 AM

Posted 24 October 2009 - 06:38 PM

Hello Flyingfish,

We can certainly close your topic. While I realize the frustration of having to wait for your computer issues to be resolved, the necessary wait is not caused by incompetence or inability. Malware removal requires extensive specialized training, and we have only so many people so trained. The training and malware removal done on this site is done entirely on a volunteer basis. Further, these people volunteer on a number of sites.

Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

Your analogy with a restaurant is not apt. It would be more appropriate to compare with a car repair shop. An oil change is easily addressed and can be handled in a day provided a shop is not over-run with cars needing work. However, malware removal is not equivalent to changing the oil - it's more like finding the cause of a weird electrical problem. That can take a long time to diagnose and find and repair. Now, imagine a shop with over a thousand of such cars each with a unique electrical problem and about 20 folks total trained in dealing with these problems. Do you really think that all those cars will have their problems fixed that day? That is unrealistic. Closing the shop would have the effect of sending all those cars to the few other shops able to do such work and similarly over-whelmed. If, as you say, there is a shop that currently has a turn-over of 3 days for resolving such complicated issues, that time would increase given the increase in demand.

Quality work can take time and to my way of thinking is well worth the wait, especially when that help is offered for free.

I wish you well in resolving your computer issues.

This topic is now closed.

Orange Blossom ~ forum moderator
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users