Thread: Google search redirected..sometimes
View Single Post
Old 07-03-2009, 05:18 AM   #1 (permalink)
maritime.mark
Registered User
 
Join Date: Sep 2008
Posts: 13
OS: windows xp sp2


Google search redirected..sometimes
I have a machine running Windows XP Pro with service pack 3 and IE8 installed. When I type in a search term, either into the search box on top of the IE window or at Google.com, I get to the results screen with what looks to be good links. The websites titles are in the links along with a partial description. However, when I click on a result link, it will sometimes take me to the site as shown, but sometimes it will go to another site that has nothing to do with my search. It is not always the same site either. I think there is some kind of redirect virus, but everything I have used finds nothing. Well, actually the first few scan did find stuff, adware, cookies, but after they were cleared out, the behavior remains the same. The scans I used were malwarebytes, superantispyware, comodo internet security free version, avg 8.5 free, Malicious software removal tool june version, windows defender, Spybot S & D, Trojan remover, smitfraudfix, pandascan, kaspersky online scan. Oh and sometimes when I try to connect for the first time to pandascan, or kaspersky website oir another security related website, I will get a small window that will pop up stating that a malicious addon is trying to access a suspicious website and IE is stopping this from happening. Except I do not think that it is actually IE doing it. Attached are the logs as requested.

Thanks for the help

Mark

DDS.txt

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 21:49:22.75 on Thu 07/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.136 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {7C2FC77A-AF76-4A75-AC16-B02A13829F34} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238897964810
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {ADD4AAEA-CBAB-4B18-A7E3-AD7EC8FC3E91} = 208.67.222.222,208.67.220.220
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2006\HelpAsyncPluggableProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\lbhhoxfz.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-10 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-10 24096]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-6-10 692496]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [2009-4-7 82432]
S4 KLC;KLC;c:\docume~1\owner\locals~1\temp\klc.exe --> c:\docume~1\owner\locals~1\temp\KLC.exe [?]

=============== Created Last 30 ================

2009-07-01 22:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-01 22:03 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-24 20:35 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-06-24 20:33 <DIR> --d----- c:\windows\ERUNT
2009-06-24 20:30 <DIR> --d----- C:\SDFix
2009-06-22 22:09 <DIR> --d----- c:\program files\Lavasoft
2009-06-22 21:20 <DIR> --d----- C:\b2399a19aa5feced0725f3
2009-06-18 21:46 <DIR> --d----- c:\program files\Trojan Remover
2009-06-18 21:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-06-18 21:10 2,376 a------- c:\windows\system32\tmp.reg
2009-06-16 21:56 <DIR> --d----- c:\docume~1\owner\applic~1\.clamwin
2009-06-16 06:53 <DIR> --d----- c:\documents and settings\owner\.housecall6.6
2009-06-15 21:32 <DIR> --d----- c:\program files\Panda Security
2009-06-12 22:05 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-12 06:49 <DIR> --d----- c:\program files\Auslogics
2009-06-11 21:49 <DIR> --d----- c:\docume~1\owner\applic~1\Digital Support
2009-06-10 20:06 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-06-10 20:01 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:01 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-06-10 07:15 168,208 a------- c:\windows\system32\guard32.dll
2009-06-10 07:15 132,640 a------- c:\windows\system32\drivers\cmdguard.sys
2009-06-10 07:15 24,096 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-06-10 07:15 <DIR> --d----- c:\program files\COMODO
2009-06-09 22:33 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-07 20:54 <DIR> a-dshr-- C:\cmdcons
2009-06-07 20:51 161,792 a------- c:\windows\SWREG.exe
2009-06-07 20:51 155,136 a------- c:\windows\PEV.exe
2009-06-07 20:51 98,816 a------- c:\windows\sed.exe
2009-06-04 17:52 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 22:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-03 22:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-03 22:03 <DIR> --d----- c:\windows\ie8updates
2009-06-03 22:02 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-11 15:30 118,642 a------- c:\windows\hpoins09.dat
2009-04-04 06:15 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 21:50:22.53 ===============
Attached Files
File Type: zip Attach.zip (3.8 KB, 3 views)
maritime.mark is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here