Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 galetondesigns

galetondesigns

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 15 March 2009 - 07:04 AM

Good morning. I've been having a problem with browser redirects. Here is a DDs file from this morning. Any help would be appreciated. Thank you.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Reggie at 7:50:59.52 on Sun 03/15/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1404 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\SlipStream Web Accelerator\slipcore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SlipStream Web Accelerator\slipgui.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\M3 Server\zservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?source=mpues&hl=en
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5400;*update.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;update.adobe.com;localhost
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SlipStream] "c:\program files\slipstream web accelerator\slipcore.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pennsw~1.lnk - c:\program files\slipstream web accelerator\slipgui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Show All Original Images - c:\program files\slipstream web accelerator\gui_resource.dll/327
IE: Show Original Image - c:\program files\slipstream web accelerator\gui_resource.dll/328
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\web2~1\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228920715734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: NameServer = 85.255.112.63,85.255.112.87
TCP: {42F4BE67-47DA-4594-B383-400F70EBC091} = 85.255.112.63,85.255.112.87
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-11-28 11840]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-2-21 142592]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-11-28 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-11-28 151297]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 Mandarin M3 Server;Mandarin M3 Server;c:\m3 server\zservice.exe [2009-2-22 1527808]
R2 MSSQL$PROVIDUSSTD;MSSQL$PROVIDUSSTD;c:\program files\microsoft sql server\mssql$providusstd\binn\sqlservr.exe -sprovidusstd --> c:\program files\microsoft sql server\mssql$providusstd\binn\sqlservr.exe -sPROVIDUSSTD [?]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Service.exe [2008-11-17 185640]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-11-28 52032]
S3 SQLAgent$PROVIDUSSTD;SQLAgent$PROVIDUSSTD;c:\program files\microsoft sql server\mssql$providusstd\binn\sqlagent.exe -i providusstd --> c:\program files\microsoft sql server\mssql$providusstd\binn\sqlagent.EXE -i PROVIDUSSTD [?]

=============== Created Last 30 ================

2009-03-15 07:13 <DIR> --d----- c:\program files\Trend Micro
2009-03-12 20:34 <DIR> --d----- C:\xp2
2009-03-11 14:23 <DIR> --d----- c:\program files\common files\TJ Shared
2009-03-11 14:23 <DIR> --d----- c:\program files\Trus Joist
2009-03-11 07:51 <DIR> --d----- c:\windows\system32\LogFiles
2009-03-10 12:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-10 12:49 <DIR> --d----- c:\program files\Yahoo!
2009-03-09 14:22 <DIR> --d----- c:\docume~1\reggie\applic~1\Obsidium
2009-03-09 14:22 <DIR> --d----- c:\program files\AllMyBooks
2009-03-09 08:56 <DIR> --d----- c:\windows\system32\Adobe
2009-03-09 08:45 <DIR> --d----- c:\program files\Firebird
2009-03-09 08:45 <DIR> --d----- c:\program files\Prager
2009-03-09 08:45 <DIR> --d----- C:\Prager
2009-03-08 17:59 <DIR> --d----- c:\program files\Web Scraper Plus+
2009-03-05 08:19 132,096 a------- c:\windows\system32\KEYLIB32.dll
2009-03-05 08:19 112,640 a------- c:\windows\system32\skca32.dll
2009-03-05 02:00 <DIR> --d----- c:\program files\Autorun Eater
2009-03-04 23:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-04 23:34 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-04 23:34 <DIR> --d----- c:\program files\Lavasoft
2009-03-04 17:53 1,950,797 a------- C:\ISO1_DVD.nri
2009-03-04 12:04 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-03-04 12:04 21,504 a------- c:\windows\system32\hidserv.dll
2009-03-04 12:04 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-03-04 12:04 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-04 12:04 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-03-04 12:04 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-03-04 12:04 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-03-04 12:04 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-03-04 12:04 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-04 12:04 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-02-22 16:24 <DIR> --d----- c:\documents and settings\reggie\.readerware
2009-02-22 16:24 <DIR> --d----- c:\windows\Readerware
2009-02-22 16:24 <DIR> --d----- c:\program files\Readerware
2009-02-22 11:00 <DIR> --d----- c:\program files\BookCAT
2009-02-22 09:22 146,976 a------- c:\windows\system32\MFCOLEUI.DLL
2009-02-22 09:22 <DIR> --d----- c:\program files\WebClarity Software Inc
2009-02-22 09:21 1,294,336 a------- c:\windows\system32\M3ServerAccess.ocx
2009-02-22 09:21 293,376 a------- c:\windows\system32\midas.dll
2009-02-22 09:21 484,128 a------- c:\windows\system32\SSCALA32.OCX
2009-02-22 09:21 446,464 a------- c:\windows\system32\HHActiveX.dll
2009-02-22 09:21 328,480 a------- c:\windows\system32\SSCALB32.OCX
2009-02-22 09:21 76,288 a------- c:\windows\system32\SSFM1032.DLL
2009-02-22 09:21 516,096 a------- c:\windows\system32\RSearchDlg.dll
2009-02-22 09:21 <DIR> --d----- c:\program files\Mandarin Library Automation
2009-02-22 09:18 217,088 a------- c:\windows\system32\m3client.dll
2009-02-22 09:18 116,960 a------- c:\windows\system32\SHSMP.DLL
2009-02-22 09:17 <DIR> --d----- C:\M3 Server
2009-02-22 08:12 2,836 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-02-21 19:27 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-21 19:27 <DIR> --d----- c:\docume~1\reggie\applic~1\Spyware Terminator
2009-02-21 19:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-02-21 19:27 <DIR> --d----- c:\program files\Spyware Terminator

==================== Find3M ====================

2009-02-23 10:43 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 7:51:24.06 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:24 AM

Posted 15 March 2009 - 09:00 AM

Good morning to you too galetondesigns,

Posted Image

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:24 AM

Posted 23 March 2009 - 03:50 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users