Over 1 million tech questions and answers.

Occasional redirect to dummy sites after a Google Search in Firefox

Q: Occasional redirect to dummy sites after a Google Search in Firefox

I am having a strange problem where occasionally after a Google search the site I click on will redirect to a dummy search site. If I go back to my search results (back button) and reload the page, the link to the site I'm trying to get to will work. The problem does not seem to be very repeatable (many searches will work, then another redirect will occur). The redirect link does show up in the status bar of Firefox when I hover over a link that will be redirected. The link usually always begins with the URL like:
http://googleads.g.doubleclick.net/...

I ran GMER, but many of the selections that were supposed to be enabled were grayed out. Only "Services", "Registry", "Files", "C:\", and "ADS" were checked - all the others I could not enable. GMER reported:
---------------------------
GMER
---------------------------
GMER hasn't found any system modification.
---------------------------
OK
---------------------------

Thank you for any help!

Here is the DDS log:

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Matt at 22:27:35.56 on Tue 12/07/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.8190.4962 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\Program Files (x86)\National Instruments\MAX\nimxs.exe
E:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
E:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\The Bat!\thebat.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\Pass\KeePass.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\D4\D4.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VMware\VMware Converter\vmware-ufad.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Windows\SysWOW64\nipxism.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Office\Office\1033\msohelp.exe
C:\Windows\splwow64.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matt\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [thebat_startup] C:\Program Files (x86)\The Bat!\thebat.exe
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [NIRegistrationWizard] E:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [Dimension4] "C:\Program Files (x86)\D4\D4.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Google Updater] "C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [NI Background Service] E:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KeePass.lnk - F:\Pass\KeePass.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: netflix.com
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} - hxxp://216.167.159.236:60002/admin/TSBnwCam.CAB
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://216.167.159.236:60000/admin/TSBnwCam.CAB
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\
FF - prefs.js: browser.startup.homepage - hxxp://antwrp.gsfc.nasa.gov/apod/astropix.html
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {06996C17-E445-47FC-B956-75740FB76464} - C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: LogMeIn, Inc. Remote Access Plugin: [email protected] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions\[email protected]
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: XULRunner: {06996C17-E445-47FC-B956-75740FB76464} - C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}

