PDA

View Full Version : HELP! I'm being redirected!


oberz3
2012-06-05, 17:25
Hello!:)

Hope someone can help with this! Whenever I go to my favorite deal site (www.dealnews.com), and I click on just about any link to see the deal I'm interested in, I will get redirected to one of several unintended web addresses. This happens with Firefox and Chrome, but not with IE9 (don't know why). I have already contacted a "malware remover specialist" on the help forum of aumha.net, but after 4 days of running every scan they've asked for, I still have no resolution to this problem. That's why I've come here. I'm hoping someone will understand what this is and share with me a way to get rid of it for good.

I probably already have logs for most of the scans, so just let me know what you need and I'll get it over to you a.s.a.p.!

Thanks in advance!:thanks:
tashi
2012-06-05, 17:54
Hello oberz3,

Please see the sticky which includes guidelines for this forum. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)


I have already contacted a "malware remover specialist" on the help forum of aumha.net, but after 4 days of running every scan they've asked for, I still have no resolution to this problem. That's why I've come here. I'm hoping someone will understand what this is and share with me a way to get rid of it for good.


Please provide a link to your help topic at aumha.
tashi
2012-06-05, 18:01
Hello oberz3,

Either continue with your topic here: http://aumha.net/viewtopic.php?f=30&t=46064&sid=5f87c64426178ed5dbf32ca9c3e909ca

Or let them know you will request assistance elsewhere.

Best regards,
oberz3
2012-06-05, 18:27
Hello! :flowers:

Hope someone can help with this! Whenever I go to my favorite deal site (dealnews.com), and I click on a link to see the deal I'm interested in, I will get redirected to one of several unintended web addresses. This happens with Firefox and Chrome, but not with IE9 (don't know why). I have already contacted a "malware remover specialist" on the help forum at aumha.net, but after 4 days of running every scan they've asked for, I still have no resolution to this problem. That's why I've come here. I'm hoping someone will understand what this is and share with me a way to get rid of it for good.

** PLEASE SEE REQUESTED LOGS BELOW **

DDS.txt
Attach.txt - zipped, as instructed
Spybot-S&D log (copied & pasted from clipboard, as instructed)

** PLEASE LET ME KNOW IF IT ALL CAME THROUGH CORRECTLY! **
9574
9575

Babylon.Toolbar: [SBI $76A7E290] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055225558}

IncrediBar: [SBI $43928D57] Program directory (Directory, fixing failed)
C:\Users\Ober\Local Settings\Temp\ImInstaller\

iCrossRider: [SBI $C6832577] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.crossrider.com

iCrossRider: [SBI $52E714A1] Settings (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\New Windows\Allow\*.crossrider.com

iCrossRider: [SBI $52E714A1] Settings (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\New Windows\Allow\*.crossrider.com

iCrossRider: [SBI $09948A25] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066226658}

iCrossRider: [SBI $95AAAF89] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077227758}

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Log: Install: setupact.log (Backup file, fixed)
C:\Windows\setupact.log

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, fixed)
HKEY_USERS\S-1-5-21-2621992730-1198906-4004197097-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2621992730-1198906-4004197097-1001\Software\Microsoft\Microsoft Management Console\Recent File List

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-2621992730-1198906-4004197097-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, fixed)
HKEY_USERS\S-1-5-21-2621992730-1198906-4004197097-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2621992730-1198906-4004197097-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2621992730-1198906-4004197097-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2621992730-1198906-4004197097-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-2621992730-1198906-4004197097-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: [SBI $49804B54] Cookie (30) (Cookie, fixed)


Cache: [SBI $49804B54] Cache (150) (Cache, fixed)


History: [SBI $49804B54] History (8) (History, fixed)


Cookie: [SBI $49804B54] Cookie (293) (Cookie, fixed)


History: [SBI $49804B54] History (216) (History, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-01-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-05-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-05-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-09-28 Includes\Trojans.sbi (*)
2012-05-16 Includes\TrojansC-02.sbi (*)
2012-05-18 Includes\TrojansC-03.sbi (*)
2012-05-22 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-05-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

:thanks:
tashi
2012-06-05, 19:05
Hello oberz3,

Please don't post Malware logs in the Spybot forums, thanks :-) (http://forums.spybot.info/showthread.php?t=1266)

Your topic posted in the Spybot-S&D forum was merged into this original thread.


Hello oberz3,

Either continue with your topic here: http://aumha.net/viewtopic.php?f=30&t=46064&sid=5f87c64426178ed5dbf32ca9c3e909ca

Or let them know you will request assistance elsewhere.

Best regards,

At this time please do not start another topic. I have sent you a PM notice.

Also note that requesting assistance at another site when you were already in capable hands raises a red flag to volunteers.
tashi
2012-06-05, 22:58
Topic closed by request.