Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hyperlinks redirect


  • This topic is locked This topic is locked
3 replies to this topic

#1 frank_cheese

frank_cheese

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:07:15 AM

Posted 30 December 2008 - 06:51 AM

all my hyperlinks redirect to strange shopping sites, i have been watching where they are going to get the information and they are going to somewhere called www.copy-book.com. here is my dds file


DDS (Version 1.1.0) - NTFSx86
Run by elliot at 11:47:10.17 on 30/12/2008
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.191 [GMT 0:00]


============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Drivers\bwcsrv.exe
E:\Program Files\Executive Software\DiskeeperLite\DKService.exe
E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
E:\Program Files\Network Associates\VirusScan\Mcshield.exe
E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\tp4mon.exe
E:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
E:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Documents and Settings\elliot\My Documents\79036agplogo_S3\7-90-36\S3TRAYHP.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\elliot\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mRun: [TrackPointSrv] tp4mon.exe
mRun: [ShStatEXE] "e:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "e:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "e:\program files\common files\network associates\talkback\TBMon.exe"
StartupFolder: e:\docume~1\elliot\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\elliot\my documents\79036agplogo_s3\7-90-36\S3TRAYHP.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\elliot\applic~1\mozilla\firefox\profiles\1nt6rtp0.default\

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;e:\windows\system32\drivers\mvstdi5x.sys [2008-12-15 58464]
R2 bwcdrv;BUFFALO Wireless Configuration;e:\windows\system32\drivers\bwcdrv.sys [2003-12-21 19840]
R2 McAfeeFramework;McAfee Framework Service;"e:\program files\network associates\common framework\FrameworkService.exe" /ServiceStart [2008-12-15 98304]
R2 McShield;Network Associates McShield;"e:\program files\network associates\virusscan\Mcshield.exe" [2006-2-14 221191]
R2 McTaskManager;Network Associates Task Manager;"e:\program files\network associates\virusscan\VsTskMgr.exe" [2006-6-8 29184]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;e:\windows\system32\drivers\bcmwl5.sys [2005-7-11 372480]
R3 NaiAvFilter1;NaiAvFilter1;e:\windows\system32\drivers\naiavf5x.sys [2008-12-15 116864]

