Yahoo & Google search hijacked, now also getting sketchy Yahoo login screen

Solved
By Steelhead99
May 22, 2011
Topic Status:
Not open for further replies.
  1. Steelhead99

    Steelhead99 Newcomer, in training Topic Starter Posts: 52

    Un-freaking believeable. I ran the scan, .... saved the results .... went to my e-mail to find this thread again so I could post the results. I opened a link from a google alert and the damned thing had returned.

    Son of a ..... well here's the log .... back to the fake Google site and the 302 Moved ... son of a ...



    QuickScan Beta 32-bit v0.9.9.93
    -------------------------------
    Scan date: Thu May 26 03:11:35 2011
    Machine ID: 60A0226C



    No infection found.
    -------------------



    Processes
    ---------
    (unsigned) DesktopWeather.exe 2592 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    (unsigned) Device Detector 3 1520 C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    (unsigned) HP Wireless Assistant 2688 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    (unsigned) InstallShield Update Service 764 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (unsigned) Linksys Instant WLAN Monitor 4188 C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
    (unsigned) NaturalReader Ver 9.0 968 C:\Program Files\NaturalSoft\naturalreader9\NaturalReader9.exe
    (unsigned) Odyssey COM Host 3972 C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    (unsigned) PhilipsDeviceListener.exe 3124 C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    (unsigned) TeaTimer.exe 2412 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    (unsigned) WDDMStatus.exe 472 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

    (verified) hpwuSchd Application 816 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (verified) Dragon NaturallySpeaking 4448 C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
    (verified) Dropbox 3980 C:\Users\GHMonroe\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (verified) Firefox 5676 C:\Program Files\Mozilla Firefox\firefox.exe
    (verified) Firefox 5580 C:\Program Files\Mozilla Firefox\plugin-container.exe
    (verified) HP Quick Launch Buttons 380 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    (verified) HP QuickPlay 4036 C:\Program Files\HP\QuickPlay\QPService.exe
    (verified) HP QuickTouch On Screen Display 2260 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    (verified) HP Wireless Assistant 2416 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (verified) HpqToaster Module 2636 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    (verified) Microsoft Security Client 1340 C:\Program Files\Microsoft Security Client\msseces.exe
    (verified) Microsoft® Windows® Operating System 3156 C:\Program Files\Windows Sidebar\sidebar.exe
    (verified) Microsoft® Windows® Operating System 3836 C:\Windows\ehome\ehmsas.exe
    (verified) Microsoft® Windows® Operating System 1424 C:\Windows\ehome\ehtray.exe
    (verified) Microsoft® Windows® Operating System 3752 C:\Windows\explorer.exe
    (verified) Microsoft® Windows® Operating System 3664 C:\Windows\System32\dwm.exe
    (verified) Microsoft® Windows® Operating System 4576 C:\Windows\System32\mobsync.exe
    (verified) Microsoft® Windows® Operating System 2932 C:\Windows\System32\rundll32.exe
    (verified) Microsoft® Windows® Operating System 3648 C:\Windows\System32\taskeng.exe
    (verified) Microsoft® Windows® Operating System 2368 C:\Windows\System32\wuauclt.exe
    (verified) Seagate FreeAgent™ Application 3232 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    (verified) Synaptics Pointing Device Driver 4016 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (verified) Yahoo! Messenger 3816 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


    Network activity
    ----------------
    Process YahooMessenger.exe (3816) connected on port 5050 (Yahoo Messenger) --> 67.195.187.148
    Process YahooMessenger.exe (3816) connected on port 5050 (Yahoo Messenger) --> 98.138.26.49
    Process Dropbox.exe (3980) connected on port 80 (HTTP) --> 174.36.30.11
    Process firefox.exe (5676) connected on port 80 (HTTP) --> 69.63.190.22

    Process YahooMessenger.exe (3816) listens on ports: 5101 (Yahoo Messenger)
    Process Dropbox.exe (3980) listens on ports: 17500


    Autoruns and critical files
    ---------------------------
    (unsigned) CEEment C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
    (unsigned) DesktopWeather.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    (unsigned) Device Detector 3 C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    (unsigned) Google Talk C:\Users\GHMonroe\AppData\Roaming\Google\Google Talk\googletalk.exe
    (unsigned) HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    (unsigned) InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (unsigned) InstallShield Update Service C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    (unsigned) Microsoft Office 2000 C:\Program Files\Microsoft Office\Office\OSA9.EXE
    (unsigned) PhilipsDeviceListener.exe C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    (unsigned) Startup Application C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
    (unsigned) TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    (unsigned) WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

