[RESOLVED] Possible spyware/webpage redirection in Yahoo mail

Printable View

Show 40 post(s) from this thread on one page

January 15th, 2011, 08:59 PM
Broni

Yes, please.

Good news though :)

As I said before, some infections present on your computer may infect your router.
This was your issue:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.146 213.109.77.21 1.1.1.1
IP addresses in bold belong to known Russian hijacking site.
January 15th, 2011, 09:06 PM
zachary720

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
January 15th, 2011, 09:08 PM
Broni

All good there :)
January 15th, 2011, 09:08 PM
zachary720

OK it says out of date Java. I just installed it last weekend and it's out of date already.

I will run ESET soon. I need a break from the puter for a bit...LOL

Thank you so much for helping me. I really really appreciate it :-)

Sandy
January 15th, 2011, 09:12 PM
zachary720

OH no...just noticed the IP addresses you posted.

They were in the settings for the router
And I put them back in.
Static DNS 1 213.109.64.146
Static DNS 2 213.109.77.21
Static DNS 3 1.1.1.1
January 15th, 2011, 09:16 PM
Broni

Your Java is fine.

Quote:

And I put them back in.

Huh?
January 15th, 2011, 09:18 PM
zachary720

The settings for my router when I go configure it. i have to enter the host, domain etc. Those static DNS addresses were in the settings and I entered them back in. I wonder if I call my helpline for my dsl if they can make sure I got the right numbers in the router setup.
January 15th, 2011, 09:24 PM
Broni

Remove settings, you just entered.
There should be an option to let them being set automatically.
January 15th, 2011, 09:25 PM
zachary720

OK I will
January 15th, 2011, 09:31 PM
Broni

Let me know...

When done....

Go Start>Run ("Start search" in Vista and Win 7), type in:
cmd
Click OK (hit Enter in Vista and Win 7).

At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
Hit Enter.

Copy and paste what you see in Notepad into a Reply here.
January 15th, 2011, 10:15 PM
zachary720

I called the help desk for my DSL...Thank God they are 24/7. He gave me the correct Static DNS settings. Now you don't think I need to run the OTL again? Just scared with having the wrong settings in there.

Windows IP Configuration

Host Name . . . . . . . . . . . . : sandy

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ltis.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ltis.net

Description . . . . . . . . . . . : CNet PRO200 PCI Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-08-A1-89-F7-DC

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 213.109.64.146

213.109.77.21

1.1.1.1

Lease Obtained. . . . . . . . . . : Saturday, January 15, 2011 7:54:52 PM

Lease Expires . . . . . . . . . . : Sunday, January 16, 2011 7:54:52 PM
January 15th, 2011, 10:25 PM
Broni
That looks good :)

Since you ran Eset yesterday, try this one.
It should be faster.

Please run a BitDefender Online Scan
- Disable your antivirus program.
- Click Start Scanner button.
- Click Free scan now button
- Allow browser plug-in to be installed when prompted.
- Click I Agree to agree to the EULA.
- Please refrain from using the computer until the scan is finished.
- When the scan is finished, click on View report.
- Notepad will open with scan results.
- Save the report to your desktop and post its content in your next reply.
January 15th, 2011, 10:30 PM
zachary720

Think i ran that one also...LOL Did so many scans I can't remember. I will run Bitdefender again.
January 15th, 2011, 10:31 PM
Broni

Just for a peace of mind :)
January 15th, 2011, 11:21 PM
zachary720

QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Sat Jan 15 21:51:35 2011
Machine ID: 482E80A0

No infection found.
-------------------

Processes
---------
(verified) avast! Antivirus 1176 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(verified) avast! Antivirus 1736 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(verified) Firefox 3128 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 3540 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Java(TM) Platform SE 6 U23 820 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Microsoft® Visual Studio .NET 864 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(verified) Microsoft® Windows® Operating System 1684 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2404 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 488 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 568 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 432 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1580 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 372 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 720 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 908 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 972 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 512 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 3372 C:\WINDOWS\system32\wscntfy.exe
(verified) Windows Defender 848 C:\Program Files\Windows Defender\MsMpEng.exe

Network activity
----------------
Process firefox.exe (3128) connected on port 80 (HTTP) --> 204.2.228.147
Process firefox.exe (3128) connected on port 80 (HTTP) --> 204.2.228.147
Process firefox.exe (3128) connected on port 443 (HTTP over SSL) --> 64.233.169.95
Process firefox.exe (3128) connected on port 80 (HTTP) --> 204.2.228.147
Process firefox.exe (3128) connected on port 80 (HTTP) --> 66.220.149.18

Process svchost.exe (768) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
(verified) avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows Defender C:\Program Files\Windows Defender\MpCmdRun.exe
(verified) Windows Defender c:\program files\windows defender\mpshhook.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
(unsigned) Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(verified) BitDefender QuickScan C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\hfcr2zbk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
(verified) BitDefender QuickScan C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\hfcr2zbk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) BitDefender QuickScan C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\hfcr2zbk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)
(verified) Java Deployment Toolkit 6.0.230.5 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java(TM) Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U23 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) PokerStars C:\Program Files\PokerStars.TEST\PokerStarsUpdate.exe
(verified) sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Missing files
-------------
File not found: C:\DOCUME~1\Sandra\LOCALS~1\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"

File not found: system32\DRIVERS\TMPassthru.sys
--> HKLM\System\ControlSet001\services\TMPassthruMP\"ImagePath"

Scan
----
(unsigned) MD5: ee59670184fb23059efabc2613495ce6 C:\Program Files\Alwil Software\Avast5\defs\11011401\algo.dll
(unsigned) MD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: e72b70c57c4229d339fe110951932392 C:\Program Files\Mozilla Firefox\freebl3.dll
(unsigned) MD5: 3d07aceebe516a561767117c43088f2c C:\Program Files\Mozilla Firefox\nssdbm3.dll
(unsigned) MD5: 2935447938967fdd07dd9118dfb4afb2 C:\Program Files\Mozilla Firefox\softokn3.dll
(unsigned) MD5: 2bc650257fb0867abd54fd460ec2bafc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
(unsigned) MD5: 16d7ddf3b659f7cf1cb9f4dcff4219f0 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

No file uploaded.

Scan finished - communication took 30 sec
Total traffic - 0.03 MB sent, 635.25 KB recvd
Scanned 858 files and modules - 114 seconds

==============================================================================

Show 40 post(s) from this thread on one page