Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infomash Browser Hijacker Problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 bmw330ci2004

bmw330ci2004

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 08 October 2010 - 05:50 PM

Hey folks,

I am another person who had the AntiVirus Studio 2010 virus. I seemed to have gotten it cleaned up for the most part using Malwarebyte's Ant-Malware software but still have a lingering issue. I no longer have the fake antivirus software popping up but still have a browser hijacker that redirects my browser to other webpages. One of the most common being Infomash. I have the problem in Explorer and Firefox. As per the preperation guide, I have attached the required log files.

Could someone please help as I am completely unsure as to how to fix this problem?

Any help is very much appreciated!


DDS (Ver_10-10-05.01) - NTFSx86 NETWORK
Run by Administrator at 14:40:13.45 on Fri 10/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2010.1488 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Desktop\dds (1).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunServices: [AdobeAdobeUpdater] c:\docume~1\devin\locals~1\temp\ loader_62.exe
mRunServices: [GraphicsWizard] c:\program files\ati technologies\ati.ace\graphics-light\ko\wizardresources.exe
mRunServices: [Userctor] c:\program files\common files\installshield\professional\runtime\09\01\intel32\igdiuser.exe
mRunServices: [AdobeAcrobatUpdater] c:\program files\common files\adobe\arm\1.0\managerlibrary1.4.5.0.exe
mRunServices: [GraphicsCentre] c:\program files\ati technologies\ati.ace\graphics-full-existing\fr\dashboardcontrol.exe
mRunServices: [GraphicsAspect] c:\program files\ati technologies\ati.ace\graphics-full-existing\pt-br\centregraphics.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: localhost
Trusted Zone: netapp.com\ce.corp
Trusted Zone: netapp.com\neophyte-ext
Trusted Zone: netapp.com\pe
Trusted Zone: netapp.com\www.pe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235884370921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: ckpNotify - ckpNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\mfh8spqy.default\
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-6-10 19496]
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-6-18 2235760]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-6-18 121136]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-21 239760]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-5 343920]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-6-18 47504]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-3-25 22816]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-3-25 147472]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-3-25 66880]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-5-5 70728]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-2-28 2058776]
S2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-6-18 673872]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-2-28 482176]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-10-26 118784]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-5 91832]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-5 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-5 66600]

=============== Created Last 30 ================

2010-10-08 20:38:15 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-10-08 20:14:08 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2010-10-08 20:01:09 -------- d-----w- c:\docume~1\admini~1\applic~1\Bullzip
2010-10-08 15:18:38 44032 ----a-w- c:\windows\system32\drivers\nmzyirjnmuyir.sys
2010-10-06 17:32:43 -------- d-----w- c:\program files\Trend Micro
2010-10-06 16:09:44 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-10-06 15:37:35 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-10-05 14:22:18 0 ----a-w- C:\oracle pw
2010-10-05 14:16:49 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Identities
2010-10-05 14:16:45 -------- d-----w- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2010-10-05 14:16:38 -------- d-----w- c:\docume~1\admini~1\applic~1\Research In Motion
2010-10-05 04:14:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 04:14:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-05 04:14:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 04:14:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-05 04:07:40 -------- d-----w- c:\windows\pss
2010-10-05 02:54:54 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2010-10-05 00:03:48 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2010-10-04 22:33:51 -------- d-----w- C:\QUARANTINE
2010-09-28 22:31:12 -------- d-----w- c:\program files\Yahoo!
2010-09-13 23:03:36 -------- d-----w- c:\program files\Power Program

==================== Find3M ====================


============= FINISH: 14:40:41.32 ===============


BC AdBot (Login to Remove)

 


#2 bmw330ci2004

bmw330ci2004
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 15 October 2010 - 01:19 PM

Hello,

Could I please have this thread closed?

I no longer require assistance and thank you in advance for the help I would have received!



#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:08 PM

Posted 16 October 2010 - 05:43 PM

Hello

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users