    (verified) hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    (verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (verified) Dropbox C:\Users\GHMonroe\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (verified) Google Update C:\Users\GHMonroe\AppData\Local\Google\Update\GoogleUpdate.exe
    (verified) HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    (verified) HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    (verified) HP QuickPlay C:\Program Files\HP\QuickPlay\QPService.exe
    (verified) HP QuickTouch On Screen Display C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    (verified) HP Total Care Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (verified) HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (verified) Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
    (verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
    (verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
    (verified) Microsoft® Windows® Operating System C:\Windows\Speech\Common\sapisvr.exe
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\oobefldr.dll
    (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    (verified) NVIDIA Compatible Windows Vista Display C:\Windows\system32\NvCpl.dll
    (verified) NVIDIA Media Center Library C:\Windows\System32\nvmctray.dll
    (verified) QuickTime C:\Program Files\QuickTime\QTTask.exe
    (verified) Seagate FreeAgent™ Application C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    (verified) SSBkgdUpdate C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
    (verified) SSEreg C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe
    (verified) StartMen Application C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
    (verified) SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (verified) Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    (verified) Windows Live® Photo Gallery C:\Windows\WLXPGSS.SCR
    (verified) Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
    (verified) Windows® Internet Explorer C:\Windows\System32\webcheck.dll
    (verified) Yahoo! Messenger C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


    Browser plugins
    ---------------
    (unsigned) CouponNetwork Coupon Activator Netscape C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    (unsigned) CouponNetwork Coupon Activator Netscape C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
    (unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    (unsigned) InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
    (unsigned) Java(TM) Platform SE 6 U25 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    (unsigned) The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    (unsigned) The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
    (unsigned) TODO: <Product name> C:\Users\GHMonroe\AppData\Roaming\Mozilla\Firefox\Profiles\ymcl2t3p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    (unsigned) Turner Media Plugin 1.0.0.10 C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
    (unsigned) unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe

    (verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
    (verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    (verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    (verified) AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll
    (verified) BitDefender QuickScan C:\Users\GHMonroe\AppData\Roaming\Mozilla\Firefox\Profiles\ymcl2t3p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    (verified) BrowserPlus (from Yahoo!) v2.9.8 C:\Users\GHMonroe\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    (verified) Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    (verified) Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    (verified) DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    (verified) DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    (verified) DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    (verified) DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    (verified) Google Talk Plugin C:\Users\GHMonroe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    (verified) Google Talk Plugin Video Accelerator C:\Users\GHMonroe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    (verified) Google Update C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    (verified) Google Update C:\Users\GHMonroe\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    (verified) Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    (verified) GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
    (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
    (verified) Java Deployment Toolkit 6.0.250.6 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    (verified) Java Deployment Toolkit 6.0.250.6 C:\Program Files\Mozilla Firefox\plugins\RENB0AD.tmp
    (verified) Java(TM) Platform SE 6 U25 c:\program files\java\jre6\bin\jp2ssv.dll
    (verified) Java(TM) Platform SE 6 U25 c:\program files\java\jre6\bin\ssv.dll
    (verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    (verified) Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
    (verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
    (verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    (verified) QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    (verified) SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    (verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    (verified) Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
    (verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    (verified) Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    (verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll
    (verified) Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
    (verified) Yahoo! activeX Plug-in Bridge C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
    (verified) Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
    (verified) Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll


    Missing files
    -------------
    File not found: "c:\program files\naturalsoft\naturalreader9\nvrshowbar.dll"
    --> HKLM\Software\Classes\CLSID\{127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0}\InprocServer32\"(default)"

    File not found: mscoree.dll
    --> HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\InprocServer32\"(default)"


