Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links being redirected to pages that are selling


  • This topic is locked This topic is locked
3 replies to this topic

#1 flossy21

flossy21

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 06 May 2009 - 07:19 PM

I need some help because I am in over my head. About a week ago I started getting many popup windows directing me to sites that were selling some kind of antivirus or malware fix type software. It was about the same time that a new piece of software called Spyware Protect 2009 showed up uninvited. I followed the instructions for removing that and was able to reclaim my PC. Later I noticed that google search links were being redirected to sites selling all kinds of crap.

I am running Windows XP Professional SP3 and Internet Explorer Version 8. I have McAfee security center which includes SecurityCenter, VirusScan and Personal Firewall running full time. I have run scans from McAfee and removed all items which it found. I have also installed and ran MalwareBytes' Anti-Malware, CCleaner and Spybot - Search & Destroy and removed all the items that each of them found.

Things are better but I still get some intermittent popups and repeated scans keep turning up new issues. I am concerned that I am missing something that keeps coming back.

Here's my DDS log file. Any help you can offer is greatly appreciated.

DDS file...


DDS (Ver_09-03-16.01) - NTFSx86
Run by Scott at 19:38:13.25 on Thu 05/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.524 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Scott\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyServer = 61.175.135.52:80
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [<NO NAME>]
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [<NO NAME>] c:\windows\temp\l6m7gs4.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\l6m7gs4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-2 214024]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-4-2 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-4-2 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-2 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-2 35272]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-2 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-2 40552]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-8-22 189792]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2009-2-3 6795333]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-4-2 606736]

=============== Created Last 30 ================

2009-05-06 19:50 <DIR> --d----- c:\program files\Trend Micro
2009-05-03 19:55 167 a------- c:\windows\wininit.ini
2009-05-03 17:17 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-03 16:51 <DIR> --d----- c:\program files\Yahoo!
2009-05-03 16:50 <DIR> --d----- c:\program files\CCleaner
2009-05-03 13:40 <DIR> --dsh--- c:\documents and settings\scott\IECompatCache
2009-05-02 12:38 <DIR> --dsh--- c:\documents and settings\scott\PrivacIE
2009-05-02 12:28 <DIR> --dsh--- c:\documents and settings\scott\IETldCache
2009-05-02 12:26 <DIR> --d----- c:\windows\ie8updates
2009-05-02 12:22 <DIR> -cd-h--- c:\windows\ie8
2009-05-02 12:20 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-02 11:45 56 a------- C:\xcrashdump.dat
2009-04-30 18:11 <DIR> --d----- c:\program files\Main Sequence Technologies
2009-04-29 21:13 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-27 22:09 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-27 22:08 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-27 22:08 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-27 22:08 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-27 22:08 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-27 22:08 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-27 22:08 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-27 22:08 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-27 18:23 <DIR> --d----- c:\docume~1\scott\applic~1\Malwarebytes
2009-04-27 18:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-27 18:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 18:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-27 18:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-27 18:19 61,812 a---h--- c:\windows\system32\mlfcache.dat
2009-04-16 20:01 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-04-16 20:01 1,848,608 a------- c:\windows\system32\acXMLParser.dll
2009-04-16 20:01 3,523,872 a------- c:\windows\system32\cdintf300.dll
2009-04-15 20:48 <DIR> --d----- c:\program files\iTunes
2009-04-15 20:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-15 20:32 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 20:32 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 20:32 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 20:32 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-15 20:32 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 20:32 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 20:32 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 20:32 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 20:32 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 20:32 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 20:30 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 20:30 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 20:30 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-09 13:26 54,640 a------- c:\windows\system32\pcrspell.exe
2009-03-29 13:10 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2009-03-29 13:10 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-02-20 14:09 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat

============= FINISH: 19:38:55.51 ===============

Edited by flossy21, 07 May 2009 - 06:51 PM.


BC AdBot (Login to Remove)

 


#2 flossy21

flossy21
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 09 May 2009 - 06:46 PM

Bump -- I would appreciate any help you can offer.

#3 flossy21

flossy21
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 13 May 2009 - 07:01 PM

Thanks but I followed the instructions for malware fixes at Majorgeeks.com and it seems to have solved my issues.


here's the link...
http://forums.majorgeeks.com/showthread.php?t=139313

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:22 AM

Posted 19 May 2009 - 10:20 AM

Thanks for informing us.
Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users