Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Search Bar results cause redirect


  • This topic is locked This topic is locked
3 replies to this topic

#1 mjancola

mjancola

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 18 July 2009 - 08:26 AM

I've been wrestling with this one for a while, please help! Whenever I use the browser's search bar to do a search, the results look accurate but don't work. Clicking the links in the results redirects to some other search, page.

I've tried Spybot, AdAware, Bit Defender and TrendOnline scan. I also removed a few suspicious BHO's which I found in the Hijack this log and rebooted, but the problem persists.

Here is the result of a new DDS scan. I will await your advice, thanks!

PS, another symptom that showed up after trying various scans is the extra drive mappings F: and G:. Doesn't really cause a problem that I know of, just thought I would mention it.



DDS (Ver_09-06-26.01) - NTFSx86
Run by New User at 9:17:45.65 on Sat 07/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.208 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\found.000\dir0003.chk\DUC20.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\New User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [BlazeServoTool] "c:\program files\blazevideo\blazedtv 3.5\MediaDetector.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [AtiPTA] atiptaxx.exe
mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\newuse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\newuse~1\startm~1\programs\startup\no-ipd~1.lnk - c:\found.000\dir0003.chk\DUC20.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taskmg~1.lnk - c:\winnt\system32\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: adobe.com\get
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164566851906
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229477373640
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxps://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - hxxp://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} - hxxps://netservices.verizon.net/portal/yahoo/modem_pwd/activex/DSLControl.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ssl.schange.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.schange.com/dana-cached/sc/JuniperSetupClient.cab
TCP: {88FFAFE0-1291-457C-B4A2-6AE9DB145EFF} = 192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\newuse~1\applic~1\mozilla\firefox\profiles\ncmhtqov.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - plugin: c:\documents and settings\new user\application data\mozilla\firefox\profiles\ncmhtqov.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2009-7-15 64160]
R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [2008-12-20 6016]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S2 rubystackMySQL;rubystackMySQL;c:\program files\bitnami rubystack\mysql\bin\mysqld.exe [2007-12-4 5730304]
S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2005-1-26 280344]
S3 website;website;"c:/ruby/bin/mongrel_service.exe" single -e production -p 8080 -a 0.0.0.0 -l "log/mongrel.log" -P "log/mongrel.pid" -c "c:/rails/website" -t 0 -r "public" -n 1024 --> c:/ruby/bin/mongrel_service.exe [?]

=============== Created Last 30 ================

2009-07-18 08:17 <DIR> --d----- c:\program files\Trend Micro
2009-07-15 23:30 64,160 a------- c:\winnt\system32\drivers\Lbd.sys
2009-07-15 23:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 23:29 <DIR> --d----- c:\program files\Lavasoft
2009-07-15 10:06 102,664 a------- c:\winnt\system32\drivers\tmcomm.sys
2009-07-15 08:44 <DIR> --d----- c:\documents and settings\new user\.housecall6.6
2009-07-11 16:11 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-11 16:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-10 23:07 <DIR> --d----- c:\program files\Radialpoint
2009-07-10 23:06 <DIR> --d----- c:\docume~1\newuse~1\applic~1\Verizon
2009-07-10 23:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon
2009-07-09 23:57 2,061,824 a------- c:\winnt\system32\dllcache\mstscax.dll
2009-07-09 23:57 677,888 a------- c:\winnt\system32\dllcache\mstsc.exe
2009-07-09 23:54 606 a------- C:\fixrd.bat
2009-07-03 12:36 398,632 a------- c:\winnt\system32\dsNcSmartCardProv.dll

==================== Find3M ====================

2009-07-10 14:24 3,812 a------- c:\program files\dir.txt
2009-07-09 23:48 2,061,824 a------- c:\winnt\system32\dllcache\lhmstscx.dll
2009-07-09 23:47 677,888 a------- c:\winnt\system32\dllcache\lhmstsc.exe
2009-06-16 10:36 119,808 a------- c:\winnt\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\winnt\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\winnt\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\winnt\system32\dllcache\fontsub.dll
2009-06-15 17:05 345,384 a------- c:\winnt\system32\dsNcCredProv.dll
2009-06-15 17:01 221,184 a------- c:\winnt\system32\dsGinaLoader.dll
2009-06-08 19:06 35,285,580 a------- C:\all.reg
2009-06-03 15:09 1,291,264 a------- c:\winnt\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\winnt\system32\dllcache\quartz.dll
2009-05-07 11:32 345,600 a------- c:\winnt\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\winnt\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\winnt\system32\wininet.dll
2009-04-29 00:56 827,392 -------- c:\winnt\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\winnt\system32\dllcache\webcheck.dll
2009-04-29 00:56 44,544 a------- c:\winnt\system32\dllcache\pngfilt.dll
2009-04-29 00:56 1,159,680 -------- c:\winnt\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 -------- c:\winnt\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 -------- c:\winnt\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\winnt\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 -------- c:\winnt\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\winnt\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\winnt\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\winnt\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\winnt\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 -------- c:\winnt\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\winnt\system32\dllcache\ieakui.dll
2006-11-26 11:33 21,952 a---h--- c:\program files\folder.htt
2006-11-26 11:33 271 ---sh--- c:\program files\desktop.ini

============= FINISH: 9:21:38.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mjancola

mjancola
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 July 2009 - 08:23 PM

Just pinging the thread...still hoping for assistance on this one, thanks
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 24 July 2009 - 07:44 PM.


#3 mjancola

mjancola
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 26 July 2009 - 11:45 PM

Thanks, but I couldn't wait any longer. I archived the HD, reformatted and reinstalled. Please disregard my post.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:27 AM

Posted 27 July 2009 - 12:06 AM

Hello

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users