Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects and tabs opening in firefox


  • This topic is locked This topic is locked
4 replies to this topic

#1 noelplum99

noelplum99

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 20 May 2010 - 06:51 PM

Hi :)
Ok, well I am not the kind of person who bothers people for help until I am at the end of my tether but the old tether is all but exhausted i am afraid.

The problem: Seems to be pretty common symptoms. When I use firefox (chrome doesn't seem to work anymore and IE always crashes on exit so I only use firefox) I get two abherrant behaviours:
1) Every so often (varies between ten minutes or a couple of hours) a new tab will open for no apparent reason with a pretty random link on it (never anything very exciting)
2) Starting a search via either the little firefox search bar or direct via a google page brings up the results but clicking on any of the results gives maybe only a 50:50 chance of getting the required link as opposed to a redirect. copying and pasting the link into the address bar is a workaround.
Both these behaviours redirect all over, quite often to ask.com (10% of the time maybe) and often redirects AND randomly opened tabs seem to be linked in some way to whatever word i have in the google search bar or had entered on the google webpage as if it is utilising that information. Oh and a lot of the links have a small tab/address bar icon that looks like a small blue swirly letter 'a'

what have i tried?
what haven't i tried:
hitman pro
malwarebytes
microsoft security essentials
zonealarm scan (my usual firewall and virus scanner software)
exterminate it!
spybot search and destroy
prevx
a few others i have since deleted and cant recall their names

...and then some software you will tell me off for using without being told to (i feel like I am admitting to my doctor ive been taking prescription medicines behind his back or something) namely:
rkill.exe
tdsskiller
gooredfix
combofix (took me ages to get that to work)

stillo no joy, though the combined forces of all of these found enough viruses, rootkits, trojans etc to infect a small south american republic the problem still remains...... it is kind of becoming an old friend
i am told to supply dds and gmer logs so here goes:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Jim at 20:26:33.56 on 20/05/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1694 [GMT 1:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
SP: ZoneAlarm Security Suite Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ASUS\AASP\1.00.28\aaCenter.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jim\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sleepless-knights.net/forums/portal.php
uInternet Settings,ProxyOverride = *.local
BHO: IECatch Class: {0315aa2c-10c7-4504-a1c4-f552aba8a095} - c:\program files\getgo software\getgo download manager\URLCatch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch_1.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\progra~1\freedo~1\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: GetGo Toolbar: {075bbe29-fec0-404a-a459-ff58713616fa} - c:\program files\getgo software\getgo download manager\GGToolBand.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.09\RivaTunerWrapper.exe" /S
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Down&load &Link& Us&ing Ge&tGo - c:\program files\getgo software\getgo download manager\GGCatch.htm
IE: &Down&load All &Links& Us&ing Ge&tGo - c:\program files\getgo software\getgo download manager\GGCatchAll.htm
IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm
IE: &GetGo Toolbar Search - c:\program files\getgo software\getgo download manager\GGToolBand.dll/MENUSEARCH.HTM
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {01A13E40-2F55-4397-B39B-7851BCFB8008} - c:\program files\getgo software\

Edited by noelplum99, 20 May 2010 - 06:53 PM.


BC AdBot (Login to Remove)

 


#2 noelplum99

noelplum99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 20 May 2010 - 06:56 PM

i must be doing something wrong because it sure is pissing me around as i try and copy and past these logs

Edited by noelplum99, 20 May 2010 - 06:57 PM.


#3 noelplum99

noelplum99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 20 May 2010 - 06:58 PM

ok, well i think i may just chuck the f***ing computer out the window because i can't even post the logs or attach the logs as a file without getting a message when i post it that the connection was reset and when i look back at the post i find a random few lines has been posted.
I think I want to cry now (there isn't even a smilie in the bar for that, even the smilies hate me)

Edited by noelplum99, 20 May 2010 - 07:07 PM.


#4 noelplum99

noelplum99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 20 May 2010 - 07:20 PM

sorry about this, for some reason i cannot for the life of me post this god damned dds log.............aaaaaaaaaaaaargh


PS: i have now tried to post the DDS log about twenty times, tried rebooting my pc, tried using my buggy IE as well as firefox and it only posts about half the report - if i try and post just the second half it posts even less. I really understand it if you guys just tell me to piss off - if I am too useless to even copy and paste text from a notepad doc into a browser window i deserve the pain.

Edited by noelplum99, 20 May 2010 - 07:30 PM.


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:11 AM

Posted 20 May 2010 - 10:17 PM

Hello noelplum99,

You're not the only one experiencing this issue. It is caused by the infection. I have moved some of the posts you made in this topic to this one: http://www.bleepingcomputer.com/forums/t/318046/google-redirects-and-tabs-opening-in-firefox/ and then merged them removing duplicate information. That topic now contains the most complete log information in one post.

Now that you have posted a log here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic and will later delete it. Good luck with your log.

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users