Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Redirecting Google searchs

  • Please log in to reply
4 replies to this topic

#1 Barrylocke


  • Members
  • 3 posts
  • Local time:10:33 AM

Posted 23 June 2009 - 08:28 AM

I think I have a similar problem to the one for This person. Clicking on links redirects me to other sites, couponmountain among them. Im usually forced to copy+paste the links into my url box, which gets pretty annoying.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Adrian at 7:34:32.98 on Tue 06/23/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.373 [GMT -4:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adrian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/f5tunsrv.cab#version=6020,2007,1213,2010
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\marie\locals~1\temp\ixp001.tmp\InstallerControl.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/vdeskctrl.cab#version=6020,2007,1213,2009
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/urxshost.cab#version=6020,2007,1213,2008
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/urxhost.cab#version=6020,2007,1213,2007
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\kevupavo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adrian\applic~1\mozilla\firefox\profiles\5q4gwjkz.default\
FF - plugin: c:\program files\mozilla firefox\plugins\np-lala.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-lala9.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-lalarec.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-1-14 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-16 36368]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-16 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-1-14 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-1-14 648456]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2006-12-7 26488]

=============== Created Last 30 ================

2009-06-22 09:30 --d----- c:\program files\Windows Media Connect 2

==================== Find3M ====================

2009-05-20 14:36 78,848 a------- c:\documents and settings\adrian\nah_llva.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 00:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-21 11:42 389,120 a------- c:\windows\system32\CF4313.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-28 13:54 61,440 a--sh--- c:\windows\system32\dojisino.exe
2008-04-01 02:43 4,585,912 a------- c:\program files\Shockwave_Installer_Slim.exe
2007-08-07 13:49 4,909,064 a------- c:\program files\picasa2Setup.exe
2004-10-01 16:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2009-03-17 12:07 5,799 a--sh--- c:\windows\system32\mekopigo.dll
2009-03-17 12:07 5,799 a--sh--- c:\windows\system32\vemogefi.dll

============= FINISH: 7:36:00.73 ===============

Attached Files

BC AdBot (Login to Remove)



#2 teacup61


    Bleepin' Texan!

  • Malware Response Team
  • 17,075 posts
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 AM

Posted 23 June 2009 - 12:37 PM

Hello Barrylocke,

Posted Image

Well let's just see then. :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please do this:
1. Download HijackThis here:

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image

Error reading poptart in Drive A: Delete kids y/n?

#3 Barrylocke

  • Topic Starter

  • Members
  • 3 posts
  • Local time:10:33 AM

Posted 26 June 2009 - 11:53 AM


Attached Files

#4 teacup61


    Bleepin' Texan!

  • Malware Response Team
  • 17,075 posts
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 AM

Posted 26 June 2009 - 01:17 PM


How is it running now please? Redirects stopped? :thumbup2:

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image

Error reading poptart in Drive A: Delete kids y/n?

#5 Barrylocke

  • Topic Starter

  • Members
  • 3 posts
  • Local time:10:33 AM

Posted 27 June 2009 - 01:41 AM

All Seems well so far, thanks! I actually downloaded Combofix a couple of months ago, but after hearing that it could be harmful if used wrong, I decided against using it until someone more knowledgeable said that it was fine.

thanks for your help! :thumbup2:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users