Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search links being redirected.


  • Please log in to reply
5 replies to this topic

#1 gtdrew

gtdrew

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 29 December 2008 - 07:00 PM

Where to begin? This is the last stubborn symptom of a rash of problems I have had. Have run updated Malwarebytes and Super AntiSpy in safe mode. The combination has been affective in eliminating almost all of the problems except the redirect issue. It is intermittent and if I go back to the google page and click the link again it goes to the correct link. Also I have AVG free running and have run several scans with it. I think I am to the point where I need to post a highjack log but am not sure. HELP!! Thanks in advance.

Drew

edit: Forgot to add that I am running Windows XP sp2 and using updated Firefox for my browser.

Edited by gtdrew, 29 December 2008 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:27 PM

Posted 29 December 2008 - 07:40 PM

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/


Please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • Please be patient as the scan may take up to 20 minutes to complete.
  • When the process is complete, the SDFix report log will open in Notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 gtdrew

gtdrew
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 29 December 2008 - 09:08 PM

Here is the log. I did have wordpad running while the check was going with the instructions if it makes a difference. So far, so good. It appears to have fixed my problem even though from looking at the log it does not look like it did anything. Hopefully it will be for good! Thank you.



SDFix: Version 1.240
Run by Drew on Mon 12/29/2008 at 08:43 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 20:55:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



edit: cut the paste short, here is the rest.

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"

Finished!

Edited by gtdrew, 29 December 2008 - 09:30 PM.


#4 gtdrew

gtdrew
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 29 December 2008 - 11:24 PM

Spoke too soon. Did a couple yahoo and google searches and a couple of the links routed to lowpriceshopper.com

Even when the right site is reached it is routing through something else.

here is an example from a link for a google search on a Canon camera that eventually returned the right link:

http://www.googadsonline.com/aclk?url=http...d%3D111&p=0

#5 gtdrew

gtdrew
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 30 December 2008 - 01:24 AM

Well, I am throwing in the towel and am going to format. Thank you for your help. I tried the SmitFraud fix as well and still have the redirect problem :thumbsup: Purged several Trojans during this process and I am not comfortable using this computer in the future for important stuff. Thanks again.

#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:27 PM

Posted 30 December 2008 - 11:17 AM

Sometimes that is best
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users