Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Google searches redirect to random sites

This is a discussion on Google searches redirect to random sites within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. When I do a google search and I click on the hyperlink, I am not taken to the pages I


Closed Thread
 
Thread Tools Search this Thread
Old 01-02-2010, 08:27 PM   #1
Guest
 
Join Date: Jan 2010
Posts: 2
OS:



When I do a google search and I click on the hyperlink, I am not taken to the pages I am trying to go to. I am taken to random advertisement pages. I have run malware-bytes and prevx, both show clean. This redirect problem happens under mozzilla and IE

The URL that causes the redirects 83.133.124.109 that is the main website that all the redirects come from an example of one of the redirects is
83.133.124.109/click.php?c=66b866880b771b1b7dd6f9b9ec00



DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 21:36:22.95 on Sat 01/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1979.1348 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 091229-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe
C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe
C:\Program Files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbkern32.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\administrator.CORP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Page = hxxp://www.google.com
mWindow Title =
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TFNF5] TFNF5.exe
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262042531343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260566542694
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.prejeans.com/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: TosBtNP - TosBtNP.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-14 340592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-12-29 30280]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-1-11 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2008-9-11 5888]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2009-9-27 49152]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-12-29 6222312]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-14 67904]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-12-29 47408]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2008-9-11 126976]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2008-8-29 628072]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-4-30 4992]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-9-27 2058776]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 XBaseMS-Service;XBaseMS-Service;c:\program files\proquestms\partsmanagerpro\xbasesrvr\tbmux32.exe [2009-10-15 401408]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-11 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-9-11 36608]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-12-29 24496]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2008-9-11 435072]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-9-27 131072]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-14 90360]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-14 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-14 64432]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-10-14 46848]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-10-14 153472]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-10-14 153472]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2009-10-14 5248]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-10-14 107008]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]

=============== Created Last 30 ================

2010-01-03 02:59:47 574 ----a-w- C:\cleanup.bat
2010-01-03 02:59:47 135168 ----a-w- C:\zip.exe
2009-12-31 17:08:42 83072 ----a-w- c:\windows\system32\wdmaud.sys
2009-12-31 16:54:16 0 d-----w- c:\docume~1\admini~1.cor\applic~1\Malwarebytes
2009-12-31 16:51:56 0 d-----w- C:\_OTM
2009-12-31 15:49:34 0 d-----w- c:\windows\ServicePackFiles
2009-12-31 15:48:48 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-12-31 15:48:44 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2009-12-31 15:48:40 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2009-12-31 15:48:36 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2009-12-31 15:48:32 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2009-12-31 15:48:26 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2009-12-31 15:48:22 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2009-12-31 15:48:18 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-12-31 15:48:14 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2009-12-31 15:48:10 42752 ------w- c:\windows\system32\drivers\alim1541.sys
2009-12-31 15:48:06 43008 ------w- c:\windows\system32\drivers\amdagp.sys
2009-12-31 15:48:02 56623 ------w- c:\windows\system32\drivers\ati1btxx.sys
2009-12-31 15:46:57 52224 ------w- c:\windows\system32\drivers\atinraxx.sys
2009-12-31 15:45:54 37888 ------w- c:\windows\system32\drivers\bthmodem.sys
2009-12-31 15:44:55 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2009-12-31 15:43:59 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2009-12-31 15:43:55 5888 ------w- c:\windows\system32\drivers\smbali.sys
2009-12-31 15:43:51 44672 ------w- c:\windows\system32\drivers\uagp35.sys
2009-12-31 15:43:47 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2009-12-31 15:43:43 11325 ------w- c:\windows\system32\drivers\vchnt5.dll
2009-12-31 15:43:39 42240 ------w- c:\windows\system32\drivers\viaagp.sys
2009-12-31 15:43:34 14208 ------w- c:\windows\system32\drivers\wacompen.sys
2009-12-31 15:43:30 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-12-31 15:43:26 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-12-31 15:43:22 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-12-31 15:43:18 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-12-31 15:43:14 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-12-31 15:43:10 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-12-31 15:39:32 19569 ----a-w- c:\windows\000001_.tmp
2009-12-31 14:20:36 0 d-sh--w- c:\documents and settings\administrator.corp\IECompatCache
2009-12-31 14:19:26 0 d-sh--w- c:\documents and settings\administrator.corp\PrivacIE
2009-12-31 05:57:40 0 d-sha-r- C:\cmdcons
2009-12-31 05:55:57 98816 ----a-w- c:\windows\sed.exe
2009-12-31 05:55:57 77312 ----a-w- c:\windows\MBR.exe
2009-12-31 05:55:57 261632 ----a-w- c:\windows\PEV.exe
2009-12-31 05:55:57 161792 ----a-w- c:\windows\SWREG.exe
2009-12-31 05:11:09 0 d-----w- C:\Rooter$
2009-12-31 04:48:54 0 ----a-w- c:\windows\system32\8104297.jun
2009-12-31 04:48:46 0 d-----w- c:\program files\Browser Hijack Recover
2009-12-31 03:10:06 0 dc-h--w- c:\windows\ie8
2009-12-30 19:18:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 19:18:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:18:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-30 19:18:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 15:07:21 53136 ----a-w- c:\windows\system32\PxSecure.dll
2009-12-29 15:07:21 47408 ----a-w- c:\windows\system32\drivers\pxrts.sys
2009-12-29 15:07:21 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-12-29 15:07:20 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2009-12-29 15:07:19 0 d-----w- c:\program files\Prevx
2009-12-29 1522 50 ----a-w- c:\windows\wininit.ini
2009-12-29 1522 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-12-28 23:33:35 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-28 23:22:50 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-12-22 17:42:26 128 ----a-w- c:\windows\system32\vssver.scc
2009-12-22 17:26:39 0 d-----w- c:\program files\Verizon Wireless
2009-12-22 17:25:58 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-12-22 17:25:54 0 d-----w- c:\program files\common files\Research in Motion
2009-12-16 01:53:24 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-14 21:37:19 0 d-----w- c:\program files\Citrix
2009-12-12 1730 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-11 19:28:33 0 d-----w- c:\program files\Venturi2

