Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting links


  • This topic is locked This topic is locked
2 replies to this topic

#1 In a Pickle

In a Pickle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 29 June 2009 - 07:04 PM

Hello, This is the first time I'm posting on something like this, so if you can please forgive me if I posted anything wrong. Thankyou smile.gif

Also before I start, I would like to thank whoever will take the time out to help me.



So anyway, this current problem on my computer really has me licked. I usually fix my malware woes by reading other people's problems on bleeping computer, but this time I cannot figure out what is wrong. The symptoms are that whenever I search for something on google, and I click on one of the search results, the site I get directed to is some weird ad site. It's always a different ad site, and it always has the format similar to the following:

<hxxp://adsite.com/search.php?Keyword=mykeywords>

where adsite.com is the random site, and mykeywords are whatever i searched for in google. If someone could please help me out, I would appreciate it so much. Here is my DDS log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Null at 19:46:24.92 on Mon 06/29/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1790.1184 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Null\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-28 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-7-28 35712]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-06-29 18:39 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-29 18:33 <DIR> a-dshr-- C:\cmdcons
2009-06-29 18:32 <DIR> --ds---- C:\ComboFix
2009-06-29 18:26 161,792 a------- c:\windows\SWREG.exe
2009-06-29 18:26 155,136 a------- c:\windows\PEV.exe
2009-06-29 18:26 98,816 a------- c:\windows\sed.exe
2009-06-29 14:46 <DIR> --d----- c:\docume~1\null\applic~1\Malwarebytes
2009-06-29 14:46 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 14:46 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 14:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 14:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-29 14:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-29 14:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-29 14:42 <DIR> --d----- c:\docume~1\null\applic~1\SUPERAntiSpyware.com
2009-06-17 01:11 69 a------- c:\windows\NeroDigital.ini
2009-06-17 00:20 <DIR> --d----- c:\program files\Nero
2009-06-16 02:28 <DIR> --d----- c:\temp\VIDEO
2009-06-16 02:27 <DIR> --d----- C:\temp
2009-06-14 22:44 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-14 22:44 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-14 22:37 12,292 a---h--- C:\.DS_Store
2009-06-08 13:52 48,640 a------- c:\windows\system32\drivers\ser2pl.sys

==================== Find3M ====================


============= FINISH: 19:47:17.73 ===============

Attached Files


Edited by Orange Blossom, 11 February 2013 - 12:45 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:21 PM

Posted 03 July 2009 - 02:45 AM

Hello In a Pickle,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you. Since you already ran it, please also post the ComboFix report as well.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:21 PM

Posted 09 July 2009 - 07:12 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users