Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirected Please Help Diagnose


  • This topic is locked This topic is locked
2 replies to this topic

#1 freakinawesome81

freakinawesome81

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 03 December 2009 - 09:05 PM

Hello I am new to Bleeping Computer, and I would like to say I love this site, but i need alittle help with redirecting virus.
When I click on link on Google it redirects me to random sites.
I have run Malware Bytes with no results. I am running IE8.
Please try to help me diagnose the problem, it has been bugging me for a while.

DDS log file:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Bill Jahn at 21:40:59.44 on Thu 12/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.343 [GMT -5:00]

AV: avast! antivirus 4.8.1351 [VPS 091203-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:AvastaswUpdSv.exe
D:AvastashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesSystem Control ManagerMSIService.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesSystem Control ManagerMGSysCtrl.exe
C:Program FilesMSIMSI Q-Facewebtest.exe
D:AvastashDisp.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb11.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSsystem32hphmon06.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesJavajre6binjucheck.exe
D:Orbitdownloaderorbitdm.exe
D:Orbitdownloaderorbitnet.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesESETESET Online ScannerOnlineCmdLineScanner.exe
D:My Documentsdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msi.com.tw/
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:orbitdownloaderorbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:orbitdownloaderGrabPro.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
mRun: [MGSysCtrl] c:program filessystem control managerMGSysCtrl.exe
mRun: [Q-Face agent] c:program filesmsimsi q-facewebtest.exe
mRun: [avast!] d:avastashDisp.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [HPDJ Taskbar Utility] c:windowssystem32spooldriversw32x863hpztsb11.exe
mRun: [HPHUPD06] c:program fileshp{aac4fc36-8f89-4587-8dd3-ebc57c83374d}hphupd06.exe
mRun: [HP Software Update] "c:program fileshphp software updateHPWuSchd2.exe"
mRun: [HP Component Manager] "c:program fileshphpcoretechhpcmpmgr.exe"
mRun: [HPHmon06] c:windowssystem32hphmon06.exe
mRun: [AdobeCS4ServiceManager] "c:program filescommon filesadobecs4servicemanagerCS4ServiceManager.exe" -launchedbylogin
StartupFolder: c:docume~1alluse~1startm~1programsstartupblueto~1.lnk - c:program filestoshibabluetooth toshiba stackTosBtMng.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
IE: &Download by Orbit - d:orbitdownloaderorbitmxt.dll/201
IE: &Grab video by Orbit - d:orbitdownloaderorbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:orbitdownloaderorbitmxt.dll/203
IE: Down&load all by Orbit - d:orbitdownloaderorbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - d:my documentsadvanced jpeg compressorajcieex.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:program fileshphpcoretechcomphpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-8-16 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-8-16 20560]
R2 avast! Antivirus;avast! Antivirus;d:avastashServ.exe [2009-8-16 138680]
R2 Micro Star SCM;Micro Star SCM;c:program filessystem control managerMSIService.exe [2008-12-8 159744]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:windowssystem32driversMSILiveVirtualCamera.sys [2007-1-29 449408]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32driversRTS5121.sys [2008-12-8 156160]
S3 avast! Mail Scanner;avast! Mail Scanner;d:avastashMaiSv.exe [2009-8-16 254040]
S3 avast! Web Scanner;avast! Web Scanner;d:avastashWebSv.exe [2009-8-16 352920]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:windowssystem32driversrt2860.sys [2008-12-8 704384]

=============== Created Last 30 ================

2009-12-04 02:36:06 0 d-----w- c:program filesESET
2009-12-04 01:49:02 0 d-----w- c:program filesTrend Micro
2009-12-04 01:37:29 0 d-----w- c:windowssystem32wbemRepository
2009-12-04 01:36:13 0 d-----w- c:windowsSHELLNEW
2009-12-04 00:03:25 0 d-----w- c:docume~1alluse~1applic~1RegCure
2009-11-30 14:16:36 0 d-----w- c:windowssystem32XPSViewer
2009-11-28 20:15:32 0 d-----w- c:docume~1alluse~1applic~1MediaMall
2009-11-28 16:07:51 0 d-----w- c:docume~1billja~1applic~1Malwarebytes
2009-11-28 15:57:24 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2009-11-28 00:40:47 0 d-----w- c:program filesPlayFLV
2009-11-22 15:27:24 0 d-----w- c:docume~1billja~1applic~1OpenOffice.org
2009-11-22 15:22:36 0 d-----w- c:program filesOpenOffice.org 3
2009-11-22 15:21:44 0 d-----w- c:program filesJava(2)
2009-11-07 05:30:57 0 d--h--w- c:windowsPIF
2009-11-07 05:17:31 0 d-----w- c:program filescommon filesMacrovision Shared

==================== Find3M ====================

2009-09-17 00:09:42 93417 ----a-w- c:windowsHPHins03.dat
2009-09-11 14:18:39 136192 ----a-w- c:windowssystem32msv1_0.dll

============= FINISH: 21:43:50.67 ===============


Thank You in advance

If you want a HJT log I have one

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:55 PM, on 12/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
D:AvastaswUpdSv.exe
D:AvastashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSystem Control ManagerMSIService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesSystem Control ManagerMGSysCtrl.exe
C:Program FilesMSIMSI Q-Facewebtest.exe
D:AvastashDisp.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb11.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSsystem32hphmon06.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesJavajre6binjucheck.exe
D:Orbitdownloaderorbitdm.exe
D:Orbitdownloaderorbitnet.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesESETESET Online ScannerOnlineCmdLineScanner.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSsystem32notepad.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msi.com.tw/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:Orbitdownloaderorbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:OrbitdownloaderGrabPro.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
O4 - HKLM..Run: [MGSysCtrl] C:Program FilesSystem Control ManagerMGSysCtrl.exe
O4 - HKLM..Run: [Q-Face agent] C:Program FilesMSIMSI Q-Facewebtest.exe
O4 - HKLM..Run: [avast!] D:AvastashDisp.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb11.exe
O4 - HKLM..Run: [HPHUPD06] C:Program FilesHP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}hphupd06.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HPHmon06] C:WINDOWSsystem32hphmon06.exe
O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPdigital imagingbinhpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://D:Orbitdownloaderorbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:Orbitdownloaderorbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:Orbitdownloaderorbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:Orbitdownloaderorbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - D:My DocumentsAdvanced JPEG Compressorajcieex.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:AvastaswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:AvastashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:AvastashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:AvastashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:Program FilesSystem Control ManagerMSIService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe

--
End of file - 7662 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 03 December 2009 - 10:16 PM.


BC AdBot (Login to Remove)

 


#2 freakinawesome81

freakinawesome81
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 05 December 2009 - 09:42 PM

After a long process using various tools, I tried ComboFix and it worked on the first try. Thank you guys for suggesting ComboFix to other people with the same problem as me. If it weren't for you I never would have heard of ComboFix.

You may now close this topic.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:15 PM

Posted 16 December 2009 - 04:04 PM

Topic closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users