Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser's homepage redirected


  • This topic is locked This topic is locked
5 replies to this topic

#1 Dylanz Of Dylanz

Dylanz Of Dylanz

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 24 July 2014 - 01:02 AM

this laptop of mine is running on windows 7 ultimate 32 bit.recently i installed some video player programs and noticed all my browsers's homepage redirected to "http://www.hao123.com".changing the homepage settings in browser doesn't help because in the browser's shortcut properties "http://www.hao123.com/" is present.i removed that line in shortcut properties and after restart it's there again.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Dylan3 at 13:54:23 on 2014-07-24
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.2038.842 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\Dylan3\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\xigua\2.2.0.26\xigua.exe
C:\Program Files\JJPlayer\hdacc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\xigua\2.2.0.26\xgengine.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\xigua\2.2.0.26\xgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\xigua\2.2.0.26\xgportal.exe
C:\Program Files\xigua\2.2.0.26\xgweb.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\xigua\2.2.0.26\xgportal.exe
C:\Program Files\xigua\2.2.0.26\xgweb.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: 879EE8A2-3D40-6B33-0D43-938F3FB19017 Class: {879EE8A2-3D40-6B33-0D43-938F3FB19017} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [uTorrent] "c:\users\dylan3\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [XIGUA] c:\program files\xigua\2.2.0.26\xigua.exe --windowstate=hide source=autorun
uRun: [hdacc] c:\program files\jjplayer\hdacc.exe
mRun: [UUTools] "c:\program files\yuyuplayers\YUTool.exe" /s15
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: ???????? - <no file>
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
LSP: c:\users\public\funacce\FunAcce.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F4F33C46-462B-40B9-BB1A-12771D16778E} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F4F33C46-462B-40B9-BB1A-12771D16778E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4F33C46-462B-40B9-BB1A-12771D16778E}\E416D636F602759666960253737363 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F4F33C46-462B-40B9-BB1A-12771D16778E}\E416D636F602759666960253737363 : DHCPNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-6-24 241728]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-7-10 113680]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-10 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-6-16 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2014-6-16 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-16 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-6-16 1343400]
.
=============== Created Last 30 ================
.
2014-07-23 03:37:19 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9eb85feb-dd80-4463-bc7f-5c6a6368d4cc}\mpengine.dll
2014-07-22 14:53:06 -------- d-----w- c:\program files\JJPlayer
2014-07-22 14:35:12 -------- d-----w- c:\program files\common files\Baidu
2014-07-22 14:35:08 -------- d-----w- c:\program files\Baidu
2014-07-22 14:30:59 -------- d-----w- c:\users\dylan3\appdata\roaming\Baidu
2014-07-22 14:30:59 -------- d-----w- c:\programdata\Baidu
2014-07-22 14:24:26 -------- d-----w- c:\program files\xigua
2014-07-20 17:06:45 -------- d-----w- c:\windows\ERUNT
2014-07-20 17:00:42 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-20 17:00:21 -------- d-----w- C:\AdwCleaner
2014-07-18 11:51:57 -------- d-----w- c:\users\dylan3\appdata\roaming\XiGuaPlayer
2014-07-18 11:45:11 -------- d-----w- c:\programdata\QvodPlayer
2014-07-15 17:53:44 -------- d-----w- c:\users\dylan3\appdata\roaming\Funshion
2014-07-14 11:22:49 -------- d-----w- c:\users\dylan3\appdata\local\Giraffe
2014-07-12 08:59:03 -------- d-----w- c:\windows\tiinst
2014-07-11 18:51:02 -------- d-----w- c:\users\dylan3\appdata\roaming\xgyingshi
2014-07-11 18:24:27 -------- d-----w- c:\programdata\JJPlayer
2014-07-10 14:51:05 113680 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2014-07-10 03:16:01 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-10 03:16:01 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-10 03:16:00 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-10 03:16:00 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-10 03:11:01 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-10 03:11:01 399360 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-10 03:11:01 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-10 03:11:00 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-10 03:11:00 544768 ----a-w- c:\program files\common files\microsoft shared\ink\TipRes.dll
2014-07-10 03:11:00 348672 ----a-w- c:\program files\common files\microsoft shared\ink\tiptsf.dll
2014-07-10 03:11:00 181760 ----a-w- c:\program files\common files\microsoft shared\ink\TabTip.exe
2014-07-10 03:11:00 104448 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-10 03:10:26 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-10 03:10:25 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-10 03:10:08 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-10 03:10:08 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-10 03:10:08 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-10 03:10:07 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-10 03:10:07 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-10 03:10:07 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-10 03:10:07 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-10 03:09:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 16:12:49 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 16:12:49 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 15:34:41 -------- d-----w- c:\windows\system32\zh-CHS
2014-07-09 15:34:41 -------- d-----w- c:\windows\system32\drivers\umdf\zh-CN
2014-07-09 15:34:40 -------- d-----w- c:\windows\system32\drivers\zh-CN
2014-07-09 15:34:37 -------- d-----w- c:\windows\system32\wbem\zh-CN
2014-07-09 15:34:27 -------- d-----w- c:\windows\zh-CN
2014-07-09 15:28:13 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-cn\LXKPTPRC.DLL.mui
2014-07-09 15:27:54 378368 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchs.dll
2014-07-09 15:27:54 12607488 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchsr.dll
2014-07-09 15:25:15 -------- d-----w- c:\windows\zh-TW
2014-07-09 15:25:13 -------- d-----w- c:\windows\system32\zh-CHT
2014-07-09 15:25:04 -------- d-----w- c:\windows\system32\XPSViewer
2014-07-09 15:25:03 -------- d-----w- c:\windows\system32\drivers\zh-TW
2014-07-09 15:25:03 -------- d-----w- c:\windows\system32\drivers\zh-HK
2014-07-09 15:25:03 -------- d-----w- c:\windows\system32\drivers\umdf\zh-TW
2014-07-09 15:24:57 -------- d-----w- c:\windows\system32\wbem\zh-TW
2014-07-09 15:24:56 -------- d-----w- c:\windows\system32\wbem\zh-HK
2014-07-09 15:18:48 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-tw\LXKPTPRC.DLL.mui
2014-07-09 15:18:41 27136 ----a-w- c:\program files\common files\microsoft shared\ink\imchxlm.dll
2014-07-09 15:18:36 424448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwcht.dll
2014-07-09 15:18:36 15720448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchtr.dll
2014-07-09 13:59:50 -------- d-----w- C:\QvodPlayer
2014-07-07 04:24:19 -------- d-----w- c:\users\dylan3\appdata\roaming\DataRepair
2014-07-06 17:48:31 -------- d-----w- c:\users\dylan3\appdata\roaming\Animals
2014-07-06 17:48:23 -------- d-----w- c:\users\dylan3\appdata\roaming\CloudMedia
2014-07-06 10:54:09 -------- d-----w- c:\programdata\KuaiWan
2014-07-06 10:53:33 -------- d-----w- c:\programdata\QMovie
2014-07-06 09:54:17 -------- d-----w- c:\users\dylan3\.android
2014-06-28 09:29:13 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL
2014-06-25 19:00:49 -------- d-----w- c:\program files\MSXML 4.0
2014-06-24 08:07:39 -------- d-----w- c:\windows\system32\appmgmt
2014-06-24 07:57:44 -------- d-----w- c:\users\dylan3\appdata\roaming\Foxit Software
2014-06-24 07:57:14 -------- d-----w- c:\program files\Foxit Software
2014-06-24 07:21:38 -------- d-----w- c:\programdata\LightScribe
2014-06-24 07:18:45 -------- d-----w- c:\users\dylan3\appdata\local\Ahead
.
==================== Find3M  ====================
.
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 07:11:21 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-17 17:14:22 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-11 23:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-11 23:25:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 23:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06:54 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
============= FINISH: 13:55:36.13 ===============

