Jump to content

IE Yahoo! and Google Search are redirected

malggg

By malggg
in Resolved Malware Removal Logs

 Share

Recommended Posts

malggg

malggg

Posted
Posted

My IE both Yahoo! and Google Search result links are redirected. But Mozilla and Opera browsers work well. I am using Windows 2000 Service pack 4. Below is my HijackThis log. Thanks for your help.

ogfile of HijackThis v1.99.1

Scan saved at 11:44:57 PM, on 3/28/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

D:\WINNT\System32\smss.exe

D:\WINNT\system32\csrss.exe

D:\WINNT\system32\winlogon.exe

D:\WINNT\system32\services.exe

D:\WINNT\system32\lsass.exe

D:\WINNT\system32\svchost.exe

D:\WINNT\system32\spoolsv.exe

D:\WINNT\system32\drivers\CDAC11BA.EXE

D:\WINNT\System32\svchost.exe

D:\WINNT\System32\GEARSec.exe

D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

d:\program files\common files\mcafee\mna\mcnasvc.exe

D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

D:\PROGRA~1\McAfee\MSC\mcpromgr.exe

d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

D:\WINNT\system32\regsvc.exe

D:\WINNT\system32\MSTask.exe

D:\WINNT\system32\stisvc.exe

D:\WINNT\System32\WBEM\WinMgmt.exe

D:\WINNT\system32\svchost.exe

D:\WINNT\Explorer.EXE

D:\PROGRA~1\mcafee.com\agent\mcagent.exe

D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

D:\WINNT\system32\MSTMON_Q.EXE

D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

D:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe

D:\WINNT\system32\ctfmon.exe

D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe

D:\Program Files\WinZip\WZQKPICK.EXE

D:\Program Files\eFax Messenger 4.2\J2GTray.exe

D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

D:\PROGRA~1\mcafee\msc\mcuimgr.exe

D:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

D:\WINNT\System32\svchost.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\WINNT\system32\rundll32.exe

D:\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptcl.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] D:\WINNT\system32\MSTMON_Q.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Norton Ghost 9.0] "D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [eFax 4.2] "D:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: eFax 4.2.lnk = D:\Program Files\eFax Messenger 4.2\J2GTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O20 - Winlogon Notify: NavLogon - D:\WINNT\system32\NavLogon.dll

O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINNT\system32\drivers\CDAC11BA.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: GEARSecurity - GEAR Software - D:\WINNT\System32\GEARSec.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Hi malggg and welcome to Malwarebytes. Where are your pages being redirected to? I'm not sure I'm understanding what your saying/meaning by redirecting. Are you having any other symptoms? Popups or excess CPU usage? I don't see anything in your log. Have you run malware scans and Antivirus? Get the free AVG antispyware here and run a scan. Also do a online scan here let both scans remove anything they find and save the logs in case we need to see them. Reboot give the browser a try and let me know how it is working.

Link to post
Share on other sites
malggg

malggg

Posted
  • Author
Posted
Hi malggg and welcome to Malwarebytes. Where are your pages being redirected to? I'm not sure I'm understanding what your saying/meaning by redirecting. Are you having any other symptoms? Popups or excess CPU usage? I don't see anything in your log. Have you run malware scans and Antivirus? Get the free AVG antispyware here and run a scan. Also do a online scan here let both scans remove anything they find and save the logs in case we need to see them. Reboot give the browser a try and let me know how it is working.

Below is an example.

I typed "news" in yahoo and pressed search. The first link is CNN. Clicking on it brings me to http://www.toseeka.com/search.php?q=News+A...word_News_About

I ran everything I could adaware, spybot, norton, mcaffe, etc.

Thanks!

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

OK now I know what you have. Details are ever so important for solving these problems.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:

Subratam

Bleeping Computing

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once rebooted please post the text that will open (report.txt) and a new Hijackthis log file into this thread.

If you get a file output similar to below:

Check for missing files

.....

C:\WINDOWS\system32\AUTOEXEC.NT not there

.....

End check for missing files

.....

VXD Check

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\VirtualDeviceDrivers]

"VDD"=hex(7):00

.....

End vxd check

Then re-run this. Its a self extracting file and will replace the necessary files.

http://homepage.ntlworld.com/spencer.greystrong/W2kFiles.exe

Reboot and post a new log please. Also make sure that you have HJT in a folder of it's own. This is where backups will go should we need them.

Link to post
Share on other sites
  • 1 month later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.