==================== Find3M ====================

2009-11-25 17:15:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01007.Wdf
2009-11-25 17:15:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-11-25 17:15:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
2009-11-25 17:15:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf
2009-11-25 17:15:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-29 07:46:52 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-09-11 09:01:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 21:36:46.15 ===============
Attached Files
File Type: zip attach.zip (5.8 KB, 23 views)
ramscards05 is offline  
Sponsored Links
Advertisement
 
Old 01-09-2010, 09:30 PM   #2
TSF Enthusiast
 
Join Date: Sep 2006
Posts: 1,702
OS: xp



Welcome to the forum ramscards05
Are you still in need of assistance ? if so are there any changes since you last posted and what has been done ?
__________________


Our help is voluntary. But this site needs donations to operate.
LonnyRJ is offline  
Old 01-10-2010, 05:22 PM   #3
Guest
 
Join Date: Jan 2010
Posts: 2
OS:



You can close this thread. I was able to clean this by running ComboFix

There was a .dll file that was infected in c:\windows\system32\drivers\etc folder if I remember correct. The file was successfully restored from a cab file.
ramscards05 is offline  
Sponsored Links
Advertisement
 
Old 01-10-2010, 08:04 PM   #4
TSF Enthusiast
 
Join Date: Sep 2006
Posts: 1,702
OS: xp



Ok ramscards05

Do uninstall combofix, it is not a program you should use on your own without guidance

To uninstal go start run type in
combofix /uninstall
and press enter or click ok

Think Prevention: Put in place a good hosts file
https://www.mvps.org/winhelp2002/hosts.htm
Repeat that proccess about once or even twice a month

To help avoid reinfection see "So how did I get infected in the first place?" https://www.malwarebytes.org/forums/i...9365&hl=place?

Note: Make sure your programs are up to date - older versions may contain Security Leaks.
To find out what programs need to be updated, run the Secunia Software Inspector Scan.
https://secunia.com/software_inspector/
__________________


Our help is voluntary. But this site needs donations to operate.
LonnyRJ is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:08 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts