1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

google problems

Discussion in 'Virus & Other Malware Removal' started by Dijin, Jan 18, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Dijin

    Dijin Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    3
    if anyone can help me,here is my problem recently whenever i click a hyperlink in google,it redirects me to another site not even related to it,and for some reason i have to manually type address in,do i have spyware or something?
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Dijin.:)

    Welcome to TSG.

    [​IMG]Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    If the above link is broken, try this link. Make sure you extract and save the Hijackthis.exe file in a Permanent folder, rather than a Temp folder.
     
  3. techy689

    techy689

    Joined:
    Jan 9, 2007
    Messages:
    611
    well.. my guess is you are be redirected to a 'fake' site which appears to look like google.. is this problem happening in firefox or internet explorer? which version... and most likely, yes, you do have spyware.
     
  4. techy689

    techy689

    Joined:
    Jan 9, 2007
    Messages:
    611
    yea submit a hijack this log.... and there will be a much better explanation as to why that is happening
     
  5. Dijin

    Dijin Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    3
    heres my thing like you said

    Logfile of HijackThis v1.99.1
    Scan saved at 7:19:46 PM, on 1/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\AOL\1134333749\ee\AOLSoftware.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    c:\program files\common files\aol\1134333749\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1134333749\ee\aolsoftware.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\AIM\AIM Pro\aimpro.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134333749\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [dmvsv.exe] C:\WINDOWS\system32\dmvsv.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ourPC\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3739EF29-69F2-4B29-926F-49B4965785C8}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F3FD20E-EAB3-4356-B7D6-856DF5044BCE}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8284F636-79E7-456E-8BE1-1C1DF4820DF1}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BE933F00-8F10-48FA-ABB9-1099CF07D502}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDDF7CB-C560-414E-9EF7-25894E7491D3}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
    O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, Dijin :)

    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
    • Open Spybot Search & Destroy.
    • In the Mode menu click "Advanced mode" if not already selected.
    • Choose "Yes" at the Warning prompt.
    • Expand the "Tools" menu.
    • Click "Resident".
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • In the File menu click "Exit" to exit Spybot Search & Destroy.
    Please print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from Here or Here.

    1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    2. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    3. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.
    Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3739EF29-69F2-4B29-926F-49B4965785C8}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F3FD20E-EAB3-4356-B7D6-856DF5044BCE}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8284F636-79E7-456E-8BE1-1C1DF4820DF1}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BE933F00-8F10-48FA-ABB9-1099CF07D502}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDDF7CB-C560-414E-9EF7-25894E7491D3}: NameServer = 85.255.113.125,85.255.112.92
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.92


    Click FIX CHECKED. Close HijackThis.
    1. Enter your Control Panel and double-click on Network Connections
    2. Then right click on your Default Connection
      • Usually Local Area Connection for Cable and DSL, or AOL Connection.
    3. Left click on Properties
    4. Double-Click on the Internet Protocol (TCP/IP) item
    5. Select the radio dial that says Obtain DNS Servers Automatically
    6. Press OK twice to get out of the properties screen
    7. Restart the computer
    Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

    ipconfig /flushdns (The space between g and / is needed)
    Exit

    Restart the computer.

    Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536391

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice