Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet links being redirected


  • This topic is locked This topic is locked
2 replies to this topic

#1 eldur

eldur

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 17 January 2010 - 08:07 AM

Hello All,

If I am doing a google (or yahoo) search (using IE7) and right-click a link to open the link in a new tab, the tab redirects to a different site, usually one that is flagged as "red" with McAfee.

Additional info:
If I cut and paste links from a google search, I am not redirected.
I also do not seem to be getting redirected when right clicking a link at this webpage to open in a new tab.

Thanks in advanced!


Below is my DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 7:41:30.67 on Sun 01/17/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1259 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\Michael\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164412235633
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mastercontrol.webex.com/client/T26L/webex/ieatgpc.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-16 207792]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-8 214664]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-16 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-8 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-8-8 144704]
R3 Gcr432;Gcr432;c:\windows\system32\drivers\gcr432.sys [2001-10-4 53701]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-8-8 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-8 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-8 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-8 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-8 34248]
S3 PublicPreviewTurbineMessageService;Turbine Message Service - PublicPreview;"c:\program files\turbine\turbine download manager - roheryn\turbinemessageservice.exe" --> c:\program files\turbine\turbine download manager - roheryn\TurbineMessageService.exe [?]
S3 PublicPreviewTurbineNetworkService;Turbine Network Service - PublicPreview;"c:\program files\turbine\turbine download manager - roheryn\turbinenetworkservice.exe" --> c:\program files\turbine\turbine download manager - roheryn\TurbineNetworkService.exe [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-16 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-16 1141712]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-01-17 01:06:31 0 d-----w- c:\docume~1\michael\applic~1\Malwarebytes
2010-01-17 01:06:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 01:06:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 01:06:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 01:06:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-17 00:56:56 883 ----a-w- c:\windows\RegSDImport.xml
2010-01-17 00:56:56 880 ----a-w- c:\windows\RegISSImport.xml
2010-01-17 00:56:56 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-17 00:56:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-17 00:56:56 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-17 00:56:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-17 00:56:56 131 ----a-w- c:\windows\IDB.zip
2010-01-17 00:56:56 1152444 ----a-w- c:\windows\UDB.zip
2010-01-17 00:53:37 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-17 00:53:37 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-17 00:53:33 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-17 00:53:33 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-17 00:53:33 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-01-17 00:53:33 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-17 00:53:26 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-01-17 00:53:26 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-17 00:53:19 0 d-----w- c:\program files\Spyware Doctor
2010-01-17 00:53:19 0 d-----w- c:\program files\common files\PC Tools
2010-01-17 00:53:19 0 d-----w- c:\docume~1\michael\applic~1\PC Tools
2010-01-17 00:53:19 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-01-17 00:38:45 0 d-----w- c:\program files\SpywareBlaster
2010-01-17 00:23:27 0 d-----w- c:\program files\TrendMicro
2010-01-05 21:23:12 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-04 16:52:30 0 d-----w- C:\Rawr v2.3.5
2010-01-04 16:18:45 0 d-----w- c:\program files\common files\HP
2010-01-04 16:16:19 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-01-04 16:13:58 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-01-04 16:13:58 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-01-04 16:13:58 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-01-04 16:13:57 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-01-04 16:13:57 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-01-04 16:13:57 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-01-04 16:09:07 21124 ------w- c:\windows\hpomdl07.dat
2010-01-04 16:09:07 113058 ----a-w- c:\windows\hpoins07.dat
2009-12-23 15:31:34 0 d-----w- C:\Rawr v2.3.4
2009-12-18 21:02:56 0 d-----w- c:\windows\system32\Microsoft.VC80.CRT
2009-12-18 21:02:55 659456 ----a-w- c:\windows\system32\AppShare-7-0-22.dll
2009-12-18 19:50:57 0 d-----w- C:\Kahorie's DK Simulator 1.1.8.4
2009-12-18 19:44:05 0 d-----w- c:\docume~1\alluse~1\applic~1\DKOptimize
2009-12-18 19:43:38 0 d-----w- c:\program files\Zerack

==================== Find3M ====================

2009-12-01 13:26:24 70984 ----a-w- c:\documents and settings\michael\g2mdlhlpx.exe
2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

============= FINISH: 7:42:46.28 ===============

Attached Files


Edited by eldur, 17 January 2010 - 10:12 AM.


BC AdBot (Login to Remove)

 


#2 eldur

eldur
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 18 January 2010 - 06:07 PM

I ended up doing an upgrade to Windows 7 to resolve the issue.
I see a ton of people are running into this problem lately, so I wish you luck.


Consider the issue closed smile.gif

Thanks!

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 22 January 2010 - 09:00 AM

Closed upon users request.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users