Attached Files


Edited by Dylanz Of Dylanz, 24 July 2014 - 01:08 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:14 AM

Posted 24 July 2014 - 12:49 PM

Good evening. :)

What programs did you install, where did you download them from and did you uninstall them after you realised your PC was infected?

 

Add to that the following: What security programs apart from Malwarebytes Anti-Malware have you had on this system recently - which anti-virus were you using, assuming you had one that is.


Edited by Noviciate, 24 July 2014 - 12:52 PM.

So long, and thanks for all the fish.

 

 


#3 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 24 July 2014 - 12:57 PM

installed a chinese player from http://www.xigua.com/

the program itself was not a malware/virus as i have been reinstalling it in other desktop without problems.the homepage changing thingy was in the program's setup.i was supposed to untick those options but i just clicked next all the way.

i just have malwarebytes nothing else



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:14 AM

Posted 24 July 2014 - 01:51 PM

The golden rule of PC security is one anti-virus running in real time and one firewall - more than one of each can cause conflictions making these unstable.

The fact that you don't have an anti-virus on the system makes me think that a reinstall is a wise move. Without adequate security there is nothing to stop any nasties that you come across have free reign on your machine and there is no telling what other things may have happened to your system while you have been surfing the internet.


So long, and thanks for all the fish.

 

 


#5 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 24 July 2014 - 11:20 PM

a reinstall over tiny issues like this would be funny.it's ok i'll just solve it myself.close topic



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:14 AM

Posted 25 July 2014 - 11:03 AM

Good evening. :)

It's not the issue that you know about, it's the one's that don't make themselves known as there is more to be gained by running in the background that are the concern - keyloggers, DOS attacks etc.. I will do as you ask though and lock the thread,.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users