Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Resolved


  • This topic is locked This topic is locked
1 reply to this topic

#1 stowens

stowens

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 07 September 2009 - 02:21 PM

When I go to www.google.com and search on a topic and then click the link for that topic, my IE browser says at the top, "Loading ... please wait a few seconds," and then it goes to advertisement sites like bestclicksnow.com or bestpricecruises.com, etc. I can go to the site I want by typing in the address into the address bar, but it will not go to the correct site from the Google search. I have tried running Malwarebytes Anti-Malware, SUPERAntiSpyware, and ATF-Cleaner. I have done the preparation steps, and my DDS.txt log is listed below, with ark.txt and attach.txt attached. Thank you so much for any help you can give me. I have been fighting with this thing for 3 weeks with no luck and decided to turn to the experts :-)

Shelley


DDS (Ver_09-07-30.01) - NTFSx86
Run by Compaq_Administrator at 12:42:52.56 on Mon 09/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.423 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Hawking Technologies\Hawking_HWU54G_Utility\HWU54G.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\U3\0000181B3C638152\LaunchPad.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VideoraiPodConverter] c:\program files\videoraipodconverter\VideoraiPodConverter.exe -t
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\mindscape\printmaster\PMREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking technologies\hawking_hwu54g_utility\HWU54G.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
Trusted Zone: trymedia.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\oc7b1ero.default\

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
R3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090718.003\NAVENG.sys [2009-7-18 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090718.003\NAVEX15.sys [2009-7-18 875728]
R3 ZD1211U(Hawking Technologies);Hawking Technologies HW54G Wireless-G USB Adapter(Hawking Technologies);c:\windows\system32\drivers\ZD1211U.sys [2009-8-15 228864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-11 38160]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

=============== Created Last 30 ================

2009-09-07 11:48 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-09-07 11:48 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-09-07 11:48 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-09-07 11:48 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-09-07 11:48 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-07 11:48 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-09-07 11:48 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-09-07 11:48 380,928 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-09-07 11:48 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-09-07 11:43 <DIR> --d----- c:\windows\network diagnostic
2009-08-16 14:41 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-16 05:58 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-16 05:57 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-16 05:57 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-16 05:57 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-16 05:57 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-16 05:57 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-16 05:57 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-16 05:57 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-16 05:56 <DIR> --d----- C:\0c113f32d33a19bd49b5429de1
2009-08-16 05:44 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-16 00:20 <DIR> --d----- c:\documents and settings\compaq_administrator\DoctorWeb
2009-08-15 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-15 11:44 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-15 11:44 <DIR> --d----- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2009-08-15 11:44 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-15 10:01 228,864 a------- c:\windows\system32\drivers\ZD1211U.sys
2009-08-15 10:01 81,920 a------- c:\windows\system32\ZDPN50.dll
2009-08-15 10:01 81,920 a------- c:\windows\system32\ZDBRGDLL.dll
2009-08-15 10:01 24,576 a------- c:\windows\system32\ZyDelReg.exe
2009-08-15 10:01 19,200 a------- c:\windows\system32\ZDBRGSYS.sys
2009-08-15 10:01 17,151 a------- c:\windows\system32\ZDPNDIS5.sys
2009-08-15 10:01 28,672 a------- c:\windows\system32\InsDrvZD.dll
2009-08-15 10:01 <DIR> --d----- c:\program files\Hawking Technologies
2009-08-11 21:35 <DIR> --d----- c:\windows\pss
2009-08-11 18:53 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-08-11 18:53 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-11 18:53 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 18:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-08-05 03:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 03:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 19:03 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 10:00 1,509,888 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 12:55 58,880 a------- c:\windows\system32\dllcache\atl.dll
2009-07-17 12:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 07:42 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 05:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 02:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 02:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-26 09:59 474,112 a------- c:\windows\system32\dllcache\shlwapi.dll
2009-06-26 09:59 1,054,208 a------- c:\windows\system32\dllcache\danim.dll
2009-06-26 09:59 1,024,000 a------- c:\windows\system32\dllcache\browseui.dll
2009-06-26 09:59 151,040 a------- c:\windows\system32\dllcache\cdfview.dll
2009-06-25 02:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 02:44 724,480 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 02:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 02:44 298,496 a------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 02:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 02:44 168,448 a------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 02:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 02:44 133,632 a------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 02:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 02:44 59,392 a------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 02:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 02:44 56,320 a------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 05:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 05:49 117,248 a------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 05:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 05:49 19,968 a------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 05:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 05:49 4,608 a------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 05:48 91,776 a------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 05:34 92,544 a------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 08:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 08:55 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 08:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 08:55 82,432 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 05:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:50 80,896 a------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 05:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 05:50 76,288 a------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 08:21 84,992 a------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 08:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 00:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 00:32 132,096 a------- c:\windows\system32\dllcache\wkssvc.dll

============= FINISH: 12:43:25.60 ===============

Attached Files


Edited by garmanma, 22 September 2009 - 05:40 PM.


BC AdBot (Login to Remove)

 


#2 stowens

stowens
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 08 September 2009 - 09:46 PM

I have fixed this issue by deleting all IP addresses in the Hijack This log and renaming my Hosts file, which had numerous antivirus websites in it.

Thank you! This case can be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users