============= SERVICES / DRIVERS ===============

R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2010-3-24 16984]
R0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2010-6-21 82568]
R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2010-6-21 54424]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-29 233488]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-29 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-7-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2008-9-23 72216]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-6-23 131776]
R2 nimDNSResponder;National Instruments mDNS Responder Service;E:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-7-30 194224]
R2 nipxirmk;nipxirmk;C:\Windows\System32\drivers\nipxirmkl.sys [2010-6-14 11928]
R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\System32\drivers\NiViPxiKl.sys [2010-6-23 11944]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-11-29 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-11-29 1142224]
R2 ufad-p2v;VMware Converter Service;C:\Program Files (x86)\VMware\VMware Converter\vmware-ufad.exe [2007-11-1 176128]
R2 vmci;VMware vmci;C:\Windows\System32\drivers\vmci.sys [2009-1-1 64560]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;C:\Program Files (x86)\VMware\VMware Converter\vstor2-p2v30.sys [2007-11-1 26160]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-4-27 57856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NiViPciK;NI-VISA PCI Driver;C:\Windows\System32\drivers\NiViPciKl.sys [2010-6-23 11944]
R3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2007-2-13 15360]
S1 ShldDrv;Panda File Shield Driver;C:\Windows\System32\drivers\ShlDrv51.sys [2007-5-12 31104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c98ecf63f0cdf0;Google Update Service (gupdate1c98ecf63f0cdf0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-14 133104]
S2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2010-11-5 3977072]
S2 PavProc;Panda Process Protection Driver;C:\Windows\System32\drivers\PavProc.sys [2007-5-12 170800]
S3 %S_ServiceName%;%S_ServiceName%;C:\Windows\System32\drivers\sbigu64.sys [2009-1-13 48128]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;C:\Windows\System32\drivers\ftdibus.sys [2009-2-17 69192]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-21 27648]
S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\System32\drivers\ni1006k.sys [2010-6-21 30800]
S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\System32\drivers\ni1045kl.sys [2010-6-21 11856]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\System32\drivers\ni1065k.sys [2010-6-21 26704]
S3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2010-6-11 11944]
S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2010-6-2 12992]
S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2010-6-2 12992]
S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\System32\drivers\nipxigpk.sys [2010-6-14 22680]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-3-21 19968]
S3 sbigu64;sbigu64;C:\Windows\System32\drivers\sbigu64.sys [2009-1-13 48128]
S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;C:\Windows\System32\drivers\9kdUSB64.sys [2007-7-3 30720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 Usbtmc;ausbtmc;C:\Windows\System32\drivers\ausbtmc.sys [2010-7-28 22528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-27 89920]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]
S4 PavPrSrv;Panda Process Protection Service;"C:\Program Files (x86)\Common Files\Panda Software\PavShld\pavprsrv.exe" --> C:\Program Files (x86)\Common Files\Panda Software\PavShld\pavprsrv.exe [?]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-06 19:33:48 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{C9D3CBE5-5B0C-467C-8893-24021395BAD5}\mpengine.dll
2010-12-05 19:29:25 -------- d-----w- C:\Users\Matt\AppData\Local\National Instruments
2010-12-05 19:12:13 -------- d-----w- C:\Windows\SysWow64\Common Files
2010-12-05 19:10:40 -------- d-----w- C:\Windows\System32\cvirte
2010-12-05 19:10:40 -------- d-----w- C:\Program Files\National Instruments
2010-12-05 19:10:31 -------- d-----w- C:\Windows\SysWow64\cvirte
2010-12-05 19:10:20 -------- d-----w- C:\Program Files\IVI Foundation
2010-12-05 19:10:20 -------- d-----w- C:\Program Files (x86)\IVI Foundation
2010-12-05 19:10:20 -------- d-----w- C:\PROGRA~3\IVI Foundation
2010-12-05 19:07:22 -------- d-----w- C:\PROGRA~3\National Instruments
2010-11-30 05:30:50 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2010-11-30 05:30:50 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-11-30 05:30:45 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2010-11-30 05:30:38 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2010-11-30 05:30:06 -------- d-----w- C:\Users\Matt\AppData\Roaming\PC Tools
2010-11-30 05:30:06 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2010-11-30 05:30:06 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-11-30 05:30:06 -------- d-----w- C:\PROGRA~3\PC Tools
2010-11-30 05:23:01 388096 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-30 05:23:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-27 20:21:54 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2010-11-27 20:21:52 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-27 20:21:52 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-27 20:21:52 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-27 20:21:52 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-27 20:21:52 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-27 20:21:52 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-27 20:21:52 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-27 20:21:47 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2010-11-27 07:41:52 0 ----a-w- C:\Users\Matt\AppData\Local\Itakomobun.bin
2010-11-27 07:41:51 -------- d-----w- C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}
2010-11-27 07:40:08 177 ----a-w- C:\Users\Matt\AppData\Roaming\sdhkryu.bat
2010-11-26 17:57:22 -------- d-----w- C:\Program Files (x86)\Oregon Scientific
2010-11-25 03:58:11 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-25 03:58:11 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-17 19:58:11 -------- d-----w- C:\Program Files (x86)\Common FilesffdshowEx
2010-11-14 14:41:18 -------- d-----w- C:\Program Files\iPod
2010-11-14 14:41:17 -------- d-----w- C:\Program Files\iTunes
2010-11-10 06:41:25 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 06:41:25 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

==================== Find3M ====================

2010-11-14 16:27:47 64000 ----a-w- C:\Windows\SysWow64\RICHTX32.oca
2010-11-14 16:27:47 43008 ----a-w- C:\Windows\SysWow64\tabctl32.oca
2010-11-14 16:27:47 35840 ----a-w- C:\Windows\SysWow64\comdlg32.oca
2010-11-14 16:27:47 265728 ----a-w- C:\Windows\SysWow64\mscomctl.oca
2010-11-14 16:27:47 25600 ----a-w- C:\Windows\SysWow64\mscomm32.oca
2010-11-14 16:27:47 166400 ----a-w- C:\Windows\SysWow64\mschrt20.oca
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-29 14:48:23 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-09-29 14:48:22 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-09-29 14:48:22 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-06-24 19:17:22 120168 ----a-w- C:\Program Files (x86)\IRASApp.dll

============= FINISH: 22:28:09.92 ===============

RELEVANCY SCORE 200
Preferred Solution: Occasional redirect to dummy sites after a Google Search in Firefox

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Occasional redirect to dummy sites after a Google Search in Firefox

Hi methomas, and welcome to Bleeping Computer.Your log reveals a malicious Add-on for Firefox installed...Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.

Read other 12 answers
RELEVANCY SCORE 95.6

Thank you for taking the time to help me with this issue. In Firefox, when I click on Google search links, I will get random re-directs to other similar web sites. I have tried normal scanning methods to locate this issue (Malware Bytes, Spybot, ESET Online), but I have been unsuccessful. I uninstalled / reinstalled Firefox and the issue is still there. EDIT: While my computer was sitting idle, I had a blue screen. Here is the information from the blue screen:STOP: 0x000000F4 (0x00000003, 0x8A2DBDA0, 0x8A2DBF14, 0x805C8C7C)There was no other unique information on the blue screen.Submitted for you are my DDS and GMER logs:DDS (Ver_10-03-17.01) - NTFSx86 Run by Max Steele at 0:28:46.79 on Wed 04/21/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1374 [GMT -7:00]AV: avast! antivirus 4.8.1368 [VPS 100420-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative... Read more

A:Google search links in Firefox redirect to different web sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 25 answers
RELEVANCY SCORE 94.8

Hi, im going nuts here. I have win xp sp3 with all the newest updates. I have firefox and ie8. There both updated to the newest updates as well. Evertime i do a search, google loads the results as normal with all the correct hyperlinks under them. When i click on the link to say somewhere normal like ebay.com It takes me to some off the wall site. allways some off the wall random site that may or may not have something to do with the website i wanted. I have run full deep max huristic scans, with avg, nortons, kaspersky, bitdefender, mcafee, counter spy, spybots, malwarebytes, spydoctor,superanti spyware, sopos rootkit, hyjack this, anti rootkit, ive run ccleaner, cleaned out every temp folder, ive unistalled reinstalled the borwers, delted all the data folders, ive reset them to defaults. Ive reset the host file, winsockfix, checked for proxy settings, reset the firewall, the sob will not go away. I have tried day and night for a week and a half, i want to rip my hair out. I cant get it to go away! Ive run in safe mode and from my user account as well as admin. How can all those things not be able to find it.
It happens both in firefox and ie8. I do a search, the come up normal with all the correct links, but when i click the link i end up somewhere else 9 out of 10 times. How the heck can it redirect me like that. Please can anyone help before i go maaad!

A:Google search links redirect to random sites firefox and ie8

Hi my name is jim and im having a nighmare. Im running xp sp3 with every app updated to the newest version. I have ie8 and firefox. My problem is, when i type a search in google, say ebay.com, u will get a list of normal results as usual with the correct hyper links under them. When i click on any of the links, i may get ebay the first try, but 9 times out of 10 i get taken to some random off the wall site every time. this happens in firefox and ie8. i have reset everything, unistalled reinstalled, delted the data folders, i have run every app i can think of on its max setting fully updated. bitdefnder, kaspersky, nortons, avg, mcafee, trojan hunter, sopso, hyjack this, rootkit finder, combofix, spybots, malwarebytes, spydoctor, counterspy, superanti spyware, ect, i cant even remember them all, scan were done in safe mode and noramal mode, in admin account and my account, i reset the host file, firewall, winsockfix, check for proxy ip settings, blow out every temp folder thats hidden, used ccleaner. Ive done everthing thing i can think of know to man and that ive read online. Ive spent allmost a week and a half day and night trying to get rid of this sucker, and it just wont stop happening. Its driving me insane, why to people have to make rotten crap like this.

