Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pesky search redirects and annoying Vimax ads


  • This topic is locked This topic is locked
2 replies to this topic

#1 mylo7

mylo7

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 24 December 2009 - 03:52 AM

I've stumbled across the infamous search redirect problem everyone has seemed to have had last year. Every google search result I click on redirects me to some lesser search engine. To make matters worse, Almost every website I visit contains an ad for Vimax, depicting some freaky blonde with her eyes wide open with the caption, "Surprise her with a bigger bleep." It's getting freaking ridiculous seeing these on popular websites such as CtrlAltdel, GaiaOnline, and even here on Bleeping Computer.

I am using Firefox on Windows Vista. My anti-virus/spyware/malware/etc. programs consist of Avira(replaced over AVG), MalwareBytes, Spybot, and HijackThis. I've removed countless harmful items thanks to these and have tried several methods such as running these programs on Safe Mode, turning off/on System Restore, etc. but the fake search engines and creepy Vimax blonde still stalk me. I cannot run a Kaspersky online scan as the service is currently not available on their website.

This is purely ridiculous. I'm sure no one wants to have friends or family read an article off of their computer and find a bleep enlargement ad to the side. Much help is greatly appreciated, especially for the holidays.



Here's my DSS log:




DDS (Ver_09-12-01.01) - NTFSx86
Run by Matt at 0:18:21.27 on Thu 12/24/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3069.1684 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\8w24zgsj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\matt\appdata\roaming\move networks\plugins\npqmp071502000008.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-20 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-20 56816]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-23 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-5-4 179712]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2008-10-17 7168]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-15 24652]

=============== Created Last 30 ================

2009-12-24 06:29:48 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 06:39:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-21 06:39:07 0 d-----w- c:\programdata\Avira
2009-12-21 06:39:07 0 d-----w- c:\program files\Avira
2009-12-20 08:17:35 65536 --sha-w- c:\users\matt\NTUSER.DAT{faafb6ec-ed33-11de-810c-001c23fcbd70}.TM.blf
2009-12-20 08:17:35 524288 --sha-w- c:\users\matt\NTUSER.DAT{faafb6ec-ed33-11de-810c-001c23fcbd70}.TMContainer00000000000000000002.regtrans-ms
2009-12-20 08:17:35 524288 --sha-w- c:\users\matt\NTUSER.DAT{faafb6ec-ed33-11de-810c-001c23fcbd70}.TMContainer00000000000000000001.regtrans-ms
2009-12-19 17:05:20 31232 ----a-w- c:\windows\system32\httpapi(197).dll
2009-12-19 17:00:39 0 d-----w- c:\program files\MSXML 4.0
2009-12-19 16:59:30 1399296 ----a-w- c:\windows\system32\msxml6(225).dll
2009-12-19 16:59:29 1257472 ----a-w- c:\windows\system32\msxml3(222).dll
2009-12-19 16:59:26 378368 ----a-w- c:\windows\system32\winhttp(249).dll
2009-12-19 16:59:20 833024 ----a-w- c:\windows\system32\wininet(250).dll
2009-12-19 16:59:20 1174528 ----a-w- c:\windows\system32\urlmon(242).dll
2009-12-19 16:59:18 270848 ----a-w- c:\windows\system32\iertutil(205).dll
2009-12-19 16:58:42 281600 ----a-w- c:\windows\system32\raschap(236).dll
2009-12-19 16:58:42 244224 ----a-w- c:\windows\system32\rastls(237).dll
2009-11-28 22:52:58 16640 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2009-11-28 22:51:57 0 d-----w- c:\programdata\HotSync
2009-11-28 22:51:16 0 d-----w- c:\program files\Palm
2009-11-28 07:45:09 73728 ----a-w- c:\windows\system\vdremote.dll
2009-11-28 07:45:09 65536 ----a-w- c:\windows\system\vdsvrlnk.dll

==================== Find3M ====================

2009-12-21 06:41:35 118896 ----a-w- c:\users\matt\appdata\roaming\nvModes.dat
2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 22:53:17 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-28 22:53:17 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-28 22:53:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2008-11-24 18:07:02 174 --sha-w- c:\program files\desktop.ini
2008-11-24 17:51:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-28 12:52:06 76 --sha-r- c:\windows\CT4CET.bin
2007-07-11 15:27:18 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:19:25.35 ===============

Attached Files


Edited by mylo7, 24 December 2009 - 03:55 AM.


BC AdBot (Login to Remove)

 


#2 mylo7

mylo7
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 02 January 2010 - 02:13 AM

PROBLEM RESOLVED

When all other antivirus programs failed, I simply downloaded and ran ComboFix and I haven't seen the quirky blonde in website ads since. Yes, all no thanks to the people here at Bleeping Computer. I know you're all too busy with real life, holidays considered, but really? It's been a week already. Things were posted here on Christmas Day and were answered within a matter of hours. Oh well.

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:00 AM

Posted 02 January 2010 - 01:15 PM

Have a good day
Topic closed
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users