Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Page redirection in Firefox


  • This topic is locked This topic is locked
2 replies to this topic

#1 johnnywayne

johnnywayne

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 05 January 2009 - 05:06 PM

When I search for any term in only in Yahoo and only in Firefox, sometimes the link will be redirected to another page. This other page is usually one of those pages that have a bunch of links to the original search term, but sometimes to Yahoo Hotjobs or Yellowpages. When this started it was because I accidentally ran an infected downloaded file. It was complete at first, meaning I couldn't get anywhere on the world wide innertubes. I ran various anti-badthings programs, this is all that's left.

If it makes any difference, It always redirects to an IP of 67.210.125.x before redirecting to the end page. Thanks in advance.

DDS (Version 1.1.0) - NTFSx86
Run by Owner at 16:02:56.71 on Mon 01/05/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2548 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ATT-SST] c:\program files\att-sst\mccibrowser.exe -appkey=att-sst -url=file://c:\program files\att-sst\ocb\f3af2771-2699-419b-bea5-491ce3f329b3\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=HOMEPAGE,FlowParams=
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Winamp Search
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\sqauecuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-17 24652]
R4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S0 DigiFilter;DigiFilter; [x]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2008-1-22 513152]
S3 MaplomL;MaplomL; [x]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 DigiNet;Digidesign Ethernet Support; [x]

=============== Created Last 30 ================

2009-01-03 12:28 <DIR> --d----- c:\program files\Eidos
2009-01-01 15:42 <DIR> --d----- c:\program files\Red Storm Entertainment
2009-01-01 13:57 <DIR> --d----- c:\program files\ATT-SST
2008-12-29 16:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-29 16:53 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-29 16:53 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2008-12-29 14:24 <DIR> --d----- c:\program files\Security Task Manager
2008-12-29 13:17 <DIR> --d----- c:\program files\Lavasoft
2008-12-28 23:39 178 a------- c:\windows\wininit.ini
2008-12-28 22:46 55,296 a------- c:\windows\system32\msqpdxinayilnr.dll
2008-12-28 22:46 <DIR> --dshr-- C:\resycled
2008-12-28 22:45 61,440 a------- c:\windows\system32\svch?st.exe
2008-12-28 22:42 <DIR> --d----- c:\program files\YASAMP4Converter
2008-12-24 13:54 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-24 13:54 2,337,865 a------- c:\windows\system32\pbsvc.exe
2008-12-24 13:54 107,832 a------- c:\windows\system32\PnkBstrB.exe
2008-12-24 13:54 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-19 21:56 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-18 14:52 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\SecuROM
2008-12-18 14:20 <DIR> --d----- C:\70c837ee81c2935cb7
2008-12-18 13:43 <DIR> --d----- c:\windows\system32\xlive
2008-12-18 13:43 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-18 12:57 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-12-12 18:08 <DIR> --d----- c:\program files\PhotomatixPro3
2008-12-11 17:56 <DIR> --d----- C:\a
2008-12-11 17:03 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-11 17:02 14,048 -------- c:\windows\system32\spmsg2.dll
2008-12-10 11:37 0 a------- c:\windows\popcreg.dat
2008-12-10 11:37 <DIR> --d----- c:\program files\PopCap Games
2008-12-08 13:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-08 13:09 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

==================== Find3M ====================

2008-12-24 13:54 22,328 ac------ c:\docume~1\owner\applic~1\PnkBstrK.sys
2008-12-11 18:44 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-30 17:44 0 a------- c:\windows\fonts\tubi____.pfm
2008-11-03 18:42 11,114 a------- c:\docume~1\alluse~1\applic~1\MainApp.dll
2008-11-03 18:38 87,608 ac------ c:\docume~1\owner\applic~1\inst.exe
2008-11-03 18:38 47,360 ac------ c:\docume~1\owner\applic~1\pcouffin.sys
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

============= FINISH: 16:03:08.06 ===============

Attached Files


Edited by johnnywayne, 05 January 2009 - 05:08 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:47 PM

Posted 19 January 2009 - 07:44 PM

Hello johnnywayne,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:47 PM

Posted 30 January 2009 - 02:51 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users