Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Asiuoqgusdbaksd Redirects Ie Browser


  • Please log in to reply
2 replies to this topic

#1 Piombo

Piombo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 14 June 2008 - 11:21 AM

Background: I had fake popups saying I had infected computer and offering the cure. Any sites related to getting help were either blocked or redirected. I made a CD from a good computer and ran typical cleaners and scanners with success.
Had hard time with smitfraud-C.gp but finally got that one, too. SpyBot now is able to fix all problems.

However, remaining problem is the redirects and blocked security websites.

Clicking on either Yahoo and Google search results take you to random websites. asiuoqgusdbaksd.com quickly appears and then just random consumer websites of all kinds appear. The full temporary redirect is below, it is 2,076 characters long!

Directly typing in URLs of any security or anti-virus websites are blocked and you get "Internet Explorer cannot display the webpage"

Trying to install Micrsoft Defender and ActiveX prompt does not appear.

<http://asiuoqgusdbaksd.com/go.php?u=aHR0cDovLzY0LjExMS4xOTYuMTE3L2MucGhwP3M9ZU5vZGxFZlBzMEFTaEgtUXBaZGhoakFjdmdNMndXVGJnQW1YRlVNd05obE1zTVdQWC0tcTFTMlY2dFJWMHZQY2FZUTVibWZoYnIyaXR5V0ozeDM4QWY3X0I0QWRBb0FCUnpNMEFCems5a1N0aHlpd3gwd3QtM1Q5OTJfbi1UVGhFSjhLR1kyekZDU1FMMEFLdVZ5Z0lZdnpIUDBISVpBV0RNUHdQR0xZREtjb1Q5S0NoVXlSNTRRQVh0aHBib2Q3Ym5mS21nVnpSM2VpYUotb3hpdWNTTDdQYWF0SlpXQXFSaEdmVWh1dWs2c1hGempSY0NYVWdackRydVhXSTlWS1ZDbDFpRnJQOWlKUkFrbUJ2bENTZUM1bTU4cXg3VFExaXU3MDdZcVFXRklYSnYtaXIwSGNTSnV3eVpEM2RvcVJnWnZEZU9yV1lzU0tsNnlYR0piWnR0V3YwcFNSY29vM1lmUDgyckhuY1U1eVAxakktWFFZbkFGZDZHNXM0dGdnNlJJOEtsWDN1MnVLa1otY1ZiUVpyLTdUMlBXTlcyaGJKcTFJNlRHMVZrMTE2UzNIU2hNb082X1B4VzN2Ny0tZEoyR1lIdEtIOExFSXIxc0d3VDJybEVUdUxzWG9jZHVTODh0SHlvbllWM1ZmQzJNcGx0ZC1PeDRaSTRYNjZucE1XendPMVJqV2dRaUx6Sm1mZ3Y1OWYtdkhMYTVPN2VoTWo5UTBzaFhJUGg4YzA5dktCSTVqNTZOSWMxOENORGZzelhxamswRGJucjhQd2pHYzVheU4zWXZsczdmUGphTlprb2hQaUpQSXR6bEs2YThVWk11WnN2cGd3OGM2WGV2VE1QUlJYaGhHQnVVUXdxaDd2LWJIdWNTdThGSEpiUG5uSVU2WVNIeks3VU5IbUlBRVpJYWxQYS1pQmtKX09xOThvN1pmc0doTnNSVmtVWVU4YmpaTl9qZ0FHTDd5VVVmNFpHMVNHQ1NVTjZuMlhzTDEyNmVjU2V2a3NKQ1UtcVhRNmJRUDlYUHZEcGxmelRadWVKc194dUNxZmhtVzAwYmdtcEpBcHowV1BBVV85YzRKMmJKVU9HaXkxNHVsNXNvNUpsZ3FCd05uQ2hXdlZ5M28wbmVtYUFaVEhEOVlic1d1ZGdHY284eXZlYTBOazl5ODF1ck5zOHJXV3E4LTM4ckg2ck5wSkwzUGx5cS1yLUg3X2hSdDFQbFZlUTVIdXU2TGEzVXVRLTkydkVtVDA5TEdhSXdLNlM0M05UVDkwTUx0cjhwb0lqTllKTDVhZ1RzOGRiOXBCR3B4ci1NcE9jUVJCMjdzc3d4MDl3aHZweURMNWtvTkVJc3RzbHdTRU9PMXl0RzBEQmwzcG96WDRDcVBkUzZLd0d5al9xWTBaRXk3SjF2UU9GeTBnaTZKOE5uTzJMVDB1XzZPSi0wYm1LdHFTOEl6ODhUS0d5d2xPN3BvQ05qdUhyTlRPREh0R0F5LXJUN0ptN3NybWlCTWk1U01SX1RNdExibnRBU1dUdUE5SXVSb09BaGZlVThQUGJlRTRWbjIzWUdPZ3ZMVGV3Qy1RelBPdWRVS3ZEaVFEQlhkRnpSNVk1TjdTemduMXFiYjhxTi1HNTNucVZzckdkdExieWpzVDBYRzFESjBGbVI5bHJzMkpLSjFVeGk4cWM2Z2cwX3NiS2VvcTVlQmFRcDMxUW9pYzZ6NHRkOC1WYnFVbkxLNVUwaExxSm9vdUppSTZWbzZEYVdUcWxKWGUzdEJWVHBTaF9laDRUTURJN2FIVkh3NWNEM3JxRFVDMG1yazZSdjgyeUh6UjdPXzVmNW9odHQzSHY0aDdnOGlfSWZoRHZZZnJUS1VJYk8yTzRLT2ZRVGxPWUxDLS1mOGIzYTBfOVFuYmU3ZlZCWG1XTDNQMlltdTRtRHJmMHdCWmxQUGNZUF83VUtPRWtKeWhpWkpfc01uemVaY1RtY0N6cE9jSjRVZ19CZjZETmFp>



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:15, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\smit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.armstrongmywire.com/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape

Web Accelerator\pbhelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSI Loader] C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe /PRNDRV
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -

boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft

Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe

--
End of file - 5285 bytes

Edited by Orange Blossom, 14 June 2008 - 09:46 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 Piombo

Piombo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 21 June 2008 - 09:16 PM

Windows has a built in way to restore your computer. It is called System Restore.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:37 AM

Posted 22 June 2008 - 07:56 PM

Piombo?

Are you telling us you have fixed your problem and no longer need HJT assistance here?

If you still need help, I'll cut away these last two posts to return your log to the queue for HJT help.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users