Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search page redirection


  • This topic is locked This topic is locked
3 replies to this topic

#1 Devin M

Devin M

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 27 July 2009 - 07:54 PM

When clicking on links of all search page results am always redirected to a different page mostly Ads. Have run McAfee and Spybot with no results.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Elaine at 17:27:20.59 on Mon 07/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.110 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Microsoft Time Zone\TimeZone.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
svchost
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Elaine\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.foxnews.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [Timezone] "c:\program files\microsoft time zone\TimeZone.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Ink Monitor] c:\program files\epson\ink monitor\InkMonitor.exe
mRun: [hpppt] c:\program files\hewlett-packard\hp precisionscan\precisionscan\hpppt.exe /ICON
mRun: [HP Lamp] c:\program files\hewlett-packard\hp precisionscan\precisionscan\HPLamp.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [MPFTray] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [MISAggregator]
mRun: [AceGain LiveUpdate] c:\program files\acegain\liveupdate\LiveUpdate.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [RetroExpress] c:\progra~1\dantz\retros~1\RetroExpress.exe /h
mRun: [MXOBG] c:\windows\MXOALDR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093308151296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38001.641099537
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-3 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-3 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-3 144704]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2003-2-13 117920]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2003-2-13 3712]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2003-2-13 7584]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-3 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-3 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-3 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-3 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-3 40488]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1979-12-31 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1979-12-31 545088]
S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [2003-2-13 84480]
S2 sfx;sfx;c:\windows\system32\SvchoSt.ExE -k sfx [2002-8-29 14336]
S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\Sharshtl.sys [2003-2-13 18432]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2003-2-13 114944]
S3 jbridgep;jbridgep;\??\c:\docume~1\elaine\locals~1\temp\jbridgep.sys --> c:\docume~1\elaine\locals~1\temp\jbridgep.sys [?]

=============== Created Last 30 ================

2009-07-27 16:38 <DIR> --d----- c:\program files\Trend Micro
2009-07-27 15:47 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-27 15:47 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-27 10:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-27 10:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-24 07:51 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-24 07:51 1,409 a------- c:\windows\QTFont.for
2009-07-24 07:31 2 a------- c:\windows\0101120101464853.dat
2009-07-22 09:41 268 a---h--- C:\sqmdata04.sqm
2009-07-22 09:41 244 a---h--- C:\sqmnoopt04.sqm
2009-07-21 18:44 268 a---h--- C:\sqmdata03.sqm
2009-07-21 18:44 244 a---h--- C:\sqmnoopt03.sqm
2009-07-21 08:24 268 a---h--- C:\sqmdata02.sqm
2009-07-21 08:24 244 a---h--- C:\sqmnoopt02.sqm
2009-07-20 12:39 <DIR> --dsh--- c:\documents and settings\elaine\IECompatCache
2009-07-20 12:37 <DIR> --dsh--- c:\documents and settings\elaine\PrivacIE
2009-07-20 12:10 40 a------- c:\windows\WinInit.Ini
2009-07-20 12:02 <DIR> --dsh--- c:\documents and settings\elaine\IETldCache
2009-07-20 11:54 <DIR> -cd-h--- c:\windows\ie8
2009-07-19 16:48 2 a------- c:\windows\0535251103110107106.xvb
2009-07-19 16:47 1 ----h--- c:\windows\jmmark2.dat
2009-07-19 16:47 2 a------- c:\windows\0101120101465749.dat
2009-07-19 16:47 2 a------- c:\windows\0101120101465752.dat
2009-07-19 15:47 <DIR> --d----- c:\program files\sFX
2009-07-19 15:47 2 a------- c:\windows\0101120101464849.dat
2009-07-19 15:47 2 a------- c:\windows\010112010146118114.dat
2009-07-07 07:31 268 a---h--- C:\sqmdata01.sqm
2009-07-07 07:31 244 a---h--- C:\sqmnoopt01.sqm

==================== Find3M ====================

2009-07-27 12:14 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-07-27 12:14 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 12:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 08:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 21:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2007-05-07 16:12 117,080 a------- c:\docume~1\elaine\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:28:03.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 05 August 2009 - 01:18 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 08 August 2009 - 11:50 AM

Devin M? Do you still need help?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 11 August 2009 - 01:34 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

MalWare Removal University Master

Member of ASAP
unite_Invision.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users