Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Browser is re-directing me in I.E. 6


  • This topic is locked This topic is locked
2 replies to this topic

#1 kovax

kovax

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 18 January 2009 - 02:11 AM

I am in Trouble ......I must have gotten a virus because my Browser redirects all my sites that I enter into the address bar. I try to update Microsoft and am sent to Google search every time. The problem is more severe with Internet Explorer 6 than with Firefox but still even in Firefox the browser redirects all Microsoft requests.

thanks.........kovax



DDS (Ver_09-01-07.01) - NTFSx86
Run by Nancy at 0:57:47.18 on Sun 01/18/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.117 [GMT -6:00]

AV: avast! antivirus 4.8.0 [VPS 081207-0] *On-access scanning disabled* (Outdated)
AV: Avira Premium Security Suite *On-access scanning enabled* (Updated)
FW: Avira Firewall *disabled*
FW: Avira Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Weather Clock\WeatherClock.exe
C:\Program Files\Bodrag\RAM Booster Expert\RAMBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\World Lynx\dialer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Nancy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WeatherClock] c:\program files\weather clock\WeatherClock.exe
uRun: [RAM Booster Expert] "c:\program files\bodrag\ram booster expert\RAMBooster.exe" /start
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avgnt] "c:\program files\avira\avira premium security suite\avgnt.exe" /min
uPolicies-explorer: NoInstrumentation = 1 (0x1)
Trusted Zone: google.com\maps
Trusted Zone: yahoo.com\www
TCP: {FAE60320-67CF-4123-A2D4-A1A6097238CE} = 208.1.25.2 208.1.25.3
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nancy\applic~1\mozilla\firefox\profiles\6bjrj79a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Mouse Runner
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSWF32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera\program\plugins\npjava11.dll
FF - plugin: c:\program files\opera\program\plugins\npjava12.dll
FF - plugin: c:\program files\opera\program\plugins\npjava13.dll
FF - plugin: c:\program files\opera\program\plugins\npjava14.dll
FF - plugin: c:\program files\opera\program\plugins\npjava32.dll
FF - plugin: c:\program files\opera\program\plugins\npjpi160_03.dll
FF - plugin: c:\program files\opera\program\plugins\npoji610.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

============= SERVICES / DRIVERS ===============

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2008-12-22 71592]
R1 avgio;avgio;c:\program files\avira\avira premium security suite\avgio.sys [2008-12-22 11840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2008-12-22 71464]
R3 avgntflt;avgntflt;c:\program files\avira\avira premium security suite\avgntflt.sys [2008-12-22 52032]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-8-11 120472]
R4 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\avira\avira premium security suite\avfwsvc.exe [2008-12-22 344321]
R4 AntiVirScheduler;Avira Premium Security Suite Scheduler;c:\program files\avira\avira premium security suite\sched.exe [2008-12-22 68865]
R4 AntiVirService;Avira Premium Security Suite Guard;c:\program files\avira\avira premium security suite\avguard.exe [2008-12-22 151297]
R4 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\avira\avira premium security suite\avwebgrd.exe [2008-12-22 258305]
R4 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\avira\avira premium security suite\avesvc.exe [2008-12-22 41217]
R4 sbbotdi;sbbotdi;c:\progra~1\speedb~1\sbbotdi.sys [2007-12-30 35712]
R4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S0 MFX;MFX; [x]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S3 CD-Lock;CD-Lock;\??\d:\restore info cd\cdm.sys --> d:\restore info cd\cdm.sys [?]
S3 DCamUSBCompany;P35U Camera Capture;c:\windows\system32\drivers\p35u.sys [2007-10-12 98272]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-29 13352]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [2006-9-19 83080]
S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\system32\drivers\se3emdfl.sys [2006-9-19 15112]
S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\system32\drivers\se3emdm.sys [2006-9-19 108552]
S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se3emgmt.sys [2006-9-19 92304]
S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\system32\drivers\se3eobex.sys [2006-9-19 90144]
S3 VRSService;VRS Recording System;"c:\program files\nch swift sound\vrs\vrs.exe" -service --> c:\program files\nch swift sound\vrs\vrs.exe [?]
S3 XIRLINK;Veo Web Camera;c:\windows\system32\drivers\ucdnt.sys [2007-9-15 728067]
S4 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\avira\avira premium security suite\avmailc.exe [2008-12-22 164097]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]

