1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Web Browser goes to Website, and then is redirected to www.cnomy.com

Discussion in 'Virus & Other Malware Removal' started by xyklops, Sep 25, 2008.

Thread Status:
Not open for further replies.
  1. xyklops

    xyklops Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    1
    New forum user here, thanks for having this so I could seek assistance.

    This started earlier this week. I would type in a specific website (i.e. www.dell.com) and IE7 would take me there. Approximately 1 to 2 seconds later, IE7 would leave the page and go to a search engine site called www.cnomy.com. I believed this to be a problem with the website itself, so I contacted them and left them a message regarding their issues with the website.

    This afternoon, I started having this problem when navigating to another website (http://www.jayswatches.com), and it took me to the same site. The link that appears in my URL is http://www.cnomy.com/?dn=tipocnt.com&pid= 1POH9271B&prvtof=8b2VkUqfXDOLyQBIuxskP/ZQJUMET8pM2wAo. We began researching this and had some promising leads with DNS Poisoning, but after restarting DNS Servers, and shutting down DNS and redirecting to public DNS servers, this issue still occurs. Incidentally, the first website now no longer redirects from the page to this CNOMY site.

    Either there must be something on our DNS server, or on our computers. From a computer outside the network, the re-direct occurred during the first incident. From another computer outside the STATE during the second incident, everything was fine for that user (website came up normal).

    Here is my HiJackThis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:29:31 PM, on 9/25/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    C:\Program Files\Reflection\rtsserv.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
    C:\WINDOWS\TEMP\AJA0C8.EXE
    C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spark\Spark.exe
    C:\Program Files\TextPad 5\TextPad.exe
    C:\Program Files\VNCon\VNCon.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xpress/intranet
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O1 - Hosts: 172.21.1.4 online4
    O1 - Hosts: 172.29.13.14 centflhc
    O1 - Hosts: 172.23.3.98 mars
    O1 - Hosts: 172.23.3.98 helpdesk
    O1 - Hosts: 172.23.3.99 xpress
    O1 - Hosts: 172.23.3.97 spark
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spark] C:\Program Files\Spark\Spark.exe
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Startup: Spark.lnk = C:\Program Files\Spark\Spark.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://neptune:4343/officescan/console/ClientInstall/WinNTChk.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://neptune:4343/officescan/console/ClientInstall/setup.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {3ECCD025-BBAB-4D54-89A5-A7CD50F6124B} (SummitCSCS.CAPIWrapper) - http://centflhc/shared/SummitCSCS.CAB
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://neptune:4343/officescan/console/ClientInstall/RemoveCtrl.cab
    O16 - DPF: {737B4809-A1B0-4A96-82AC-124040809EF1} (BranchUtil.CAuthentication) - http://centflhc/shared/BranchUtil.CAB
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...23/&filename=jinstall-6u7-windows-i586-jc.cab
    O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://neptune:4343/SMB/console/html/root/AtxEnc.cab
    O16 - DPF: {9CF59D67-FABF-43BB-885B-68E9D6D340F0} (SummitCSCS.CAPIWrapper) - http://centflhc/shared/SummitCSCS.CAB
    O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} (Security Server Management Console) - https://neptune:4343/SMB/console/html/root/AtxConsole.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HealthcareFederal.local
    O17 - HKLM\Software\..\Telephony: DomainName = HealthcareFederal.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1B9073F-33E8-4F72-B2A6-6A60315EE350}: NameServer = 74.165.201.129
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HealthcareFederal.local
    O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
    O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe
    O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    --
    End of file - 7467 bytes

    Thanks for your help!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Browser goes Website
  1. Brigham
    Replies:
    1
    Views:
    431
  2. JimHebert
    Replies:
    9
    Views:
    797
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/753331

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice