Posts Tagged ‘Google’

Yahoo And Google Links Hijacked To Webcry And Porno Sites When Clicked From Search Engine?

Monday, October 12th, 2009

Hi all,
The computer I am writing from is a working ambulance dispatch computer. The latest problem is the links from search enjines being redirected to webcry, and another site not affiliated with the search result link desired.
This is causing issues with the bosses thinking employees are cruising porno on the job. I am a supervisor and keep telling them that this is not nessesarilly the case as it does it automaticly, and my poor crews cant use a good tool for fear of a write up.
I am ok wit the computer and I have got AVG and Panda running the problem is restarting the computer as it is a busy machine and is needed to dispatch and track ambulance units and the log in process for this is sometimes too long. I have run hijack this and will post the log below, but I am gonna need as minimal reboots as possible.
So without further ado:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:50 PM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Dispat…
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XQZOXAB\HiJackThis[1]…
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miltonambulance.com/default.aspx
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul…rch/search.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d… (file missing)
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.ex…
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d… (file missing)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper…
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\2.1.6… (file missing)
O2 – BHO: (no name) – {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} – C:\Program Files\Online Add-on\isfmdl.dll (file missing)
O2 – BHO: e404 helper – {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} – C:\Program Files\Helper\1201539470.dll
O3 – Toolbar: IE Custom Tools – {8113B5DE-F7EB-4154-A311-497FB80D8BD0} – C:\Program Files\Online Add-on\ictmdl.dll
O4 – HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 – HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 – HKLM\..\Run: [PKVOLUME] C:\Program Files\PKVolume\PKVOLUME.exe
O4 – HKLM\..\Run: [poolsv] “C:\WINDOWS\poolsv.exe”
O4 – HKLM\..\Run: [LogMeIn GUI] “C:\Program Files\LogMeIn\x86\LogMeInSystray.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [SSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 – HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 – HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 – HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 – HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.ex… /autorun
O4 – HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 – HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 – HKCU\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 – HKCU\..\Run: [DW4] “C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe”
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Internet Accelerator] “C:\Program Files\Pointstone\Internet Accelerator\InternetAccelerator.exe”
O4 – HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShiel…
O4 – HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 – HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~2\SW… -Update -1020023 -IEXPLORE.EXE6.0
O4 – HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 – HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe
O4 – Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 – Extra context menu item: &eBay Search – res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 – Extra context menu item: Add to AMV Convert Tool… – C:\Program Files\AMV Convert Tool 3.70\AMVConverter\grab.html
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.d…
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.d…
O9 – Extra button: Create Mobile Favorite – {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 – Extra button: (no name) – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 – Extra ‘Tools’ menuitem: Create Mobile Favorite… – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 – Extra button: (no name) – {85d1f590-48f4-11d9-9669-0800200c9a66} – C:\WINDOWS\bdoscandel.exe
O9 – Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590-48f4-11d9-9669-0800200c9a66} – C:\WINDOWS\bdoscandel.exe
O9 – Extra button: (no name) – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.ietoolgate.com/redirect.php (file missing)
O9 – Extra ‘Tools’ menuitem: IE Anti-Spyware – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.ietoolgate.com/redirect.php (file missing)
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 – DPF: {15589FA1-C456-11CE-BF01-000000000000} – http://www.errornuker.com/products/errn200…erInstaller.exe
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) – http://www.worldwinner.com/games/v47/share…GamesLoader.cab
O16 – DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} – http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) – C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 – DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} – https://pbells.broadjump.com/wizlet/BellSou…aller_3-0-0.cab
O16 – DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdat…b?1175759534765
O16 – DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} – http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 – DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) – http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 – DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} – http://a532.g.akamai.net/f/532/6712/5m/vir…l/installer.exe
O16 – DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) – http://by132fd.bay132.hotmail.msn.com/activex/HMAtchmt.ocx
O22 – SharedTaskScheduler: esperantido – {67dc0736-075a-4647-95f5-d5421b838fed} – C:\WINDOWS\system32\svxmhpz.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: AVG Anti-Spyware Guard – GRISOFT s.r.o. – C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 – Service: LogMeIn Maintenance Service (LMIMaint) – LogMeIn, Inc. – C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 – Service: LogMeIn – LogMeIn, Inc. – C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 – Service: McAfee Network Agent (McNASvc) – Unknown owner – c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 – Service: SiSoftware Database Agent Service (SandraDataSrv) – SiSoftware – C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 – Service: SiSoftware Sandra Agent Service (SandraTheSrv) – SiSoftware – C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe

End of file – 9484 bytes
Any help will be greatly appreciated.
Pyromedic

Tags: , , , , , , , , ,
Posted in ocx files | 3 Comments »

Why Do Windows Live Messenger And Google Webcam Need A Spmservices.dll?

Saturday, October 3rd, 2009

Since I uninstalled Skype, Windows Live Msngr and Google webcam plugin have been killing themselves because of SPMservices.dll. Why?
Message context:
Error accessing SPMservices.dll. Check your Skype installation
END OF MESSAGE
Can anyone help me on this, I am stumped
or can anyone give me a copy of SPMservices?

Tags: , , , , , ,
Posted in dll errors | 1 Comment »

Google Installer Error – How Do I Fix It?

Friday, September 25th, 2009

My computer has been crashing recently, and whenever i logg back onto my computer after the crash, an Error report pops up, which says:
Google Installer has encountered a problem and needed to close.
Please tell Microsoft about the problem.
There is an Option “Send Error Report” Which when i click direct me to a microsoft Link (http://wer.microsoft.com/responses/Respo… Which states “Malware Alert: Problem caused by UACD.sys, which might be malware.”
Does anyone know how to fix this “Google Installer Error”?? It’s really ruined my computer.
Extra Info,
When i click for more info on the Error report, it gives the error code which is:
SzAppName : GoogleUpdate.exe szAppver : (My IP Adress)
SzModName : GoogleUpdate.exe SzModver : (My IP Adress)
Please, need help, any IT Genius know the solution?

Tags: , ,
Posted in sys files | 1 Comment »