    Scan
    ----
    (unsigned) MD5: 80adc6cd7bd62465176d977790978463 C:\Program Files\Common Files\Funk Software\dcfDOM.dll
    (unsigned) MD5: 7749435a99241edda2ef13837e74de99 C:\Program Files\Common Files\Funk Software\dcfLibrary.dll
    (unsigned) MD5: 86726284e66cc57530a853ccab5bc6e3 C:\Program Files\Common Files\Funk Software\odCert_M.dll
    (unsigned) MD5: 1fff4cf41cac565ecfc7e6f5fbc18a63 C:\Program Files\Common Files\Funk Software\odLib_OSSL.dll
    (unsigned) MD5: d2aeadfd998706b4216315b2bd3fa79e C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (unsigned) MD5: 984bcccfd8195f216b73668ad3f6d896 C:\Program Files\Funk Software\Odyssey Client\OdService.dll
    (unsigned) MD5: 67117bc955e96dc201265fd5dbeb0223 C:\Program Files\Funk Software\Odyssey Client\odServiceDialogs.dll
    (unsigned) MD5: b467f25a60fba5378b0135a80cc142c1 C:\Program Files\Funk Software\Odyssey Client\odServiceResource0009.dll
    (unsigned) MD5: 30c11d027da6df390772146490273fd1 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    (unsigned) MD5: 816acb76ec72adcb58ec90d275f9feb6 C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
    (unsigned) MD5: a19b0bb5a7eb6df2dd4a0711d36955ee c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    (unsigned) MD5: d8774ace03b46c9b01a49818055f9ad4 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    (unsigned) MD5: b8af02700299cd308046bb9339165813 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    (unsigned) MD5: f8a72aaa21018bbfc334c421fec53f15 C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
    (unsigned) MD5: 04c1dcbb226c6ae647b794833ce3ceb6 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (unsigned) MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\HP\QuickPlay\MFC71.dll
    (unsigned) MD5: abe4e77ed9dad0664404353e2fc2d52a C:\Program Files\Internet Explorer\AcaTts.dll
    (unsigned) MD5: afab43cedf9a5df1f24e6cea1703e8e7 C:\Program Files\Internet Explorer\AcaTtsSapi5.dll
    (unsigned) MD5: ed5394c852ae873d5a67e14e8049881d C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    (unsigned) MD5: bc3e9869072d598c8423e75185a7219d C:\Program Files\Linksys\Wireless-G Notebook Adapter\BMWL3.dll
    (unsigned) MD5: 8c5c6769b35f058396dbd63c856646b5 C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    (unsigned) MD5: e7684929d4dad95c7c631fab77100137 C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
    (unsigned) MD5: 5589810bd17e80e8b8ad76861bbf9cee C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
    (unsigned) MD5: fea4537f2577210a94edce9e7df57d60 C:\Program Files\Microsoft Office\Office\OSA9.EXE
    (unsigned) MD5: 5d10887c550ab149a7d0e0c2438b8655 C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    (unsigned) MD5: 1c821d2aa3213ad4eccd479dec3f67b4 C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    (unsigned) MD5: dab9f2a91582c18c09740ceff4f2e3fa C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
    (unsigned) MD5: 0633acdf6934b7e44e65acbd795b6c6f C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
    (unsigned) MD5: eed2ce7bd9e43b8500d906d944460d22 C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
    (unsigned) MD5: 9f1d0c76230e1bbecd2432886fbe6349 C:\Program Files\NaturalSoft\kate\lib\voicetext_eng.dll
    (unsigned) MD5: 98e7a807060efb407a83af76c245c472 C:\Program Files\NaturalSoft\kate\lib\voicetextengsapi50.dll
    (unsigned) MD5: abe4e77ed9dad0664404353e2fc2d52a C:\Program Files\NaturalSoft\naturalreader9\AcaTts.dll
    (unsigned) MD5: afab43cedf9a5df1f24e6cea1703e8e7 C:\Program Files\NaturalSoft\naturalreader9\AcaTtsSapi5.dll
    (unsigned) MD5: 4f55791ce0be765057b35cc026c4f514 C:\Program Files\NaturalSoft\naturalreader9\Interop.NCTAUDIOFILE2Lib.dll
    (unsigned) MD5: ab4a2257cb0b3e2d36eccc5b1698a953 C:\Program Files\NaturalSoft\naturalreader9\Interop.NCTAUDIOPLAYER2Lib.dll
    (unsigned) MD5: 323fb0da099497c403faf1922487bd52 C:\Program Files\NaturalSoft\naturalreader9\Interop.NCTAUDIORECORD2Lib.dll
    (unsigned) MD5: 72953d49c0327ccdacfb151d76798d28 C:\Program Files\NaturalSoft\naturalreader9\Interop.NCTAUDIOTRANSFORM2Lib.dll
    (unsigned) MD5: e6a4d5d3be74aa92039f2072f551fcd0 C:\Program Files\NaturalSoft\naturalreader9\Interop.SpeechLib.dll
