Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Websites being redirected on IE

This is a discussion on Websites being redirected on IE within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Having problem using google and yahoo. everything i click on is redirected to a different website than what I intended


 
 
Thread Tools Search this Thread
Old 05-19-2009, 12:29 PM   #1
Guest
 
Join Date: May 2009
Posts: 1
OS:



Having problem using google and yahoo. everything i click on is redirected to a different website than what I intended to go to.

inbeded below is the dds.txt
attached are the ark and attach.txt


DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 13:13:31.81 on Tue 05/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1418 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Vongo\Tray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\tempo-4722109.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [NetscapeClient]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.207,85.255.112.210
TCP: {33EC1C97-B0C0-4681-BC86-CDA43E6A0A66} = 85.255.112.207,85.255.112.210
TCP: {9EF1CF32-0E18-4961-8C07-5F1D5C154212} = 85.255.112.207,85.255.112.210
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\khgpijn4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\mozilla firefox\extensions\{ad55c869-668e-457c-b270-0cfb2f61116f}\components\FFAlert.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-19 28544]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2009-05-19 11:53 1,583 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_EZ379AV_YU_0U_QCNF642_E419857002_46_I_S_V_BF.05_T061002_WXP3_L409_M2047_J100_7Intel_8Core2 T7200_92_#061116_N8086109A_()_X_C_Z_2Rev 1_G10DE0398_OHL-DT-ST DVDRAM GSA-4084N_DDEFAULT_HST910021AS.MRK
2009-05-19 09:49 <DIR> --d----- c:\windows\LastGood.Tmp
2009-05-19 09:48 19,569 a------- c:\windows\000002_.tmp
2009-05-19 09:20 19,569 a------- c:\windows\000001_.tmp
2009-05-19 05:55 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-05-19 05:54 <DIR> --d----- c:\program files\Panda Security
2009-05-19 05:25 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-05-19 05:24 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-05-19 05:24 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-05-19 05:24 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-05-19 05:24 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-05-19 05:24 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-05-19 05:24 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-05-19 05:24 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-05-19 05:24 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-05-18 23:17 <DIR> --d----- c:\program files\common files\Scanner
2009-05-18 23:17 <DIR> --d----- c:\program files\ComcastToolbar
2009-05-13 05:05 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-11 22:39 301 ---shr-- C:\autorun.inf
2009-05-11 22:39 <DIR> --d----- c:\program files\HDQuality
2009-05-11 21:32 <DIR> --d----- c:\docume~1\admini~1\applic~1\MozillaControl
2009-05-11 21:32 <DIR> --d----- c:\program files\VideoLAN

==================== Find3M ====================

2009-03-21 08:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 08:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 08:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 18:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 18:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 22:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 04:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 04:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 23:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-02-23 10:55 56,912 a------- c:\documents and settings\administrator\g2mdlhlpx.exe
2008-01-19 15:43 266 a------- c:\documents and settings\administrator\jobq.dat
2007-12-18 00:57 374 a------- c:\docume~1\admini~1\applic~1\internaldb6334.dat
2007-12-18 00:02 18,432 a------- c:\docume~1\admini~1\applic~1\internaldb41.dat
2007-12-18 00:01 555 a------- c:\docume~1\admini~1\applic~1\internaldb8467.dat
2007-03-07 21:18 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 13:14:05.90 ===============
Attached Files
File Type: txt ark.txt (8.6 KB, 22 views)
File Type: txt Attach.txt (12.3 KB, 17 views)
brlsjl55 is offline  
Sponsored Links
Advertisement
 
Old 05-19-2009, 11:53 PM   #2
Security Team
Analyst
 
Gringo_pr's Avatar
 
Join Date: Apr 2009
Location: puerto Rico
Posts: 483
OS: win ep



Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.
  • 1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am going over your logs now and will be back as soon as possible with your instructions

Gringo
__________________
Gringo_pr is offline  
Old 05-20-2009, 07:31 AM   #3
Security Team
Analyst
 
Gringo_pr's Avatar
 
Join Date: Apr 2009
Location: puerto Rico
Posts: 483
OS: win ep



Hello brlsjl55

:run combofix:
  • Please visit this webpage for download links, and instructions for running the tool:

    https://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

:information and logs:
  • In your next post I need the following
    • 1.let me have the log from combofix
      2.let me know if you had any problems
      3.let me know how the computer is doing now

Gringo
__________________
Gringo_pr is offline  
Sponsored Links
Advertisement
 
Old 05-26-2009, 10:17 AM   #4
Security Team
Analyst
 
Gringo_pr's Avatar
 
Join Date: Apr 2009
Location: puerto Rico
Posts: 483
OS: win ep



Hello

five day bump


It has been five days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
__________________
Gringo_pr is offline  
Old 05-28-2009, 01:26 PM   #5
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/secu...oval-help.html
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:54 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts