Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect (again)


  • This topic is locked This topic is locked
2 replies to this topic

#1 sirEgghead

sirEgghead

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 28 January 2011 - 11:02 AM

All previous details for this PC is on this thread:
http://www.bleepingcomputer.com/forums/topic375865.html
Basically, when using IE and FF, any links I follow from Google get redirected to some random spam. I've cleaned up several malware apps already. The issue still remains.

Pasted below and attached are my logs as requested from the prep guide referred by Budapest



DDS (Ver_10-12-12.02) - NTFSx86
Run by Gerald Garland at 8:15:46.67 on Fri 01/28/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1328 [GMT -5:00]


============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Documents and Settings\Gerald Garland\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client for internet explorer\YontooIEClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDY0NDg3MTUwLVQyMS1VODUrMS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtWDIwMTArMi1WSVAxMCsxLUYxME0xMEQrMQ"&"prod=90"&"ver=10.0.1187
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotuso~1.lnk - c:\lotus\organize\easyclip.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotuss~2.lnk - c:\lotus\smartctr\smartctr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotuss~1.lnk - c:\lotus\smartctr\suitest.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]

=============== Created Last 30 ================

2011-01-27 22:45:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-27 22:45:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-27 22:45:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-27 21:20:30 -------- d--h--w- C:\$AVG
2011-01-26 21:21:10 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-26 20:38:18 -------- dc-h--w- c:\windows\ie8
2011-01-26 20:28:13 -------- d-sh--w- c:\documents and settings\gerald garland\IECompatCache
2011-01-26 20:24:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-26 20:23:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-26 19:12:13 58880 ---ha-w- c:\windows\system32\bootnsvr.dll
2011-01-26 18:55:21 -------- d-----w- c:\docume~1\gerald~1\applic~1\Malwarebytes
2011-01-26 18:55:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-26 18:26:30 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-26 17:08:39 -------- d-----w- c:\docume~1\gerald~1\applic~1\SUPERAntiSpyware.com
2011-01-26 17:08:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-26 17:08:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-26 17:05:44 -------- d-----w- c:\docume~1\gerald~1\locals~1\applic~1\temp
2011-01-26 17:04:45 -------- d-----w- c:\program files\VS Revo Group
2011-01-26 13:36:35 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-01-22 00:10:49 -------- d-----w- c:\docume~1\gerald~1\applic~1\Guwo
2011-01-20 21:05:42 98304 --sha-r- c:\windows\system32\winverv.dll

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-11 14:11:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 06:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

============= FINISH: 8:18:16.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sirEgghead

sirEgghead
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 28 January 2011 - 03:38 PM

Scratch this. There's another router here that's got the DNS listings from the DHCP server here all messed up. I thought it was a bit strange that a second PC came in and had the same issue.

Anyway, problem solved. Thanks guys.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 28 January 2011 - 03:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users