Tech Support Forum - View Single Post - ie google search redirect, firefox vimax ads (these were stopped with adblock)

binsill · 07-03-2009, 08:42 AM

Hi,

I was at a site at approx 9:30 last night that asked me to download the newest version of flashplayer (v10).

I still have the culprit file in the trash (can send if you wish), I'm now running in safe mode. When I installed the program, windows defender and avg immediately said I had a virus and moved to quarantine. Everything froze, had to restart.

Spybot doesn't open. Avg and windows system scans see nothing. I see a strange process in task manager: 190589026.tmp.

First I can't download hijackthis/ malwarebites' antimalware/ superantispyware (web page is blocked). Then when I get around that by going to a cached webpage I can download the programs, but the install doesn't work. When I installed HJT, I crashed.

Thanks in advance, any add'l info needed I can provide ASAP.

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by B at 0:31:07.30 on Fri 07/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.545 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SpywareBot *disabled* (Updated) {3914BDEB-9CF2-421A-9495-FE4C87AEFBD1}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\B\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://websec.it.siu.edu/util/googl...ltmplcache%3D2
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.11,85.255.112.139
TCP: {888F2070-E6FE-4DF8-A2B8-CCF106CAE472} = 85.255.112.11,85.255.112.139
TCP: {D4764EF1-211E-4342-B966-6C114DD89F47} = 85.255.112.11,85.255.112.139
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\qtybuz5s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://caloriecount.about.com/cc/account/index.php
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\users\b\appdata\roaming\mozilla\firefox\profiles\qtybuz5s.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-25 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-25 327688]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-25 298776]

=============== Created Last 30 ================

2009-07-03 00:24 <DIR> --d----- c:\program files\Trend Micro
2009-07-02 22:57 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 22:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-02 22:57 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-02 22:57 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-02 22:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 20:46 <DIR> --d----- c:\program files\PlayMe
2009-06-30 23:50 <DIR> --d----- c:\program files\Amazon
2009-06-19 18:02 11,264 a------- c:\windows\system32\PSS70687.DLL
2009-06-19 18:01 32,592 a------- c:\windows\system32\msonpmon.dll
2009-06-19 17:50 <DIR> --d----- c:\users\b\appdata\roaming\GetRightToGo
2009-06-19 15:01 <DIR> --d----- c:\programdata\Yahoo!
2009-06-13 17:03 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-13 17:02 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-13 17:02 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-13 17:02 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-13 17:02 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-12 08:50 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-11 14:55 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-06-11 12:25 <DIR> --d----- c:\program files\iPod
2009-06-11 12:25 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-07-02 09:33 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 09:33 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-17 21:13 51,200 a------- c:\windows\inf\infpub.dat
2009-06-11 12:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-11 12:17 86,016 a------- c:\windows\inf\infstor.dat
2009-05-28 09:08 116,842 a------- c:\windows\hpqins00.dat
2009-05-08 11:37 300,688 a------- c:\windows\jgzr.dat
2009-04-24 11:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 11:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 08:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 07:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 07:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-16 03:08 11,264 a------- c:\windows\system32\PSS289F7.DLL
2008-09-21 01:47 174 a--sh--- c:\program files\desktop.ini
2008-09-21 01:27 665,600 a------- c:\windows\inf\drvindex.dat
2007-11-15 07:14 40 a------- c:\users\b\appdata\roaming\wklnhst.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2001-11-08 19:52 278,528 a------- c:\program files\cac106.exe
2008-09-17 08:47 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-17 08:47 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-17 08:47 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-02-12 20:47 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:33:23.37 ===============