Google is acting up

[max_demon]

Whenever i go to google and try to search anything the browser takes me to different search engin like -


[Edited Batty] Removed potentially dangerous links


......and many more .
it is by some adware or spyware or virus.
..HELP
i m irrited cos they open pop up window

 

[squid]

Google & Gmail not working

I have tried opening Google and is not working. Gmail is also not working. Does any one have this problem Other websites are ok

 

[manas]

Hmm, I have no such problem.Googlr and Gmail are opening and working..

Must be a spyware problem.Run an anti-spyware and also try some other browser too.

 

[sakumar79]

Check your hosts file to see if it has been hijacked... Run antivirus scans and antispyware scans... Also, post your hijackthis log.

Arun

 

[squid]

Google & Gmail not working

I have checked the host file and it has only one entry
127.0.0.1 localhost

All sites except Google and Gmail are working. i have tried both opera and firefox. Herewith i am posting the Hijackthis log.


Logfile of HijackThis v1.99.1
Scan saved at 9:04:56 PM, on 15-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Simply\Cheymon.exe
D:\PROGRA~1\Simply\DAAttn.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\Program Files\Naviscope\naviscope.exe
D:\Program Files\ConnectPal Professional\ConnectPal.EXE
D:\Program Files\uTorrent\utorrent.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Opera\Opera.exe
I:\Softwares\Internet\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:81
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SFPrnmon] D:\PROGRA~1\Simply\Cheymon.exe
O4 - HKLM\..\Run: [SimplyDirect] D:\PROGRA~1\Simply\CBWExec.exe /Run D:\PROGRA~1\Simply\DAAttn.exe -run
O4 - HKLM\..\Run: [CBWUser] "D:\Program Files\Simply\CBWUser.exe"
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] D:\WINDOWS\878RMTMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol PLUS] D:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: naviscope.lnk = D:\Program Files\Naviscope\naviscope.exe
O4 - Startup: ConnectPal.EXE.lnk = D:\Program Files\ConnectPal Professional\ConnectPal.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3470E40B-C849-4E00-A046-B179B17D618B}: NameServer = 61.0.0.5,61.1.96.69,61.1.96.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A9B0303-6C19-4BAC-9B6D-38A135D09A36}: NameServer = 218.248.255.145 61.1.96.69
O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CBWHost - ACCPAC International, Inc. - D:\PROGRA~1\Simply\CBWHost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
__________
Hi
I tried ping and here is the result.

J:\>ping www.google.com

Pinging www.l.google.com [64.233.189.104] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 64.233.189.104:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


J:\>ping www.yahoo.com

Pinging www.yahoo-ht2.akadns.net [209.131.36.158] with 32 bytes of data:

Reply from 209.131.36.158: bytes=32 time=274ms TTL=252
Reply from 209.131.36.158: bytes=32 time=272ms TTL=252
Reply from 209.131.36.158: bytes=32 time=271ms TTL=252
Reply from 209.131.36.158: bytes=32 time=364ms TTL=252

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 271ms, Maximum = 364ms, Average = 295ms

 

[max_demon]

Whenever i go to google and try to search anything the browser takes me to different search engin like -

REMOVED LINKS

......and many more .
it is by some adware or spyware or virus.
..HELP
i m irrited cos they open pop up window

NOONE IS SEEING MY PROBLEM

 

[VD17]

NOONE IS SEEING MY PROBLEM

its working absolutely perfectly here...

 

[max_demon]

its working absolutely perfectly here...

but help about my prob it is true

 

[sakumar79]

@max demon - my original post was for you. Please check your hosts file and also post your hijackthis log. Also, the following discussion may be of use to you
*www.short-media.com/forum/showthread.php?t=51477

Arun

Now, to help squid out...

The following entries look suspicious - do you know what they are? The 'Simply' folder appears to be accountancy software - if so, ignore them... the BHOs for Yahoo Toolbar helper may be deleted (but take a backup first)

D:\PROGRA~1\Simply\Cheymon.exe
D:\PROGRA~1\Simply\DAAttn.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [SFPrnmon] D:\PROGRA~1\Simply\Cheymon.exe
O4 - HKLM\..\Run: [SimplyDirect] D:\PROGRA~1\Simply\CBWExec.exe /Run D:\PROGRA~1\Simply\DAAttn.exe -run
O4 - HKLM\..\Run: [CBWUser] "D:\Program Files\Simply\CBWUser.exe"
O23 - Service: CBWHost - ACCPAC International, Inc. - D:\PROGRA~1\Simply\CBWHost.exe


The following entries appear to be spyware:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3470E40B-C849-4E00-A046-B179B17D618B}: NameServer = 61.0.0.5,61.1.96.69,61.1.96.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A9B0303-6C19-4BAC-9B6D-38A135D09A36}: NameServer = 218.248.255.145 61.1.96.69

Arun

 

[max_demon]

Logfile of HijackThis v1.99.1
Scan saved at 10:04:06 PM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
G:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
G:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
G:\Program Files\Yahoo!\Messenger\Y!Multi Messenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
g:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.google.co.in/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] g:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "g:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [googletalk] "g:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = G:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\program files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - g:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - g:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - *www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B00FF39-69E8-45C3-B86F-F2F7B6E62D86}: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B00FF39-69E8-45C3-B86F-F2F7B6E62D86}: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - g:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: InCD Helper (read only) (InCDsrvR) - Unknown owner - g:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

[squid]

@maxdemon : thanks for the help. now it's working. The problem may be with the two users logged in at the same time. when i logged off one of the user account i was able to open google (Zone alarm has displayed the prompts for access in oher account maybe that should be the problem) . cheymon.exe and daattn.exe and cbwuser.exe belongs to the internal fax/modem programs.

I don't have idea about the tcpip service. maybe nameservers are related to the internet conf.

thanks
gopi

 

[Choto Cheeta]

Both of u with problem regarding spyware... Best is to install Spybot Search n Distroy and let it do its job...

 

[squid]

@max_demon
it seems you haven't installed firewall (Zonealarm or spf) and antivirus (AVG antivirus) . without this your system is more vulnerable. please install one and also install a spyware (Spybot or AVG antispy) and do a complete system scan.

 

[sakumar79]

@squid, those nameserver also appear be spyware related. Take a backup and remove those entries.

@maxdemon, you also seem to have some spyware entries...
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B00FF39-69E8-45C3-B86F-F2F7B6E62D86}: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B00FF39-69E8-45C3-B86F-F2F7B6E62D86}: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85

Arun