Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

boka1

23 Posts

5571

June 2nd, 2010 09:00

Redirected searches

Google search shows multiple hits and clicking on a particular hit will more often than not be redirected to some random site, sometimes ask.com but not always. The redirects will happen for a period of time, several hours, then for some reason will not happen for several hours then all of a sudden reappear. The url link can be copied to the address bar and this almost always goes to the correct link. I am running xp-pro SP3 with the latest updates on a Dell T7400 and IE6. Kaspersky Internet security with latest database and with the filters set to max. I started experencing this problem about 60 days ago and have been trying to get rid of it. 3 weeks ago unloaded KAS according to directions from KAS service tech. Downloaded MalwareBytes and ran without KAS loaded, MB found two trojans Trojan.agent and Trojan.Fake Alert. which were sucessfully quanantined and deleted. Also downloaded and ran superantispyware which ran to completion and found nothing. KAS was reinstalled and full system scan run with no problems. This was done several weeks ago and the system appeared to be fine. Also cleaned disk and deleted all previous restore files. Over the last week the redirects have reappeared. I have rerun MB and superantispyware as well as full scans with KAS with no anomalies found. The T7400 is on a network with 2 other machines connected to the internet with a cable modem. All of the other machines are running KAS with latest updates. MB and Superantispyware were also run on these machines and on one KAS was unloaded as described above. Neither of these machines are seeing a redirect problem.

I restarted the T7400 and generated the hijackThis log below; Thanks for your assistance in resolving this. Not sure if word wrap is on or off or where to set this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:24 AM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Sentinel Web\Sentinel.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Sentinel Web\OPTISAFE_Service.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Sentinel Web\UPSInt.exe
C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe"
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll,C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OPTISAFEService - Unknown owner - C:\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10507 bytes

 

 

boka1

23 Posts

June 21st, 2010 14:00

Sorry in the dealy in getting back to you. I removed all of the tools as directed and updated java. The redirect problem is gone but the connection to ie is still slow. i have not updated to ie8. i see many blogs that indicate that IE8 has a lot of problems.

Some of the applications that I use got hosed by some of the cleaners but I was able to uninstall and reinstall with no problem.

is the upgrade to ie8 simply downloading it and installing ? does ie 6 need to uninstalled before installing ie8?

 

again I am much apprectiave of your help and don't know how you find the time to work and do this on the side.

 

 

kevin27_b3d29f

1.5K Posts

June 21st, 2010 23:00

Hi,

You are more than Welcome for the help and advice, its my pleasure.

As for spare time; You are quite right, there seems to be very little of it these days :emotion-5:

IE8 has been around for some time now and I can assure you that all the teething problems that come with any new software have more than been ironed out.

You will not be able to uninstall IE6 as it is built to deeply into Windows, the quickest and easiest way to upgrade to IE8 is via Windows Updates.

Please go to Start (windows icon, bottom left of screen) > All Programs > Windows Updates > and then please install ALL updates that are found, then please keep going back until no updates are shown.

Let me know if the problem still persists after the updates,.

Thanks.

kevin27_b3d29f

1.5K Posts

June 26th, 2010 12:00

Hi,

Please let me know if you still require assistance.

Thanks.

kevin27_b3d29f

1.5K Posts

June 27th, 2010 11:00

This topic is Inactive.....

The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)

If you are the original poster and would like further assistance please post a fresh HJT log and details of the problems you are having.

All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the DCFnewpost.png button.

Regards
K27

boka1

23 Posts

June 29th, 2010 08:00

K27 sorry for the delay in getting back to you, I have been on vacation for several days and away from the pc, you have been most responsive in assisting me.

The only remaing issue is that the links from favorites in IE do not work, I have many of these that I use on a frequent basis. I have tried saving a shorcut from one of the sites to the desktop however the shortcut will not send be back to the website. I nhave not installed IE8 wanting to resolve this before making it more complicated by installing a newer version of IE. Not sure where to start looking for this problem.

kevin27_b3d29f

1.5K Posts

June 29th, 2010 12:00

Hi,

Please give more detail on the Bookmarks problem.

Do you receive any error messages when the web page tries to load?

Are these saved to the Desktop are are they under the Favorites tab of the IE toolbar?

When did they stop working?

Please post back the answers to these question's along with anything else that may be happening.

Thanks,
K27.

boka1

23 Posts

June 29th, 2010 13:00

No errors are generated, and the web page never tries to load.  I double click on the link either on the desktop or as a bookmark in favorites and nothing happens. I have created new desktop shortcuts and they behave the same way. Right click to get to properties of the desktop icon and tabs show General and Security, like it thinks the link is a file rather than a URL link. I have another machine running XP and IE shows the property tabs for the shortcut icon as General and Web Document where the URL address is shown.

I am not sure at what point the links stopped working but  believe it began behaving this way after running the cleanup operations. or maybe the java update.

I have turned off Kaspersky and this makes no difference.

using a text editor this is the listing of one of the links that does not work

[DEFAULT]
BASEURL=http://www.whitepages.com/phone-lookup
[InternetShortcut]
URL=http://www.whitepages.com/phone-lookup
Modified=90EB9F31793CC401C5
IconFile=http://www.whitepages.com/favicon.ico
IconIndex=1

I can type the url address into the address bar and it takes me to the correct link.

 

 

boka1

23 Posts

June 29th, 2010 15:00

Could not find "Import and Export" drop down box next to "Add to Favorites", I found it under File tab  and drop down box with "Import and Export". I exported favorites and cookies, no option to export feeds in IE 6, this option to export feeds is listed on my other machine running IE 7.

The favorites and cookie files have been saved. I checked the Favorite file with a text exitor and it appears to have all of the bookmarks. IF there is another place to get to the feeds data let me know. What information is contained in the feeds item?

 

kevin27_b3d29f

1.5K Posts

June 29th, 2010 15:00

 

Ok, It looks as if something somewhere has been messed up. There are fixes but first we need to backup your bookmarks. Your registry is already backed up so we have no worries there.

  • Please open IE and click the Favorites tab.
  • Then please click the arrow next to "Add to Favorites", this will show a drop down menu.
  • Please click "Import and Export" and place a check mark in the "Export to file Box" and click next.
  • Please a check mark next to all three items Favorites, Feeds, Cookies.
  • Leave the top most folder "Favorites" highlighted and then click next.
  • Then please save the file to somewhere it can be easily found like the desktop.
  • Click next for each of the files, there will be three (3) in total.
  • Click Finish.

Once that is done please check the location that you saved the files too, so we can be sure that your bookmarks are backed up.

Please post back once finished so we can continue.

Thanks.

kevin27_b3d29f

1.5K Posts

June 29th, 2010 16:00

Hi,

Feeds will be for RSS, if you use that let me know (it's basically a notification bookmark for when bookmarked pages changed). If you do not use RSS then dont worry and proceed as follows.

Please go to THIS web site and follow the instructions in the order they are written. Please complete each instruction in turn. Rebooting the system and then checking your bookmarks after each method. please post back once the bookmarks are working. If you get to the end and they are still not working then please post back and we will try something different.

When you first visit the web page, you will get a prompt to run the "MS Fix It" tool, please do so to see if that helps. If not please follow the instructions on the web page.

Please remember to reboot after each method for the changes to take affect.

 

WARNING: The instructions on the linked web page are at the very least of Intermediate difficulty, Please read through them before starting and if there is something that you do not understand, please post back and I will try to simplify them for you.


I would rather you post back with any questions first rather the hosing the system.

Thanks.

boka1

23 Posts

June 30th, 2010 08:00

I have run the fix it tool and rebooted and still have the previously described problem. The link and discussion you recommend concerns hyperlinks, like the one used in your post ie "THIS" takes me to MS's fix it tool. This hyper link works fine.

The problem is with the favorites list and with new shortcuts to specific internet sites. I get no response when double clicking on the favorites list or on the desktop shortcut. Before making changes to the registery I wanted to make sure we are on the same page with what the problem is. Hyperlinks work, favorites and shortcuts on the desktop do not.

kevin27_b3d29f

1.5K Posts

June 30th, 2010 14:00

Hi,

The MS page is for links as well as hyperlinks and bookmarks/favorites/desktop shortcuts are nothing more then just links.

I do understand you concern, and you done right in asking.

Before we start with the complicated stuff, lets first try the easy way. (this wont remove your bookmarks, it will just reset IE)

 

Please open up Internet Explorer(IE) and please go to:

  • Tools
  • Internet Options
  • Advanced Tab
  • Restore Advanced Settings(answer yes to any prompts)


.
Then please close IE, then follow the above instructions but this time click Restore instead of Restore Advanced Settings.
(answer yes to any prompts) and then close IE and then reboot the machine.


Please let me know if the problem persists..

Thanks.

boka1

23 Posts

July 1st, 2010 08:00

Excellent, the reset to defaults fixed the link problem. Everything seems to be working correctly. I will run like this for a couple of days before moving to IE 8. As I understand the upgrade IE 8 simply loads over IE 6 as IE 6 cannot be removed.

Thanks for the diligence and patience in helping resolve the complicated issues.

kevin27_b3d29f

1.5K Posts

July 1st, 2010 13:00

Your Welcome.

You are also quite correct, IE is built into Windows and can not be uninstalled, just do the Windows Updates via All Programs in the Start Menu and IE8 will be installed. It really isn't as problematic as it is made out to be.

I will leave this thread open until tomorrow.

Thanks,
K27.

kevin27_b3d29f

1.5K Posts

July 2nd, 2010 07:00

This topic is Resolved.....

The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)

If you were the originator of this thread and are still having problems please post a fresh HJT log with any symptoms you have. .

All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the DCFnewpost.png button.

Regards
K27

View More

View All

No Events found!

Top