    (unsigned) MD5: 8893e9d0230de72ed103229435d96d8c C:\Program Files\NaturalSoft\naturalreader9\NaturalReader9.exe
    (unsigned) MD5: 71b309008a98526ae3c9cb9dde253af7 C:\Program Files\NaturalSoft\naturalreader9\NCTAudioFile2.dll
    (unsigned) MD5: 8d3d0ae1f271f69ac33ec77bdbaf052a C:\Program Files\NaturalSoft\naturalreader9\NCTAudioPlayer2.dll
    (unsigned) MD5: 76d493679cbbb347bc7c8197f0ffacec C:\Program Files\NaturalSoft\naturalreader9\NCTAudioRecord2.dll
    (unsigned) MD5: 8e06c7ad86a375b91f9053aeba65c6f4 C:\Program Files\NaturalSoft\naturalreader9\NCTAudioTransform2.dll
    (unsigned) MD5: 7d929116d4b6f80ce321eb5782c468ad C:\Program Files\Nuance\NaturallySpeaking10\Program\sas7_000.dll
    (unsigned) MD5: a9e9abd491ac5dc57e47f44ce3d13d8f C:\Program Files\Nuance\NaturallySpeaking10\Program\wfapi.dll
    (unsigned) MD5: 90e0700bd59a4a9780243f986b25ffaa C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    (unsigned) MD5: fad2fa4ef99f1da2cc0bb2d7da68fc4c C:\Program Files\Olympus\DeviceDetector\DevDtctResource.dll
    (unsigned) MD5: 7b2fb514d71fd9c5bffb5443db4551fe C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    (unsigned) MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    (unsigned) MD5: e092e182dc2bd52295fb652fede8c267 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    (unsigned) MD5: 550eb4d56f953b8210cca83b7d2b8924 C:\Program Files\The Weather Channel FW\Desktop\wxfw.dll
    (unsigned) MD5: a787a567b3470c91c487ece90cf7509c C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    (unsigned) MD5: b30940e39d5b3218958dbd2ea3d13bcb C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    (unsigned) MD5: dbbab783009fbdf69b222641bb7831ae C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    (unsigned) MD5: c543397e4fd71a79679b18f35fbd7fdf C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    (unsigned) MD5: 7b84c1945a60c43ee10d20c4890eafee C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WdNetworkDiscovery.dll
    (unsigned) MD5: 92b404ba9a60550dc6b6a00cdf324ad9 C:\Program Files\Yahoo!\Messenger\ConnectionWizard.dll
    (unsigned) MD5: ff75659cbc7965c926c12c030443b3b4 C:\Program Files\Yahoo!\Messenger\core_video.dll
    (unsigned) MD5: 83e1bd5947fed0b9f2bfc7836e3bb8ac C:\Program Files\Yahoo!\Messenger\ft60.dll
    (unsigned) MD5: 3220206475b06008e8c2a1476ee3c1be C:\Program Files\Yahoo!\Messenger\nspr4.dll
    (unsigned) MD5: 3f6095530d69f67314248c32798ea21e C:\Program Files\Yahoo!\Messenger\resources\en-US\res_msgr.dll
    (unsigned) MD5: e94fea490728ccee37fd5168982d4a84 C:\Program Files\Yahoo!\Messenger\RGX.dll
    (unsigned) MD5: 525137cac21fcf94e5e2778e9335b40a C:\Program Files\Yahoo!\Messenger\rmc_audio.dll
    (unsigned) MD5: 2682ca3309cd35622f2831d772e12b0c C:\Program Files\Yahoo!\Messenger\rmc_video.dll
    (unsigned) MD5: 1215326c3f11ed9874de189f12d58aa6 C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll
    (unsigned) MD5: ccb32aeeea47c89cdf072a1253091dcc C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
    (unsigned) MD5: e63a7aabb533d0baf69b2e2234864e4c C:\Program Files\Yahoo!\Messenger\YCPSSL.dll
    (unsigned) MD5: 971c7067694cab9486a3860fd19f7f87 C:\Program Files\Yahoo!\Messenger\YHTTP.dll
    (unsigned) MD5: e166b98de88e207e2f0cef8bdcf0cd73 C:\Program Files\Yahoo!\Messenger\YImage.dll
    (unsigned) MD5: 00d61435683a805a861d75d07b5a4783 C:\Program Files\Yahoo!\Messenger\YIniDom.dll
    (unsigned) MD5: 39da9b01e6a88eec314137dded6cc288 C:\Program Files\Yahoo!\Messenger\ylog.dll
    (unsigned) MD5: 05d9c84f8d236adaa0372e4b74afc9cb C:\Program Files\Yahoo!\Messenger\ymdm_audio.dll
    (unsigned) MD5: 3963e5ffe9d20bdb9458e8511c85da1e C:\Program Files\Yahoo!\Messenger\ymdm_video.dll
    (unsigned) MD5: 3cc7926a5f9fa6d919023b088b5c628c C:\Program Files\Yahoo!\Messenger\Yml.dll
    (unsigned) MD5: 79e431ea8da670d4dbff9deea8df35dd C:\Program Files\Yahoo!\Messenger\ymsdk.dll
    (unsigned) MD5: 7ae55dfd1bbcf8a6c6ddb2e92a5be5f8 C:\Program Files\Yahoo!\Messenger\ymsglite.dll
    (unsigned) MD5: 26a3565ba2db42aa101333b629064620 C:\Program Files\Yahoo!\Messenger\ypagerps1.DLL
    (unsigned) MD5: 01bb6793d8f7b1f23840082604d2e748 C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll
    (unsigned) MD5: a3981755fbf4ca6ed591e716855ed58f C:\Program Files\Yahoo!\Messenger\yui.dll
    (unsigned) MD5: a379b75a6ffe4dfd3184f35f0141ce91 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    (unsigned) MD5: 20b69ae35a60abf55acb55cf0a81fc2e C:\PROGRA~1\Nuance\NATURA~1\Program\stlport.5.0.dll
    (unsigned) MD5: 6d74290856347cf8682277a54b433d4b C:\Users\GHMonroe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    (unsigned) MD5: 0b02d9aa67eea2c5524943b69418512e C:\Users\GHMonroe\AppData\Roaming\Dropbox\bin\Python25.dll
    (unsigned) MD5: bcd9cbf0621f9a6767276a2e0bf1dd15 C:\Users\GHMonroe\AppData\Roaming\Google\Google Talk\googletalk.exe
    (unsigned) MD5: 78d4896db266107319ce6ff7d5da9727 C:\Users\GHMonroe\AppData\Roaming\Mozilla\Firefox\Profiles\ymcl2t3p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    (unsigned) MD5: 473eb1b6e965a9e1d06748099782535e C:\Windows\assembly\GAC_MSIL\TTSBundlingNet\2.0.2958.27934__4b827ebe229d539f\TTSBundlingNet.dll
    (unsigned) MD5: 54de8db9e4fffa40afb9e70181acb467 C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8a9c5b28b8dad1f360de1380ba72446a\Accessibility.ni.dll
    (unsigned) MD5: e06dee80bc24b511204cfd6251490520 C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\092fc27b89b03b118faf6c235aa3766a\CustomMarshalers.ni.dll
    (unsigned) MD5: 3643e0aef0a48eabd92d33631931090b C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\58bea48c9d09de96a11ddc58e75245e3\Microsoft.VisualBasic.ni.dll
    (unsigned) MD5: 63b54b7f8f1688be5e5e50c73d730605 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\70df10917822b8ef1379b9820e7281c1\mscorlib.ni.dll
    (unsigned) MD5: f846fdfe10b42039f3c82ef524b7a733 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fb9f4da6dd18b147baca425a0f5fe3b5\System.Configuration.ni.dll
    (unsigned) MD5: e3e658c11554fe9871a05b27bfd0097f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e9f88677c9a7357c3ce76cdaae8d4654\System.Drawing.ni.dll
    (unsigned) MD5: 3d18c2df766f0840353155fd77c283d6 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\95b780b82a20fb7c463b78f034329df5\System.Runtime.Remoting.ni.dll
    (unsigned) MD5: 46931f15f70ddc71ea764f4fd1234558 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd2b1592d28bd0eed480f40d5f63b86c\System.Windows.Forms.ni.dll
    (unsigned) MD5: a1ebd57ccc5ff2eb30fd222a4431b37c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7b1cc9a5490437cd5c0d5fb5ea3c0e34\System.Xml.ni.dll
    (unsigned) MD5: 1c028b64dd9c708406dfb0a7c7892bd8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d55579c9c2c8ca58c6379eda52a97c9e\System.ni.dll
    (unsigned) MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\Windows\Downloaded Program Files\isusweb.dll
    (unsigned) MD5: 6f678556a6fce04fc94f3435f6313705 C:\Windows\Downloaded Program Files\unagiuninst.exe
    (unsigned) MD5: 2f8c18e8e067f6b84bf8c6c482862a70 C:\Windows\Speech\vcmshl.dll
    (unsigned) MD5: abe4e77ed9dad0664404353e2fc2d52a C:\Windows\System32\AcaTts.dll
    (unsigned) MD5: afab43cedf9a5df1f24e6cea1703e8e7 C:\Windows\System32\AcaTtsSapi5.dll
    (unsigned) MD5: 248dfa5762dde38dfddbbd44149e9d7a C:\Windows\system32\drivers\BVRPMPR5.sys
    (unsigned) MD5: ae01e1ed5a81e0d268b91b4a6de5a872 C:\Windows\system32\DRIVERS\VNUSB.sys
    (unsigned) MD5: 4a1e87c018f7cdd05c9e080991c1c354 C:\Windows\System32\DW90USB.DLL
    (unsigned) MD5: 69c503c004f49aee8b8e3067cc047ba7 C:\Windows\system32\HPZinw12.dll
    (unsigned) MD5: 12b4549d515cb26bb8d375038017ca65 C:\Windows\system32\HPZipm12.dll
    (unsigned) MD5: a9117f57d940498c6230b4c49d2c7c77 C:\Windows\System32\OdiAPI.dll
    (unsigned) MD5: bffe6b72ad586b066472c8a9f99cc08e C:\Windows\System32\OdiOlDVR.dll
    (unsigned) MD5: 6ecab4b8456b2eedfa298843691a04b3 C:\Windows\System32\STRDEVAPI.dll
    (unsigned) MD5: b510912aabb9dff2713dc7e64ca2c476 C:\Windows\System32\VNUSB.dll
    (unsigned) MD5: d60c7a2cdc8110bb62a43a5c97b4fcca C:\Windows\System32\W32N50CT.dll
    (unsigned) MD5: 4928ab3a304ddf05c354de3807a4a66b C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80.dll
    (unsigned) MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll


    No file uploaded.

    Scan finished - communication took 4 sec
    Total traffic - 0.06 MB sent, 1.47 KB recvd
    Scanned 1411 files and modules - 539 seconds

    ==============================================================================
  2. Broni

    Broni Malware Annihilator Posts: 46,393   +252

    Possibly, you got reinfected, but before we go there let's try to reset your router...

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
  3. Steelhead99

    Steelhead99 Newcomer, in training Topic Starter Posts: 52

    Followed steps, Router seems to have been reset. Note that router name seems to have been changed. I had to change the default name of the internet connection to which I connect at startup. I am perhaps the LEAST technical person on earth, but was fortunately just barely technical enough to know to check that and connect to the seemingly new connection. You might add that note that your router might be renamed in this step.

    Problem seems to be gone again (man my head is spinning now) had the problem buried itself in the ROUTER too? Wow.
  4. Steelhead99

    Steelhead99 Newcomer, in training Topic Starter Posts: 52

    ... and redirecting appears to be cured again as well. Man this is odd.
  5. Broni

    Broni Malware Annihilator Posts: 46,393   +252

    Routers do get infected.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  6. Steelhead99

    Steelhead99 Newcomer, in training Topic Starter Posts: 52

    OTL Scrip has been run. Here is the log ...

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: GHMonroe
    ->Temp folder emptied: 4234366 bytes
    ->Temporary Internet Files folder emptied: 26657254 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 175987989 bytes
    ->Flash cache emptied: 4133 bytes

    User: OZ
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 101547671 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 813568 bytes

    Total Files Cleaned = 295.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: GHMonroe
    ->Flash cache emptied: 0 bytes

    User: OZ
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.23.0 log created on 06012011_041355

    Files\Folders moved on Reboot...
    C:\Users\GHMonroe\AppData\Local\Temp\ehmsas.txt moved successfully.
    C:\Windows\temp\WebEx\Log\531\atashost.log moved successfully.

    Registry entries deleted on Reboot...


    On to the next step.
  7. Broni

    Broni Malware Annihilator Posts: 46,393   +252

    Whenever ready....
  8. Steelhead99

    Steelhead99 Newcomer, in training Topic Starter Posts: 52

    All appears to be well. But then there is the bad news for you... Can we fix my backup PC next?
  9. Broni

    Broni Malware Annihilator Posts: 46,393   +252

    We sure can, but you'll have to create new topic about it.

    For this one...good luck and stay safe :)
  10. Steelhead99

    Steelhead99 Newcomer, in training Topic Starter Posts: 52

    Thanks so much.
  11. Broni

    Broni Malware Annihilator Posts: 46,393   +252

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.