Results 1 to 4 of 4

Thread: Please help! Google redirect + can't seem to download/run any malware/virus scans.

  1. #1
    Junior Member
    Join Date
    Sep 2011
    Posts
    21

    Default Please help! Google redirect + can't seem to download/run any malware/virus scans.

    Hello, and thank you so much in advance. I have a fairly new computer with Windows XP SP3, which started acting buggy about a week ago. The first thing I noticed is that my google clicks (on Chrome) were being redirected by sites like "jollysearchengine" etc. I've tried downloading Spybot, MBAM, AVG, and AdAware.

    Spybot and MBAM's executable files won't start--I get a windows error message saying I may not have permissions to open the file. (Spybot will update, however, on first run.) I've run as Ryan (administrator), and as plain "Administrator" in safe mode. I've tried various renaming approaches, but I still get the message. AdAware "can't connect to the service", and AVG wouldn't finish install.

    I then tried a handful of system restores from 1, 2, and 3 weeks earlier, to no luck. (Some did funny things such as mangle my keyboard driver; I finally stuck to one where I was able to install AVG. But even then, after only one successful scan where malware was found, AVG would only run scans 1 second in length, of 0 files.) I've since installed Avira, which seems to detect different things constantly via annoying notifications. When I click "remove" on any of them, it seems like it's not doing anything other than hiding the notification.

    My computer is also running much more slowly, and preventing me from effectively doing certain school assignments.

    Thanks again,
    Ryan

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Ryan at 15:07:41 on 2011-09-25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1732 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    "\\.\globalroot\Device\svchost.exe\svchost.exe"
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\UnlockerAssistant.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\WINDOWS\system32\calc.exe
    C:\Program Files\Avira\AntiVir Desktop\update.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Vuze\Azureus.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\ryan\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
    mRun: [UnlockerAssistant] "c:\windows\system32\UnlockerAssistant.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [NortonOnlineBackup] c:\program files\symantec\norton online backup\NOBuClient.exe
    mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
    mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
    mRun: [WUSB54Gv4] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [ctfmon.exe] ctfmon.exe
    dRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: NoResolveTrack = 1 (0x1)
    dPolicies-explorer: NoInstrumentation = 1 (0x1)
    dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{2A5235AD-192B-435F-8916-D490017C23D3} : DhcpNameServer = 192.168.1.1 71.252.0.12
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: schannel.dll, credssp.dll, digest.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-20 11608]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-20 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-20 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-20 66616]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\daodb\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-6-1 30392]
    S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2010-4-22 136616]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
    S2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\nobuagent.exe service --> c:\program files\symantec\norton online backup\NOBuAgent.exe service [?]
    S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-1 1691480]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-5-13 101904]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
    S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2011-8-22 264576]
    .
    =============== Created Last 30 ================
    .
    2011-09-20 06:46:38 -------- d-----w- c:\windows\system32\NtmsData
    2011-09-20 06:34:37 -------- d-----w- c:\documents and settings\ryan\application data\Avira
    2011-09-20 06:24:37 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-09-20 06:24:37 -------- d-----w- c:\program files\Avira
    2011-09-20 06:24:37 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-09-20 06:03:32 -------- d-----w- c:\program files\Szzzzz
    2011-09-20 05:58:33 -------- d-----w- c:\program files\AVG Secure Search
    2011-09-20 05:38:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-09-20 05:38:46 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-09-20 04:16:10 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
    2011-09-20 04:16:09 -------- d-----w- C:\HP
    2011-09-20 03:34:11 -------- d-----w- c:\documents and settings\ryan\application data\AVG2012
    2011-09-20 03:33:24 -------- d-----w- c:\documents and settings\ryan\application data\AVG Secure Search
    2011-09-20 03:33:21 -------- d-----w- c:\program files\common files\AVG Secure Search
    2011-09-20 03:32:58 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-09-20 03:32:58 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-09-20 03:32:40 -------- d-----w- c:\program files\AVG
    2011-09-20 00:40:45 48016 --sha-w- c:\windows\system32\c_84883.nl_
    2011-09-20 00:39:40 -------- d-----w- c:\documents and settings\ryan\application data\Malwarebytes
    2011-09-20 00:39:33 -------- d--h--w- c:\windows\PIF
    2011-09-19 23:56:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-19 23:56:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-09-19 23:56:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-19 22:42:14 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-09-19 22:40:07 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-09-19 22:38:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-09-19 22:19:54 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-09-19 22:19:49 -------- d-----w- c:\program files\Lavasoft
    2011-09-16 01:06:07 -------- d-----w- c:\program files\TabIt
    2011-09-15 08:42:48 -------- d-----w- c:\documents and settings\ryan\.bitrock
    2011-09-12 06:37:19 153088 ----a-w- c:\windows\system32\xvid.ax
    2011-09-12 06:37:18 -------- d-----w- c:\program files\Xvid
    2011-09-12 06:30:52 -------- d-----w- c:\program files\common files\xing shared
    2011-09-12 04:57:56 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-09-07 14:18:31 599552 ------w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-08-27 00:05:00 -------- d-----w- C:\PFiles
    .
    ==================== Find3M ====================
    .
    2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-17 23:08:56 17408 ----a-w- c:\windows\system32\drivers\1306959348.sys
    2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2011-07-11 05:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-07-11 05:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
    2011-07-11 05:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2011-07-11 05:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-07-11 05:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    .
    ============= FINISH: 15:08:22.79 ===============

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,632
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Sep 2011
    Posts
    21

    Default

    Sorry about the double post, not sure how that happened. I don't understand... this is being redirected to a now closed thread Is my virus doing this? hehe...

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,632

    Default

    Hi there,

    I meant to close this topic and keep the original open. Done now.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •