Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo search link redirects to other search pages


  • This topic is locked This topic is locked
2 replies to this topic

#1 smgjgg

smgjgg

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 15 September 2011 - 10:53 AM

using yahoo for search, clicking the link does not access that page, but opens a new page. the new page is normally a search window of some type

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by SGarrett at 10:47:20 on 2011-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2097 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\dvwin\eTransLauncher.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eTransLauncher] c:\dvwin\eTransLauncher.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\sgarrett\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = bittorrent.exe
uPolicies-disallowrun: 2 = kazaa.exe
uPolicies-disallowrun: 3 = kazaa_336.exe
uPolicies-disallowrun: 4 = kazaa270_en.exe
uPolicies-disallowrun: 5 = kazaa271_en.exe
uPolicies-disallowrun: 6 = kazaa272_en.exe
uPolicies-disallowrun: 7 = kazaagoldpremium.exe
uPolicies-disallowrun: 8 = kazupernodes.exe
uPolicies-disallowrun: 9 = klite172(1).exe
uPolicies-disallowrun: 10 = klite172e.exe
uPolicies-disallowrun: 11 = klrun.exe
uPolicies-disallowrun: 12 = winmon.exe
uPolicies-disallowrun: 13 = wuamgrd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //esyncstr.ident.com/HSPS/DigitalHighwayStream.svc
Trusted Zone: appeon.pclogics.com
Trusted Zone: dvanywhere.com\mydv
Trusted Zone: gefleet.com
Trusted Zone: google.com
Trusted Zone: ident.com\esync1-beta
Trusted Zone: ident.com\esync2-beta
Trusted Zone: msnbc.com\www
Trusted Zone: mydv.dvanywhere.com
Trusted Zone: www.dvanywhere.com
Trusted Zone: yahoo.com\finance
Trusted Zone: yimg.com\us.news2
Trusted Zone: gefleet.com
Trusted Zone: google.com
Trusted Zone: msnbc.com\www
Trusted Zone: yahoo.com\finance
Trusted Zone: yimg.com\us.news2
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://pmtsdev01/viewer/activeXViewer/activexviewer.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://meetingvisuals.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220
TCP: Interfaces\{09E92671-4014-4F5C-B979-27F388476475} : DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: PCANotify - PCANotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sgarrett\application data\mozilla\firefox\profiles\7ha60czu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\sgarrett\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XUL Cache: {bf3aafcd-873d-4839-94ba-0f10f758b46b} - %profile%\extensions\{bf3aafcd-873d-4839-94ba-0f10f758b46b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-12 64512]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 31192]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2007-10-16 31784]
R2 ASANYs_dv;Adaptive Server Anywhere - dv;c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe -hvasanys_dv --> c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe -hvASANYs_dv [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-3-17 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-10-16 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-10-16 54608]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-3-17 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-3-17 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-3-17 244368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-3-17 72680]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-3-17 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-3-17 171272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RemoteAccess32;Routing and Remote Access ;c:\windows\system32\olethk3232.exe --> c:\windows\system32\olethk3232.exe [?]
S3 iCAService;iCAService;c:\dvwin\iCAService.exe [2011-5-20 287744]
S3 TOPAZUSB;TopazUsb.Sys Topaz Tablet USB Driver;c:\windows\system32\drivers\TopazUsb.sys [2009-8-12 33821]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2001-11-2 110651]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
S4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
S4 Digital Highway Server;Digital Highway Server;c:\program files\henry schein, inc\HSPS.eServices.DigitalHighway.Services.exe [2010-10-18 20992]
S4 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 PracticeDataMessageMonitor;Practice Data Message Monitor;c:\program files\henry schein, inc\esync\practice data uploader\HSPS.eServices.PracticeDataUploader.Service.exe [2010-11-30 23040]
S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]
.
=============== Created Last 30 ================
.
2011-09-15 12:29:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-15 12:29:03 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-14 14:39:45 0 ----a-w- c:\documents and settings\sgarrett\local settings\application data\qxkd.exe
2011-09-14 14:39:45 0 ----a-w- c:\documents and settings\sgarrett\local settings\application data\ithc.exe
2011-09-14 14:39:45 0 ----a-w- c:\documents and settings\sgarrett\local settings\application data\hqxl.exe
2011-09-14 14:39:45 0 ----a-w- c:\documents and settings\sgarrett\local settings\application data\eisc.exe
2011-09-14 14:39:45 0 ----a-w- c:\documents and settings\all users\application data\ypxx.exe
2011-09-14 14:39:45 0 ----a-w- c:\documents and settings\all users\application data\lncc.exe
2011-09-14 14:39:45 0 ----a-w- c:\documents and settings\all users\application data\jqxv.exe
2011-09-14 14:39:45 0 ----a-w- c:\documents and settings\all users\application data\abko.exe
2011-09-12 18:50:56 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-12 18:22:39 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-12 18:16:37 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-12 18:16:28 -------- d-----w- c:\program files\Lavasoft
2011-09-06 14:20:40 -------- d-----w- c:\documents and settings\sgarrett\local settings\application data\LogMeIn
.
==================== Find3M ====================
.
2011-07-27 18:37:05 5337088 ----a-w- c:\windows\system32\crpe32.dll
2011-07-27 18:37:05 17920 ----a-w- c:\windows\system32\implode.dll
2011-07-27 18:37:04 899448 ----a-w- c:\windows\system32\dbodbc11.dll
2011-07-27 18:37:04 663609 ----a-w- c:\windows\system32\exlate32.dll
2011-07-27 18:37:04 618496 ----a-w- c:\windows\system32\crpaig80.dll
2011-07-27 18:37:04 285184 ----a-w- c:\windows\system32\crrun32.exe
2011-07-24 23:25:19 0 ---ha-w- c:\documents and settings\sgarrett\sjkfnmrxub.tmp
.
============= FINISH: 10:47:35.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 17 September 2011 - 05:50 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 21 September 2011 - 07:52 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users