Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IExplore Redirecting


  • This topic is locked This topic is locked
3 replies to this topic

#1 Larry C.

Larry C.

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 16 July 2010 - 01:58 PM

I had a AVsecurity suite infection. By following the directions I was successful in removing the suite. However I now notice that IE is redirecting my URLS. The logs are attached. This one is driving me nuts!
Larry C.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Pam Wartick at 10:32:48.90 on Fri 07/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.406 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pam Wartick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\pamwar~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\what's~1.lnk - c:\program files\what's my computer doing\WhatsMyComputerDoing.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: purerock.com
Trusted Zone: surfernetwork.com\lightningstream
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]

=============== Created Last 30 ================

2010-07-16 15:29:52 0 ----a-w- c:\documents and settings\pam wartick\defogger_reenable
2010-07-15 22:16:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 22:16:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-15 22:16:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 21:59:35 0 d-----w- c:\program files\What's my computer doing
2010-07-14 21:26:16 0 d-----w- c:\windows\pss
2010-07-14 16:48:48 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-14 16:48:47 882 ----a-w- c:\windows\RegSDImport.xml
2010-07-14 16:48:47 879 ----a-w- c:\windows\RegISSImport.xml
2010-07-14 16:48:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-14 16:48:47 131 ----a-w- c:\windows\IDB.zip
2010-07-14 16:48:47 1152444 ----a-w- c:\windows\UDB.zip
2010-07-14 16:48:46 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-14 16:48:46 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-14 16:40:44 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-07-14 16:40:44 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-14 16:40:36 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-14 16:40:36 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-07-14 16:40:36 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-07-14 16:40:36 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-14 16:40:25 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-07-14 16:40:25 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-14 16:40:03 0 d-----w- c:\program files\Spyware Doctor
2010-07-14 16:40:03 0 d-----w- c:\program files\common files\PC Tools
2010-07-14 16:40:03 0 d-----w- c:\docume~1\pamwar~1\applic~1\PC Tools
2010-07-14 16:40:03 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-07-14 01:44:38 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-07-14 01:44:38 22 --sha-w- c:\docume~1\pamwar~1\applic~1\Sys6925.Config Collection.sys
2010-07-14 01:44:19 0 d-----w- c:\program files\jv16 PowerTools 2010
2010-07-14 01:20:41 0 d-----w- c:\program files\iPod
2010-07-14 01:20:34 0 d-----w- c:\program files\iTunes
2010-07-14 01:20:34 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-14 00:53:22 0 d-----w- c:\program files\Bonjour
2010-07-13 22:22:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 22:09:05 0 d-----w- c:\program files\Secunia
2010-07-13 21:56:58 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-13 18:38:28 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-07-13 18:38:28 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-07-06 22:36:12 0 d-----w- c:\program files\CCleaner
2010-07-06 22:29:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-06 22:09:03 0 d-----w- c:\docume~1\pamwar~1\applic~1\Malwarebytes
2010-07-06 22:08:52 0 d-----w- c:\program files\Malwarebytes Anti-Malware
2010-07-06 22:08:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-16 22:46:38 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 21:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-11 23:02:16 168023 ----a-w- c:\windows\hpoins37.dat
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

============= FINISH: 10:34:10.20 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 Larry C.

Larry C.
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 17 July 2010 - 08:44 AM

Am I doing something wrong? I see lots of replies after I posted but not one reply to this one?!
Larry C.

EDIT: Please be patient. There are over 300 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

Edited by Budapest, 17 July 2010 - 06:56 PM.


#3 Larry C.

Larry C.
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 19 July 2010 - 10:34 PM

I had to get this fixed for another person. So I reformatted and reinstalled. I would love to know if it could have been fixed. Maybe the next one I will have more time. You guys are really overloaded.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 21 July 2010 - 05:59 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users