Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links taking me to other sites...


  • This topic is locked This topic is locked
4 replies to this topic

#1 thebana

thebana

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 26 March 2009 - 11:04 AM

Hi,

I'm having a problem with google links taking me to other sites. Also, AVG would not update and SpyBot will not open. I've tried a couple of things but can't seem to get rid of this problem.

Log below...


DDS (Ver_09-03-16.01) - NTFSx86
Run by Bana at 15:58:15.71 on 26/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.542 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Kontiki\KHost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Bana's Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [kdx] d:\program files\kontiki\KHost.exe -all
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Slawdog Smart Shutdown] d:\program files\slawdog\smart shutdown\Smart Shutdown.exe startup
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [ATICCC] "d:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - d:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://edownload.grisoft.cz/ewidoOnlineScan.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235341697139
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\bana\applic~1\mozilla\firefox\profiles\55u8q2dt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: d:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: d:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: d:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2009-3-26 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2009-3-26 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-3-26 107912]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-26 298264]
S4 gupdate1c9a3cf51953ce4;Google Update Service (gupdate1c9a3cf51953ce4);d:\program files\google\update\GoogleUpdate.exe [2009-3-13 133104]

=============== Created Last 30 ================

2009-03-26 15:39 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-03-26 15:39 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 15:39 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-03-26 15:39 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-26 15:04 1,514 a------- d:\windows\system32\tmp.reg
2009-03-26 15:00 <DIR> --d----- d:\program files\Trend Micro
2009-03-26 13:38 <DIR> --d----- d:\program files\Spybot - Search & Destroy
2009-03-26 13:38 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-26 13:00 10,520 a------- d:\windows\system32\avgrsstx.dll
2009-03-26 13:00 107,912 a------- d:\windows\system32\drivers\avgtdix.sys
2009-03-26 13:00 325,640 a------- d:\windows\system32\drivers\avgldx86.sys
2009-03-26 13:00 <DIR> --d----- d:\windows\system32\drivers\Avg
2009-03-26 12:59 <DIR> --d----- d:\program files\AVG
2009-03-26 12:59 <DIR> --d----- d:\docume~1\alluse~1\applic~1\avg8
2009-03-25 15:40 <DIR> --d----- d:\docume~1\bana\applic~1\Torrent Episode Downloader
2009-03-25 15:40 410,984 a------- d:\windows\system32\deploytk.dll
2009-03-25 15:40 73,728 a------- d:\windows\system32\javacpl.cpl
2009-03-25 15:38 <DIR> --d----- d:\program files\Torrent Episode Downloader
2009-03-25 11:21 <DIR> --d----- d:\docume~1\bana\applic~1\GrabIt
2009-03-25 11:18 49,152 a------- d:\windows\system32\E_DCINST.DLL
2009-03-25 11:18 75,264 a------- d:\windows\system32\E_FLBBEE.DLL
2009-03-25 11:18 62,976 a------- d:\windows\system32\E_FD4BBEE.DLL
2009-03-25 11:18 25,856 ac------ d:\windows\system32\dllcache\usbprint.sys
2009-03-25 11:18 25,856 a------- d:\windows\system32\drivers\usbprint.sys
2009-03-25 11:16 <DIR> --d----- d:\program files\EPSON
2009-03-25 11:16 <DIR> --d----- d:\docume~1\alluse~1\applic~1\EPSON
2009-03-23 21:50 <DIR> --d----- d:\program files\Tribler
2009-03-23 21:39 <DIR> --d----- d:\program files\SwarmPlayer
2009-03-23 21:36 <DIR> --d-h--- d:\program files\InstallJammer Registry
2009-03-20 09:51 <DIR> --d----- d:\program files\LJ Comment Stats Wizard
2009-03-10 12:28 <DIR> --d----- d:\docume~1\alluse~1\applic~1\ALM
2009-03-10 12:18 2,463,976 a------- d:\windows\system32\NPSWF32.dll
2009-03-10 12:18 190,696 a------- d:\windows\system32\NPSWF32_FlashUtil.exe
2009-03-10 11:51 <DIR> --d----- d:\program files\common files\Macrovision Shared
2009-03-09 23:18 664 a------- d:\windows\system32\d3d9caps.dat
2009-03-09 19:11 <DIR> --d----- d:\program files\Microsoft
2009-03-06 22:01 <DIR> --d----- d:\program files\Slawdog
2009-03-05 20:06 <DIR> --d----- d:\docume~1\bana\applic~1\id Software
2009-03-05 20:05 138,784 a------- d:\windows\system32\drivers\PnkBstrK.sys
2009-03-05 20:05 22,328 a------- d:\docume~1\bana\applic~1\PnkBstrK.sys
2009-03-05 20:04 188,896 a------- d:\windows\system32\PnkBstrB.exe
2009-03-05 20:04 2,246,144 a------- d:\windows\system32\pbsvc.exe
2009-03-05 20:04 70,968 a------- d:\windows\system32\PnkBstrA.exe
2009-03-05 20:04 <DIR> --d----- d:\docume~1\alluse~1\applic~1\id Software
2009-03-05 19:20 <DIR> --d----- d:\docume~1\bana\applic~1\Miranda
2009-03-05 19:19 <DIR> --d----- d:\program files\Miranda IM
2009-03-04 19:19 218,624 ac------ d:\windows\system32\dllcache\uxtheme.dll
2009-03-01 03:12 <DIR> --d----- d:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-28 22:20 56 a---h--- d:\windows\system32\ezsidmv.dat
2009-02-28 22:19 <DIR> --d--r-- d:\program files\Skype
2009-02-28 21:23 32,592 a------- d:\windows\system32\msonpmon.dll
2009-02-28 21:10 <DIR> --d----- d:\program files\Microsoft Visual Studio 8
2009-02-28 21:09 <DIR> --d----- d:\windows\SHELLNEW
2009-02-27 09:51 26,496 ac------ d:\windows\system32\dllcache\usbstor.sys
2009-02-26 19:08 9,600 ac------ d:\windows\system32\dllcache\hidusb.sys
2009-02-26 19:08 9,600 a------- d:\windows\system32\drivers\hidusb.sys
2009-02-26 19:06 <DIR> --d----- d:\program files\Project64 1.6
2009-02-26 14:00 <DIR> --d----- d:\program files\VideoLAN
2009-02-25 23:49 1,197,294 -c------ d:\windows\system32\dllcache\sysmain.sdb
2009-02-25 23:49 764,868 -c------ d:\windows\system32\dllcache\apph_sp.sdb
2009-02-25 23:49 217,118 -c------ d:\windows\system32\dllcache\apphelp.sdb
2009-02-25 23:49 <DIR> --d----- d:\program files\Windows Media Connect 2
2009-02-25 15:49 <DIR> --d----- d:\program files\AnalogX
2009-02-25 15:48 <DIR> --d----- d:\windows\system32\appmgmt
2009-02-25 15:43 <DIR> --d----- d:\program files\7Northfield
2009-02-24 20:32 <DIR> --d----- d:\program files\Steam

==================== Find3M ====================

2009-03-04 19:19 218,624 a------- d:\windows\system32\uxtheme.dll
2009-02-23 04:39 86,327 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-22 21:48 21,640 a------- d:\windows\system32\emptyregdb.dat
2009-02-09 10:19 1,846,272 a------- d:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- d:\windows\system32\sirenacm.dll

============= FINISH: 15:58:39.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:35 AM

Posted 04 April 2009 - 06:37 PM

Hello thebana,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 thebana

thebana
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 April 2009 - 12:56 PM

Thanks for the reply but I bit the bullet and did a format/reinstall.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:35 AM

Posted 05 April 2009 - 09:26 PM

Hello,

Aw, I'm sorry, but thank you so much for letting me know. :thumbup2:

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:35 AM

Posted 14 April 2009 - 02:44 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users