Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Google redirects to irrelevant locations

  • This topic is locked This topic is locked
1 reply to this topic

#1 The Handyman

The Handyman

  • Members
  • 1 posts
  • Local time:05:10 PM

Posted 27 February 2011 - 02:49 AM

Goodafternoon Ladies & Gentlemen,

The problem - When I click on links found in a Google search, I get redirected to irrelevant web sites.

I found my way here via a Google forum that suggested Combofix at Bleeping Computers whose instructions recommended your forum (among others)..

For the record I was attempting to solve this problem on an other forum. I have SolidWorks and Citrix ICA client on my system. The previous forum incorrectly labled my computer as a business unit and unilaterally cut me off. I unreservedly state: this computer is not a business machine, it is at my home and is for my personal use. If this is going to be a problem can we work it out now.

A question - I notice you folk instruct to download onto the Desktop. I prefer to to put as little software as possible on the 'C:\' drive and therefore only have shortcuts on the desktop. Will this intrfear with the elimination of my possible Malware.

Log as requested are below.(I hope I got everything)

Look forward to hearing from you shortly.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Bob Thompson at 20:47:39.34 on Wed 23/02/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2721 [GMT 10:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Spatial Freedom\Astroid\AstroidSvc.exe
C:\Documents and Settings\Bob Thompson\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
J:\ScanSoft\PaperPort 12\PaperPort\PDFProFiltSrvPP.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
J:\ScanSoft\PaperPort 12\PaperPort\pptd40nt.exe
J:\ScanSoft\PaperPort 12\PDFViewerPlus\pdfpro5hook.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
J:\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=15620&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\spybot~1\SDHelper.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - j:\scansoft\paperport 12\pdfviewerplus\bin\PlusIEContextMenu.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - j:\scansoft\paperport 12\pdfviewerplus\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - j:\scansoft\paperport 12\pdfviewerplus\bin\ZeonIEFavClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [H/PC Connection Agent] "j:\activesync\WCESCOMM.EXE"
uRun: [SpybotSD TeaTimer] h:\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Opware14] "j:\scansoft\omnipagepro14.0\Opware14.exe"
mRun: [IndexSearch] "j:\scansoft\paperport 12\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "j:\scansoft\paperport 12\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "j:\scansoft\paperport 12\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] j:\scansoft\paperport 12\pdfviewerplus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] j:\scansoft\paperport 12\pdfviewerplus\RegistryController.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "l:\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "h:\adobe\reader\reader\Reader_sl.exe"
mRun: [ISTray] "h:\pc tools security\pctsGui.exe" /hideGUI
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\bobtho~1\startm~1\programs\startup\hpsimp~1.lnk - c:\documents and settings\bob thompson\application data\hp simplesave application\StartHelper.exe
StartupFolder: c:\docume~1\bobtho~1\startm~1\programs\startup\micros~1.lnk - j:\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append the content of the link to existing PDF file - j:\scansoft\paperport 12\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - j:\scansoft\paperport 12\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - j:\scansoft\paperport 12\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - j:\scansoft\paperport 12\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - j:\scansoft\paperport 12\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - j:\scansoft\paperport 12\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Open PDF in Word
IE: Open with PDF Viewer Plus - j:\scansoft\paperport 12\pdfviewerplus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - j:\active~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - j:\active~1\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - j:\activesync\aatp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - j:\active~1\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - j:\active~1\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - j:\active~1\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - j:\active~1\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - j:\active~1\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - j:\active~1\CENetFlt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bobtho~1\applic~1\mozilla\firefox\profiles\xvyipjmq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\documents and settings\bob thompson\application data\mozilla\firefox\profiles\xvyipjmq.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: g:\mozilla\firefox\plugins\npicaN.dll
FF - plugin: h:\adobe\reader\reader\browser\nppdf32.dll
FF - plugin: l:\itunes\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - g:\mozilla\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - g:\mozilla\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - g:\mozilla\firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R2 Astroid;Astroid;c:\program files\spatial freedom\astroid\AstroidSvc.exe [2009-9-8 131072]
R2 BackupService;BackupService;c:\documents and settings\bob thompson\application data\hp simplesave application\uUACTokenSvc.exe [2010-8-15 83512]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;j:\scansoft\paperport 12\paperport\PDFProFiltSrvPP.exe [2009-8-27 144672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-3-28 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; [x]
S3 W2wtmhid;Wintime HID;c:\windows\system32\drivers\w2wtmhid.sys [2010-1-1 26624]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2011-02-16 11:37:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-16 11:37:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-16 11:37:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-02-05 01:17:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2010-12-18 06:40:16 85504 --sha-r- c:\windows\system32\SCP32A.dll
2010-11-29 07:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 07:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 20:48:00.84 ===============

Attached Files

BC AdBot (Login to Remove)


#2 Noviciate


  • Malware Response Team
  • 5,277 posts
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:10 PM

Posted 27 February 2011 - 03:26 PM

Good evening. :)

Having reviewed your logs I have a few concerns, namely a lack of Windows Updates and security programs.

Your Operating System shows as XP Service Pack 2 which makes it over two and a half years out of date as Service Pack 3 came out in May of 2008. This means that your PC is open to any number of exploits that Microsoft have released patches for but which you haven't installed on your system.
I also see no anti-virus or firewall installed, which just compounds the problem. There are traces of a Norton installation, but they look to be quite old, so i'm assuming that this hasn't provided any realistic form of protection in some time.

Given the potential issues that your PC faces due to the above, my best advice is to back up any important data and then reformat and reinstall Windows and then fully update it and get some security software installed.

So long, and thanks for all the fish.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users