Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mr. Owl

Mr. Owl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 27 November 2012 - 11:08 PM

Google will randomly redirect however I have no idea what is causing this, I have ran TDSSkiller and have received help from "Am I infected? What do I do?" but it is still redirecting.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.9.2
Run by Andrew at 21:59:50 on 2012-11-27
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.872 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\andrew\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4E43E0D6-E6A5-4550-A804-A5108B82F23F} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\andrew\application data\mozilla\firefox\profiles\nvtfmq86.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBFPlugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301920]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-11-22 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-22 1369624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2007-8-28 57344]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-6-17 137488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-22 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-27 20:56:10 -------- d-----w- c:\documents and settings\andrew\application data\SUPERAntiSpyware.com
2012-11-27 20:55:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-27 20:55:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-11-26 19:15:21 -------- d-----w- c:\program files\ESET
2012-11-26 10:38:38 -------- d-----w- c:\program files\HitmanPro
2012-11-24 05:11:07 -------- d-----w- c:\documents and settings\andrew\local settings\application data\Adobe
2012-11-24 05:03:12 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2012-11-24 05:03:05 73728 ----a-r- c:\documents and settings\andrew\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-24 05:03:05 73728 ----a-r- c:\documents and settings\andrew\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-24 05:03:05 73728 ----a-r- c:\documents and settings\andrew\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-11-24 05:02:54 -------- d-----w- c:\program files\Sophos
2012-11-23 07:08:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-23 06:44:15 -------- d-----w- c:\windows\system32\appmgmt
2012-11-22 10:17:53 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-22 10:17:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-22 08:38:51 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-11-22 08:32:54 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-11-22 08:32:11 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-11-22 08:32:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-14 05:06:50 -------- d-----w- c:\documents and settings\all users\application data\.mono
2012-11-14 05:06:37 -------- d-----w- c:\documents and settings\andrew\local settings\application data\The Pok__mon Company International
2012-11-14 05:06:05 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-11-14 05:04:32 -------- d-----w- c:\documents and settings\andrew\application data\Pokémon Trading Card Game Online
2012-11-07 17:26:59 -------- d-----w- c:\program files\Diablo II
2012-11-07 06:08:33 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2012-11-06 09:05:45 -------- d-----w- c:\documents and settings\andrew\local settings\application data\Identities
2012-10-29 04:33:02 -------- d-----w- c:\documents and settings\andrew\.m2
2012-10-29 04:32:27 -------- d-----w- c:\documents and settings\andrew\local settings\application data\NetBeans
2012-10-29 04:32:27 -------- d-----w- c:\documents and settings\andrew\application data\NetBeans
2012-10-29 04:25:34 -------- d-----w- c:\program files\NetBeans 7.2.1
2012-10-29 04:24:57 -------- d-----w- c:\documents and settings\andrew\.nbi
.
==================== Find3M ====================
.
2012-11-22 10:17:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-22 10:17:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-22 08:06:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-22 08:06:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:00:17.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 PM

Posted 28 November 2012 - 08:26 AM

Please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:23 PM

Posted 05 December 2012 - 07:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users