google problems

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Dijin

Thread Starter
Joined
Jan 18, 2007
Messages
3
if anyone can help me,here is my problem recently whenever i click a hyperlink in google,it redirects me to another site not even related to it,and for some reason i have to manually type address in,do i have spyware or something?
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, Dijin.:)

Welcome to TSG.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

If the above link is broken, try this link. Make sure you extract and save the Hijackthis.exe file in a Permanent folder, rather than a Temp folder.
 
Joined
Jan 9, 2007
Messages
611
well.. my guess is you are be redirected to a 'fake' site which appears to look like google.. is this problem happening in firefox or internet explorer? which version... and most likely, yes, you do have spyware.
 
Joined
Jan 9, 2007
Messages
611
yea submit a hijack this log.... and there will be a much better explanation as to why that is happening
 

Dijin

Thread Starter
Joined
Jan 18, 2007
Messages
3
heres my thing like you said

Logfile of HijackThis v1.99.1
Scan saved at 7:19:46 PM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1134333749\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\program files\common files\aol\1134333749\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1134333749\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134333749\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dmvsv.exe] C:\WINDOWS\system32\dmvsv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ourPC\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3739EF29-69F2-4B29-926F-49B4965785C8}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F3FD20E-EAB3-4356-B7D6-856DF5044BCE}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{8284F636-79E7-456E-8BE1-1C1DF4820DF1}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE933F00-8F10-48FA-ABB9-1099CF07D502}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDDF7CB-C560-414E-9EF7-25894E7491D3}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, Dijin :)

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Please print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from Here or Here.

  1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  2. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  3. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.
Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

O17 - HKLM\System\CCS\Services\Tcpip\..\{3739EF29-69F2-4B29-926F-49B4965785C8}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F3FD20E-EAB3-4356-B7D6-856DF5044BCE}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{8284F636-79E7-456E-8BE1-1C1DF4820DF1}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE933F00-8F10-48FA-ABB9-1099CF07D502}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDDF7CB-C560-414E-9EF7-25894E7491D3}: NameServer = 85.255.113.125,85.255.112.92
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92


Click FIX CHECKED. Close HijackThis.
  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.
  3. Left click on Properties
  4. Double-Click on the Internet Protocol (TCP/IP) item
  5. Select the radio dial that says Obtain DNS Servers Automatically
  6. Press OK twice to get out of the properties screen
  7. Restart the computer
Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

ipconfig /flushdns (The space between g and / is needed)
Exit

Restart the computer.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top