Jump to content

Recommended Posts

Dear Team,

I Have got this virus on my laptop Dell Inspiron 1545, whenever i search something and click on the search result it redirects me to a some different page. either i have to click on stop and enter again to stop this redirection or go back and click enter again to go to the right page.

I am attaching the dds and attach files kindly do the needful.

After searching a lot i think i am at a right place to get solution for my problem.

Thanks in Advance

Regards,

Mdzafaruddin

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by ZAFAR-OPULENTUZ at 22:40:21 on 2011-11-28

.

============== Running Processes ===============

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Documents and Settings\ZAFAR-OPULENTUZ\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\ZAFAR-OPULENTUZ\My Documents\Downloads\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k HPService

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWinlogon: Shell=c:\documents and settings\zafar-opulentuz\local settings\application data\2b49c832\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: eGrabber e-Mail ID Extractor Helper: {67cfcabd-9f77-4857-97ff-4e61eb626514} - c:\program files\internet explorer\PxEmailIDExtractorHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: eGrabber eMail-ID Extractor: {c561b5f4-d2ab-49d6-902d-0c5c8df4cc12} - c:\program files\internet explorer\PxEmailExtractorPlugin.dll

EB: ShopperReports: {bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} - c:\program files\shoppingreport2\bin\2.7.37\ShoppingReport.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\zafar-opulentuz\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Octoshape Streaming Services] "c:\documents and settings\zafar-opulentuz\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RecoverFromReboot] c:\windows\temp\RecoverFromReboot.exe

mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup

mRun: [smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} - c:\program files\shoppingreport2\bin\2.7.37\ShoppingReport.dll

IE: {EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} - c:\program files\shoppingreport2\bin\2.7.37\ShoppingReport.dll

LSP: mswsock.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297616474671

DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://122.170.102.104/codebase/NetVideoOCX.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://121.246.156.130/ssi.cgi/cab/OCXChecker_8320.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{EFE4C752-3C91-4828-940C-35A3DDBC3470} : NameServer = 10.20.1.6,10.20.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: winypt32 - winypt32.dll

AppInit_DLLs: acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\zafar-opulentuz\application data\mozilla\firefox\profiles\g0exjm2o.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.opulentian.com/

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\zafar-opulentuz\application data\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\documents and settings\zafar-opulentuz\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\zafar-opulentuz\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R? Ambfilt;Ambfilt

R? cxpxtz;Shell Time

R? hwusbdev;Huawei DataCard USB PNP Device

R? McAfeeFramework;McAfee Framework Service

R? McShield;McAfee McShield

R? mfeavfk;McAfee Inc.

R? mfebopk;McAfee Inc.

R? mfehidk;McAfee Inc.

R? TeamViewer6;TeamViewer 6

R? UDisk Monitor;UDisk Monitor

R? ztemtusbser;ZTEMT Legacy Serial Communication

S? CtAudDrv;Provides advanced audio effects for audio devices.

S? CtClsFlt;Creative Camera Class Upper Filter Driver

S? L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller

S? McTaskManager;McAfee Task Manager

S? WinDefend;Windows Defender

.

=============== Created Last 30 ================

.

2011-11-28 16:52:15 388096 ----a-r- c:\documents and settings\zafar-opulentuz\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-11-28 16:52:14 -------- d-----w- c:\program files\Trend Micro

2011-11-28 16:26:45 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-11-28 16:26:40 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{979033ad-0dba-4585-93c2-1020078ba029}\offreg.dll

2011-11-28 16:26:38 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{979033ad-0dba-4585-93c2-1020078ba029}\mpengine.dll

2011-11-28 16:26:37 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-27 12:31:28 -------- d-----w- c:\documents and settings\zafar-opulentuz\application data\DriverCure

2011-11-27 12:31:27 -------- d-----w- c:\documents and settings\zafar-opulentuz\application data\SpeedyPC Software

2011-11-27 12:31:13 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software

2011-11-27 11:49:02 66560 ----a-w- c:\windows\WSOCK32.DLL

2011-11-27 11:35:43 -------- d-----w- C:\QUARANTINE

2011-11-27 11:31:11 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll

2011-11-27 11:31:11 -------- d-----w- c:\program files\common files\Cisco Systems

2011-11-27 11:30:52 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-11-27 11:30:52 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-11-27 11:30:52 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-11-27 11:30:51 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2011-11-27 11:30:51 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-11-27 11:30:33 -------- d-----w- c:\program files\McAfee

2011-11-27 11:30:33 -------- d-----w- c:\program files\common files\McAfee

2011-11-17 07:54:45 -------- d-----w- c:\documents and settings\zafar-opulentuz\local settings\application data\Help

2011-11-15 10:30:38 -------- d-----w- c:\windows\system32\appmgmt

2011-11-14 04:01:06 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-11-14 04:01:01 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-11-12 13:07:04 -------- d-sh--w- c:\documents and settings\zafar-opulentuz\local settings\application data\2b49c832

2011-11-12 10:15:12 -------- d-----w- c:\documents and settings\zafar-opulentuz\application data\OutWit

2011-11-05 10:51:40 -------- d-----w- c:\documents and settings\all users\application data\Lencom

2011-11-05 10:48:38 -------- d-----w- c:\documents and settings\zafar-opulentuz\application data\Lencom

2011-11-05 10:48:37 -------- d-----w- c:\program files\Lencom Software Inc

2011-11-05 10:48:37 -------- d-----w- c:\program files\common files\LencomShare

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-02 23:36:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-02 21:07:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 06:11:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 06:11:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 06:11:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 18:56:32 737280 ----a-w- c:\windows\iun6002.exe

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-01-08 19:14:16 1412063 --sh--r- c:\windows\system32\XP-D41D8CD9.EXE

.

============= FINISH: 22:40:44.32 ===============

attach.txt

dds.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.