Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: All browsers hijacked - redirecting search links

  1. #21
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    On the picture you attached....what shows if you click on the extensions tab (looks like puzzle piece)?

  2. #22
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Bitdefender Anti-phishing Toolbar 2.0 (Bitdefender is my chosen Antivirus)
    Java Quick Starter 1.0
    Microsoft .NET Framework Assistant 1.1

  3. #23
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Just in case you wanted to know, I am attaching a screen shot of the plug-ins tab as well.

  4. #24
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Okay that doesn't appear to be it. It has been some time in between posts here so I would like to get an update on how things look. Please run DDS again and post the logs. Also let me know how it's running.

  5. #25
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Here's the DDS:

    DDS (Ver_09-11-24.02) - NTFSx86
    Run by Global at 7:59:59.74 on Fri 12/11/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.298 [GMT -5:00]

    AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\JL2005A\cam_mon.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Global\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bing.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [Google Update] "c:\documents and settings\global\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [CAMMON_JL2005A] c:\program files\jl2005a\cam_mon
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
    mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader.cab
    DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225}
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147699052265
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\global\applic~1\mozilla\firefox\profiles\kdpyzawl.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\mozilla firefox\components\FFComm.dll
    FF - plugin: c:\documents and settings\global\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 is-KKU82drv;is-KKU82drv;c:\windows\system32\drivers\39940974.sys [2009-11-22 148496]
    R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104456]
    S2 Audiowerk;Emagic Audiowerk Kernel Mode Driver;c:\windows\system32\drivers\emagicaw.sys [2006-4-13 19816]
    S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe [2009-10-7 129856]
    S2 FILESpy;FILESpy;\??\c:\program files\softwin\bitdefender9\filespy.sys --> c:\program files\softwin\bitdefender9\filespy.sys [?]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
    S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;c:\windows\system32\drivers\usbmidim.sys --> c:\windows\system32\drivers\usbmidim.sys [?]
    S3 USBMM1X1;USB Midi 1x1 USB Driver;c:\windows\system32\drivers\usbmm1x1.sys --> c:\windows\system32\drivers\usbmm1x1.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [2009-10-7 752984]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

    =============== Created Last 30 ================

    2009-12-05 17:56:23 0 d-----w- C:\669074bf335f3f983877cf19bb24f4
    2009-12-05 17:44:30 165 ----a-w- c:\windows\system32\spupdsvc.inf
    2009-12-05 17:33:14 0 d-----w- c:\program files\IIS
    2009-12-05 17:26:48 0 d-----w- c:\program files\Microsoft Visual Studio 10.0
    2009-12-05 16:34:30 0 d-----w- c:\program files\Microsoft
    2009-11-30 13:01:13 0 d-sha-r- C:\cmdcons
    2009-11-30 12:57:59 98816 ----a-w- c:\windows\sed.exe
    2009-11-30 12:57:59 77312 ----a-w- c:\windows\MBR.exe
    2009-11-30 12:57:59 260608 ----a-w- c:\windows\PEV.exe
    2009-11-30 12:57:59 161792 ----a-w- c:\windows\SWREG.exe
    2009-11-28 20:34:18 23895 ----a-w- C:\Results.zip
    2009-11-28 14:11:12 292352 ----a-w- C:\b5cjwng8.exe
    2009-11-26 03:50:50 0 d-----w- c:\program files\HijackThis2
    2009-11-26 01:11:43 0 d-----w- c:\docume~1\global\applic~1\Malwarebytes
    2009-11-26 01:11:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-26 01:11:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-26 01:11:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-11-26 01:11:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-22 18:45:07 0 dc-h--w- c:\windows\ie8
    2009-11-22 16:03:47 0 d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-22 16:03:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-11-22 14:48:26 1502120 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-11-22 14:48:26 134658080 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-11-22 14:48:01 148496 ----a-w- c:\windows\system32\drivers\39940974.sys
    2009-11-18 04:49:01 0 d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================

    2009-11-25 08:22:58 81984 ----a-w- c:\windows\system32\bdod.bin
    2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
    2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
    2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
    2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
    2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
    2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
    2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-07 10:31:18 17744 ----a-w- c:\windows\system32\aspnet_counters.dll
    2009-10-07 07:44:58 767312 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
    2009-10-07 07:44:58 70456 ----a-w- c:\windows\system32\dxva2.dll
    2009-10-07 07:44:58 486200 ----a-w- c:\windows\system32\evr.dll
    2009-10-07 07:17:56 99160 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-10-07 07:17:56 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2009-10-07 07:17:56 297792 ----a-w- c:\windows\system32\mscoree.dll
    2009-10-07 07:17:56 295248 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-10-07 07:17:56 158032 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-07 07:17:56 1130816 ----a-w- c:\windows\system32\dfshim.dll
    2009-10-02 04:44:07 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
    2009-09-16 02:35:20 156488 ----a-w- c:\windows\system32\mscorier.dll

    ============= FINISH: 8:03:20.27 ===============

  6. #26
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    Attach.zip is attached.

  7. #27
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    IndiGenus,

    The problem with the browser still exists but the computer is running fine otherwise.

    Just a heads up, I leave for a 2 week vacation cruise on Saturday. My computer will be off the whole time I am gone and I would like to resume the work on this problem upon my return.

    Are you OK with that? I don't necessarily want to have to start from scratch if I can help it.

    Again, I really appreciate your help so far.

  8. #28
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Just a heads up, I leave for a 2 week vacation cruise on Saturday.
    IndiGenus is very jealous!

    We'll keep the thread open. Not seeing anything there in DDS. We'll start back up when you get back. Enjoy your vacation.

  9. #29
    Junior Member
    Join Date
    Nov 2009
    Posts
    16

    Default

    I really appreciate it. You'll hear from me around the 27th. -J

  10. #30
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    j_global, still with us?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •