[bodieseatjoo]

Hello,

Just recently, when I click links through google.com, i.e (wikipedia) it takes me to spyware sites according to my AVG warning

What can I do?

Thank you

[TheShooMan]

So do you actually get re-directed to these sites or is AVG stating they are spyware sites ?

[Phantom010]

Please click here to download and install the HijackThis installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything

[bodieseatjoo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:37 AM, on 10/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskeng.exe
D:\Windows\system32\Dwm.exe
D:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
D:\Windows\Explorer.EXE
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
D:\Windows\System32\rundll32.exe
D:\Windows\System32\rundll32.exe
D:\Windows\System32\wpcumi.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\AVG\AVG9\avgtray.exe
D:\Windows\ehome\ehtray.exe
D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Windows\ehome\ehmsas.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
D:\Program Files\AVG\AVG9\avgui.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Windows\system32\wermgr.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Users\Samson\Desktop\HijackThis.exe
D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WorksFUD] D:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] D:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WPCUMI] D:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] D:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] d:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "D:\Users\Samson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - D:\Windows\System32\DreamScene.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - D:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - D:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9435 bytes

[bodieseatjoo]

And yes, the google links are redirecting me to the sites

[Phantom010]

There's nothing suspicious showing in your HijackThis log.

Did you run a scan with Malwarebytes' Anti-Malware? Make sure to get the latest defininition updates first.

[TheShooMan]

Quote:

Originally Posted by bodieseatjoo

And yes, the google links are redirecting me to the sites

Is this with Internet Explorer ? Do you get the same problems with another browser ? i.e. Chrome, Firefox ?

[bodieseatjoo]

Yes I did, one quick and one full

[bodieseatjoo]

Theshootman: im getting this in firefox only it seems

[TheShooMan]

Quote:

Originally Posted by bodieseatjoo

Theshootman: im getting this in firefox only it seems

Try running Firefox in safe mode as instructed on this link to rule out any malicious add-ons.

http://support.mozilla.com/en-US/kb/Safe+Mode

Does this issue still occur ?

[bodieseatjoo]

ah, so i guess it is an addon, how do I delete it?

[TheShooMan]

Quote:

Originally Posted by bodieseatjoo

ah, so i guess it is an addon, how do I delete it?

In Firefox in the menu bar where you see File Edit View

Click on Tools and you should see Add ons in the dropdown. If you delete ones you dont use and then if the problem persists, disable them one by one and try and single out the offending Add on

[bodieseatjoo]

Okay thanks problem solved ( for now )

[TheShooMan]

Quote:

Originally Posted by bodieseatjoo

Okay thanks problem solved ( for now )

Good news, also make sure your version of Firefox is up to date.

In the Help section also located along the top click 'Check for updates' and update if needed. also in the 'Add-ons' section you will see on the bottom right 'Find updates' to make sure all add-ons are updated too.

Quote:

Originally Posted by bodieseatjoo

ah, so i guess it is an addon, how do I delete it?

Also what was the Add-on messing you about ?

[bodieseatjoo]

I just ended up disabling all of them, but I have movemedia, noscript, microsoft net framework assitance, battlefield heroes updater