Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FireFox and IE seraches hijacked


  • This topic is locked This topic is locked
2 replies to this topic

#1 magnusmagnus

magnusmagnus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 08 November 2009 - 05:01 PM

Whenever I use the firefox ot IE search tool bar, the results come up fine. The links get hijacked about 8 out of 10 times. If I go directly to google or yahoo to do a search the results are normal and the links do not get hijacked. I have used AVG, Malwarebytes, MRT, and Superantispyware. All have removed different trojans, but the searches are still being hijacked. Also I cannot boot into safe mode. When I try, It begins, then reboots into normal mode.

Here is my DDS.txt report:


DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Administrator at 12:15:34.85 on Sun 11/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {6F4F95AF-1647-4B72-A632-055405455423} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [OfotoNow USB Detection] c:\windows\system32\rundll32.exe c:\progra~1\ofoto\ofotonow\OFUSBS.DLL,WatchForConnection OfotoNow
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LWBMOUSE] c:\program files\browser mouse\browser mouse\1.0\lwbwheel.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup\uBBMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jigsaw%20Puzzle%202%20Mix/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://eversave.coupons.smartsource.com/download/cscmv5X.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151797602703
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://72.240.51.213/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Jigsaw%20Puzzle%202%20Mix/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\mvatstji.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-11-08 16:22:36 0 d-----w- c:\program files\Trend Micro
2009-11-08 16:10:54 60388 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-08 13:29:24 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-08 13:29:11 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-08 13:29:11 0 d-----w- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2009-11-08 02:47:59 0 d-----w- c:\program files\firefox
2009-11-08 01:31:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 01:31:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 01:31:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 01:25:40 0 d--h--w- C:\$AVG
2009-11-08 01:24:45 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2009-11-08 01:25:10 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-08 01:25:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-08 01:25:09 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-13 00:23:38 82656 ----a-w- c:\docume~1\hp_adm~1\applic~1\GDIPFONTCACHEV1.DAT
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-20 19:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 07:04:24 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 07:04:08 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-17 07:03:44 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 07:03:38 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 07:03:28 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 07:03:28 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 07:03:22 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 07:03:02 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 07:03:00 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 07:03:00 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-17 07:03:00 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-17 07:03:00 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-17 07:02:52 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-17 04:57:00 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-17 04:57:00 7729568 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2009-08-17 04:57:00 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-17 04:57:00 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-17 04:57:00 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-17 04:57:00 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-17 04:57:00 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-17 04:57:00 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-17 04:57:00 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-17 04:57:00 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-17 04:57:00 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-11 16:35:08 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2006-07-03 15:13:14 22 --sha-w- c:\windows\sminst\HPCD.sys
2008-08-31 15:04:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 12:17:34.75 ===============


Thanks in advance for all your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 magnusmagnus

magnusmagnus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 10 November 2009 - 06:52 AM

Thanks for your help, but I have decided to reformat. I am just going to start anew.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:03 AM

Posted 10 November 2009 - 06:45 PM

Hello

Thank you for letting us know. Sometimes a reformat and reinstall is the quickest and best solution.

Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users