=============== Created Last 30 ================

2008-12-27 18:12 <DIR> --dshr-- E:\resycled
2008-12-27 18:12 255 ---shr-- E:\autorun.inf
2008-12-27 18:06 <DIR> --d----- e:\program files\uTorrent
2008-12-27 18:06 <DIR> --d----- e:\docume~1\elliot\applic~1\uTorrent
2008-12-27 18:01 <DIR> --d----- e:\program files\Executive Software
2008-12-19 17:33 <DIR> --d----- e:\documents and settings\elliot\temp
2008-12-17 16:38 <DIR> --d----- e:\program files\LSoft Technologies
2008-12-16 16:44 <DIR> --ds---- e:\documents and settings\elliot\UserData
2008-12-15 21:57 512 a------- e:\windows\randseed.rnd
2008-12-15 21:54 <DIR> --d----- e:\program files\common files\Cisco Systems
2008-12-15 21:54 116,864 a------- e:\windows\system32\drivers\naiavf5x.sys
2008-12-15 21:54 58,464 a------- e:\windows\system32\drivers\mvstdi5x.sys
2008-12-15 21:54 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Network Associates
2008-12-15 21:54 <DIR> --d----- e:\program files\Network Associates
2008-12-15 21:54 <DIR> --d----- e:\program files\common files\Network Associates
2008-12-13 13:51 664 a------- e:\windows\system32\d3d9caps.dat
2008-12-13 12:26 45,316 a------- e:\windows\system32\mssusr.dat
2008-12-13 12:26 8 a------- e:\windows\system32\msfffff2b7.dll
2008-12-13 12:26 221,184 a------- e:\windows\system32\ipsp.dll
2008-12-13 12:26 11,264 a------- e:\windows\system32\SPORDER.DLL
2008-12-13 12:26 1,009,136 a------- e:\windows\system32\MSCHRT20.OCX
2008-12-12 23:38 12,160 ac------ e:\windows\system32\dllcache\mouhid.sys
2008-12-12 23:38 12,160 a------- e:\windows\system32\drivers\mouhid.sys
2008-12-12 23:38 9,600 ac------ e:\windows\system32\dllcache\hidusb.sys
2008-12-12 23:38 9,600 a------- e:\windows\system32\drivers\hidusb.sys
2008-12-12 23:27 26,496 ac------ e:\windows\system32\dllcache\usbstor.sys
2008-12-12 21:45 <DIR> --d----- e:\windows\pss
2008-12-12 21:36 <DIR> --d----- e:\documents and settings\elliot
2008-12-12 21:35 <DIR> --ds---- e:\windows\system32\Microsoft
2008-12-12 21:34 8,192 a------- e:\windows\REGLOCS.OLD
2008-12-12 21:33 28,288 ac------ e:\windows\system32\dllcache\xjis.nls
2008-12-12 21:31 77,824 ac------ e:\windows\system32\dllcache\quick.ime
2008-12-12 21:30 233,527 ac------ e:\windows\system32\dllcache\imjprw.exe
2008-12-12 21:29 838,144 ac------ e:\windows\system32\dllcache\chtbrkr.dll
2008-12-12 21:28 20,540 ac------ e:\windows\system32\dllcache\admin.dll
2008-12-12 21:28 <DIR> --d----- e:\windows\system32\xircom
2008-12-12 21:28 2,577 a------- e:\windows\system32\CONFIG.NT
2008-12-12 21:28 0 a------- e:\windows\control.ini
2008-12-12 21:27 23,392 a------- e:\windows\system32\nscompat.tlb
2008-12-12 21:27 16,832 a------- e:\windows\system32\amcompat.tlb
2008-12-12 21:27 316,640 a------- e:\windows\WMSysPr9.prx
2008-12-12 21:26 <DIR> --dsh--- e:\documents and settings\all users\DRM
2008-12-12 21:26 <DIR> --d--r-- e:\windows\Offline Web Pages
2008-12-12 21:26 488 a---hr-- e:\windows\system32\WindowsLogon.manifest
2008-12-12 21:26 488 a---hr-- e:\windows\system32\logonui.exe.manifest
2008-12-12 21:26 <DIR> --ds---- e:\windows\Downloaded Program Files
2008-12-12 21:25 749 a---hr-- e:\windows\WindowsShell.Manifest
2008-12-12 21:25 749 a---hr-- e:\windows\system32\wuaucpl.cpl.manifest
2008-12-12 21:25 749 a---hr-- e:\windows\system32\sapi.cpl.manifest
2008-12-12 21:25 749 a---hr-- e:\windows\system32\nwc.cpl.manifest
2008-12-12 21:25 749 a---hr-- e:\windows\system32\ncpa.cpl.manifest
2008-12-12 21:25 749 a---hr-- e:\windows\system32\cdplayer.exe.manifest
2008-12-12 21:25 <DIR> --d-h--- e:\program files\WindowsUpdate
2008-12-12 21:25 4,399,505 ac------ e:\windows\system32\dllcache\nls302en.lex
2008-12-12 21:25 <DIR> --d----- e:\windows\system32\DirectX
2008-12-12 21:24 <DIR> --d----- e:\program files\common files\MSSoap
2008-12-12 21:22 <DIR> --d----- e:\program files\Online Services
2008-12-12 21:22 <DIR> --d----- e:\program files\Messenger
2008-12-12 21:22 <DIR> --d----- e:\program files\MSN Gaming Zone
2008-12-12 21:21 <DIR> --d----- e:\program files\Windows NT
2008-12-12 21:10 <DIR> --d----- e:\program files\common files\ODBC
2008-12-12 21:10 <DIR> --d----- e:\program files\common files\SpeechEngines
2008-12-12 21:09 <DIR> --d--r-- e:\documents and settings\all users\Documents

==================== Find3M ====================

2008-12-13 13:56 86,327 a------- e:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-12 21:22 21,640 a------- e:\windows\system32\emptyregdb.dat