=============== Created Last 30 ================

2009-01-17 20:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-17 20:17 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-17 20:17 <DIR> --d----- c:\docume~1\nancy\applic~1\SUPERAntiSpyware.com
2009-01-17 20:16 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-16 15:39 0 ac------ c:\windows\Infob.dat
2009-01-16 15:39 0 ac------ c:\windows\Infoa.dat
2009-01-14 21:50 <DIR> --d----- c:\program files\PenSoft
2009-01-10 19:02 <DIR> --d----- c:\program files\Investintech.com Inc
2009-01-07 17:35 <DIR> --d----- c:\program files\MyPhoneExplorer
2009-01-07 15:52 61,440 ac------ c:\windows\system32\Eeshellx.dll
2009-01-07 15:52 <DIR> --d----- c:\program files\Evidence Eliminator
2008-12-28 13:56 <DIR> --d----- C:\SDFix
2008-12-28 12:52 410,984 ac------ c:\windows\system32\deploytk.dll
2008-12-28 12:52 73,728 ac------ c:\windows\system32\javacpl.cpl
2008-12-27 11:23 163,840 ac------ c:\windows\system32\PhotoImpression Screen Saver.scr
2008-12-27 11:22 352,256 ac------ c:\windows\system32\ijl15.dll
2008-12-27 11:22 127,574 ac------ c:\windows\system32\drivers\MR97310c.sys
2008-12-27 11:22 102,400 ac------ c:\windows\system32\mr310ifc.dll
2008-12-27 11:22 73,728 ac------ c:\windows\system32\mr310ipc.dll
2008-12-27 11:22 36,864 ac------ c:\windows\system32\mr310exv.dll
2008-12-27 11:22 28,672 ac------ c:\windows\system32\mr310exd.dll
2008-12-27 11:22 15,164 ac------ c:\windows\mr310twc.ini
2008-12-27 11:22 12,106 ac------ c:\windows\mr310twc.src
2008-12-27 11:22 <DIR> --d----- c:\program files\MARS
2008-12-26 15:27 0 ac------ c:\windows\system32\setup_XP.ini
2008-12-26 14:55 <DIR> --d----- c:\documents and settings\nancy\DoctorWeb
2008-12-25 21:22 <DIR> --d----- c:\program files\CCleaner
2008-12-25 11:17 <DIR> --d----- c:\program files\Trend Micro
2008-12-23 02:47 262,144 a------- C:\ntuser.dat
2008-12-22 00:45 71,592 ac------ c:\windows\system32\drivers\avfwot.sys
2008-12-22 00:45 71,464 ac------ c:\windows\system32\drivers\avfwim.sys
2008-12-22 00:45 <DIR> --d----- c:\program files\Avira
2008-12-21 14:48 156,154 a------- c:\docume~1\alluse~1\applic~1\mainlsp.reg.dat
2008-12-21 14:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira Premium Security Suite
2008-12-21 00:05 0 -c-sh--- c:\windows\S860A7BB5.tmp
2008-12-20 17:58 578,560 ac------ c:\windows\system32\dllcache\user32.dll

==================== Find3M ====================

2009-01-14 21:51 183,672 ac------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-01-07 23:33 1,737 a------- c:\program files\Adobe Reader 8.lnk
2009-01-04 18:38 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 18:38 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2008-12-21 22:11 1,024 a------- c:\program files\HBEDV.KEY
2008-12-11 04:57 333,952 ac------ c:\windows\system32\drivers\srv.sys
2008-12-07 22:59 26,112 ac------ c:\windows\system32\drivers\nchssvad.sys
2008-11-17 17:12 8 a------- c:\docume~1\nancy\applic~1\usb.dat.bin
2008-10-29 22:04 1,419,232 ac------ c:\windows\system32\wdfcoinstaller01005.dll
2008-10-23 06:36 286,720 ac------ c:\windows\system32\gdi32.dll
2008-08-21 12:27 731 a------- c:\program files\DVDFab Platinum 4.lnk
2008-08-21 12:26 725 a------- c:\program files\DVDFab Platinum.lnk
2008-06-21 16:34 47,360 a------- c:\docume~1\nancy\applic~1\pcouffin.sys
2008-04-13 18:12 93,184 a------- c:\program files\iexplore.exe
2008-04-03 21:53 1,691 a------- c:\program files\Mozilla Firefox 3 Beta 5.lnk
2008-01-28 19:22 905 a------- c:\program files\RealPlayer.lnk
2008-01-01 00:53 2,352 a------- c:\docume~1\nancy\applic~1\mpauth.dat
2007-10-18 13:39 814 a------- c:\program files\Foxit PDF Editor.lnk
2007-09-22 23:35 1,598 a------- c:\program files\LimeWire PRO 4.14.10.lnk
2007-09-18 13:26 7,540,901 a------- c:\program files\Ze-Hand.Writting.Font.Pack.rar
2007-09-17 11:40 1,281,472 a------- c:\program files\WinRAR_3[1].7_Full_Corporate_Edition.7z
2007-09-08 13:26 18,808,840 a------- c:\program files\RhapsodyReal.EXE
2007-09-07 20:10 2,914,040 a------- c:\program files\WindowsMedia-Q828026-x86-ENU.exe
2006-12-15 18:27 1,610 a------- c:\program files\Mozilla Firefox.lnk
2006-11-27 11:11 114,688 a------- c:\program files\FixVTS.exe
2006-05-19 23:11 113,788 a------- c:\program files\zeedownload.html
2005-07-05 22:43 21 a------- c:\program files\common files\appop.log
2004-09-23 18:29 0 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 1:00:11.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:30 AM

Posted 28 January 2009 - 06:11 AM

Hi kovax,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, it creates two logs. Please post the contents of justlog.txt. It it the one you see after running rsit.

      Note 1:The logs will be created in this folder: C:\rsit

      Note 2:The tool takes not more than one minute to scan the system. It downloads also a Hijackthis, please allow this to happen.
  • Tell me:
    • If you have done anything (major changes, running other tools, etc) since previous post. In case you have other tools please attach the logs if available.
    • Tell me how is the current condition of your computer.
You might want to save this page on your favorites, so you can find it again when you return.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:30 AM

Posted 03 February 2009 - 02:06 AM

This thread will now be closed due to lack of feedback.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users