Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine HiJack Jump to 67.29.139.253


  • This topic is locked This topic is locked
3 replies to this topic

#1 j green

j green

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 06 February 2009 - 12:00 AM

When i click on a google result, 65 % of the time i get redirected.

When I search on GOOGLE New POP-up window opens as JUMP and I'm re-directed.

Seems like my browser was hijacked

I noticed that the link is being re-directed through IP address 67.29.139.253 (this IP address also appears in my history listing).

also,

it seem like my windows update has been diabled. It goes to http://windowsupdate.microsoft.com/ but all i see is googl's web page (google is my home page)

thanks


DDS (Ver_09-02-01.01) - NTFSx86
Run by admin at 23:44:37.71 on Thu 02/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.273 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
FW: Symantec Endpoint Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mExplorerRun: [Sidebar] c:\docume~1\admin\locals~1\temp\sidebar.exe
StartupFolder: c:\documents and settings\admin\start menu\programs\startup\Admin - Map Drives.vbs
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228683238296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228967477750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {F3C6765B-A532-41A7-BB93-5AD262800D9E} = 85.255.112.39,85.255.112.40
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-14 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090205.048\NAVENG.SYS [2009-2-5 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090205.048\NAVEX15.SYS [2009-2-5 876112]
R3 S3SAV2K;S3SAV2K;c:\windows\system32\drivers\s3sav2km.sys [2008-12-7 86784]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

=============== Created Last 30 ================

2009-02-05 23:31 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-05 22:37 <DIR> --d----- c:\documents and settings\admin\.housecall6.6
2009-02-05 22:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-05 22:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-05 18:47 20,748 a------- C:\Cajun Tomato Bread.htm
2009-02-05 18:47 23,010 a------- C:\Honey Bread Sticks.htm
2009-02-05 18:47 21,818 a------- C:\Holiday Bread.htm
2009-02-04 22:30 0 a------- C:\t1bo.1
2009-02-04 11:57 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-03 21:49 <DIR> --d----- c:\docume~1\admin\applic~1\Radium Technologies
2009-01-28 09:10 <DIR> --d----- c:\program files\Netflix
2009-01-25 15:36 <DIR> --d----- c:\windows\system32\Adobe
2009-01-21 09:32 1,960 a------- c:\windows\system32\d3d9caps.dat
2009-01-08 20:58 <DIR> --d----- c:\program files\iVocalize Web Conference 4

==================== Find3M ====================

2009-02-05 03:28 27,262,976 a------- C:\VIRTPART.DAT
2009-01-20 20:44 149,760 a------- c:\windows\system32\drivers\WpsHelper.sys
2008-12-25 18:12 1,848 a------- c:\windows\system32\d3d8caps.dat
2008-12-16 20:30 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-07 18:05 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-07 15:50 745,472 a------- c:\windows\system32\s2kicdnt.dll
2008-12-07 15:50 361,328 a------- c:\windows\system32\s3sav2k.dll
2008-12-07 15:50 261,120 a------- c:\windows\system32\s3swtch3.dll
2008-12-07 15:50 159,744 a------- c:\windows\system32\ndl.dll
2008-12-07 15:50 126,976 a------- c:\windows\system32\S3Gamma.dll
2008-12-07 15:50 49,664 a------- c:\windows\system32\S3Uninst.exe
2008-12-07 15:05 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 23:44:49.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 j green

j green
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 10 February 2009 - 04:57 PM

PLEASE HELP!

#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:16 PM

Posted 14 February 2009 - 08:29 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:16 PM

Posted 20 February 2009 - 03:43 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users