============= FINISH: 11:47:32.07 ===============


please help!!!!
Failure is not an option, it comes as Standard with all Windows Operating Systems

BC AdBot (Login to Remove)

 


#2 frank_cheese

frank_cheese
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:07:15 AM

Posted 02 January 2009 - 08:01 AM

now my other system has the same problem, but the strangest thing is that this one has never downloaded anything from unreliable sources (reliable being things like itunes) i never would have downloaded anything potentially damaging onto this system. you will see 2 HDD's in the dds file, one is the 'Test' system (8GB) and one is the 'Live' system (30GB) this problem is on both systems, but they are both actually on the same hard disk, it has just been partitioned so that i could run 2 systems.

here is the dds file for the live system, i would prefer this to be sorted out before the other one...

DDS (Version 1.1.0) - NTFSx86
Run by elliot at 12:54:07.23 on 02/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.202 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Documents and Settings\elliot\My Documents\79036agplogo_S3\7-90-36\S3TRAYHP.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\elliot\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: System=kdcdt.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TrackPointSrv] tp4mon.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [c:\windows\system32\kdcdt.exe] c:\windows\system32\kdcdt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\elliot\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\elliot\my documents\stuff\deltemp.bat
StartupFolder: c:\docume~1\elliot\startm~1\programs\startup\shortc~2.lnk - c:\documents and settings\elliot\my documents\stuff\deltempint.bat
StartupFolder: c:\docume~1\elliot\startm~1\programs\startup\shortc~3.lnk - c:\documents and settings\elliot\my documents\79036agplogo_s3\7-90-36\S3TRAYHP.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: {0CDB868B-CE90-403B-BCA6-6154AB342014} = 85.255.112.166;85.255.112.185
TCP: {67462970-C714-423B-B060-14FFBBBE7359} = 85.255.112.166;85.255.112.185
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\elliot\applic~1\mozilla\firefox\profiles\ylneomtg.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-11-20 58464]
R2 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\bwcdrv.sys [2003-12-21 19840]
R2 McAfeeFramework;McAfee Framework Service;"c:\program files\network associates\common framework\FrameworkService.exe" /ServiceStart [2008-11-20 98304]
R2 McShield;Network Associates McShield;"c:\program files\network associates\virusscan\Mcshield.exe" [2006-2-14 221191]
R2 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\VsTskMgr.exe" [2006-6-8 29184]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\bcmwl5.sys [2005-7-11 372480]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2008-11-20 116864]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-25 27904]

=============== Created Last 30 ================

2008-12-27 18:12 255 ---shr-- C:\autorun.inf
2008-12-23 20:58 88 a------- c:\windows\wininit.ini
2008-12-23 11:38 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-23 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-22 19:13 202 a------- c:\windows\Chrome.uns
2008-12-22 18:55 200 a------- c:\windows\S3Audio.uns
2008-12-22 18:55 239 a------- c:\windows\Chrome4x.uns
2008-12-22 18:55 <DIR> --d----- C:\S3Graphics
2008-12-12 22:02 <DIR> --d----- c:\program files\Symantec
2008-12-04 21:17 <DIR> --dsh--- c:\documents and settings\elliot\PrivacIE
2008-12-04 21:02 81,920 a------- c:\windows\system32\ieencode.dll

==================== Find3M ====================

2008-11-26 18:29 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-25 21:29 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-22 10:24 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-20 19:21 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2008-11-20 16:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-28 22:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 a------- c:\windows\system32\DivX.dll

============= FINISH: 12:55:20.11 ===============


thanks in advance!
Failure is not an option, it comes as Standard with all Windows Operating Systems

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 10 January 2009 - 08:21 AM

Hello frank cheese,

I apologise for the delay, the forum is extremely busy.

here is the dds file for the live system, i would prefer this to be sorted out before the other one...

Please post HijackThis log from this system, which is installed on C:\ Drive, as per your post here.

You will have to open another thread for the system installed on e:\ Drive, and another helper will handle it.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 15 January 2009 - 01:35 PM

Due to the lack of feedback, this Topic is now closed and will not be reopened.
If you still need help, begin a new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users