Thanks for any help you might be able to offer

Read other 2 answers
RELEVANCY SCORE 90

When I use Google the search links redirect to other sites about 50% of the time and will go away and return without any obvious reason. I will click on the search result and be taken to a site like informationgetter.com, bcckools.com, "randomnumber".blueseek.com, etc. I am running Windows Vista Ultimate.

I've tried combofix, Avast, AVG, Ad-Aware, IObit, and Malwarebytes in both regular and safe modes. Below is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:17 AM, on 12/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C... Read more

A:Occasional Redirects to other Sites from Google Search Links

Read other 6 answers
RELEVANCY SCORE 89.6

The search results for any search engine in Firefox/IE have been redirected to advertisement websites. Also, every 15 minutes or so, a new tab will open of its own accord with similar advertisement websites. Looks similar to a problem a lot of people are having. I was unable to obtain the GMER log. I ran it a few times and it either blue-screened or froze up. Below is the DDS log and I attached the other log. Thanks in advance for the help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Kelly Williams at 11:43:28.73 on Sat 06/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1365 [GMT -5:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec AntiVirus\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program ... Read more

A:Firefox/IE searches results redirect to advertisement site; Occasional pop ups for the same sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and ... Read more

Read other 20 answers
RELEVANCY SCORE 86

Hello, came to this site after being frustrated by my laptop. Also motivated by the fact that a similar (same?) problem was solved on the thread http://www.bleepingcomputer.com/forums/ind...850&hl=db76It started three days ago when I noticed that my google searches (on firefox) were leading me (when I clicked on them) to random websites. One of them is toseeka, and a couple were pages non-existent, and I believe a couple were shopping sites. 1. I ran full scans using symantec and spybot S&D, nothing came up.2. I downloaded and ran Malwarebyte's anti-malware program, and Superantispyware. Both of them found something, and they seemed to quarantine/remove the infection. However, when I used google again, the problem persisted. I ran both the programs again and they found nothing. I tried running them in the safe mode and they still did not find anything.In frustration, earlier today, I completely un-installed firefox and reinstalled it (version 3.5). It initially seemed not to redirect anymore, but that did not last. Around this point, my attempts to reboot were followed, some times, by the blue screen at startup asking me to remove any new software/hardware that I have installed. I resisted the temptation to remove the new anti-malware software that I have downloaded. I am able to always boot into the safe mode.In the normal mode, it gives me the blue screen some times. After a couple attempts, I was able to get into the normal mode, get online, download DDS.scr and ru... Read more

A:Firefox google redirect followed by occasional blue screen

Hello frustration_persist,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 85.2

I don't use many other browsers than google chrome, and I have recently run into a strange redirect. When I click on a google search result, every now and then (maybe 1 in 6 times) the search result i click on will have that search result searched for in another website i get redirected to called butterfly search engine. I have trilled tsskiller and malware bytes scan, nothing detected anything. Here is my hijack this log and dds log.

hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:58:33, on 2012/06/11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\excellence\Desktop\S4League\HGWC.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excellence\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\excel... Read more

Read other answers
RELEVANCY SCORE 84.4

Hi, thanks for being here. I have suddenly become unable to utilize Google as my search engine utilizing Firefox. In addition, a new tab will occasionally open on its own while I am online after I have chosen to go to a site - i.e., my site will open and an additional site will open as well - an ad site usually. Even the most rudimentary Google searches are redirected to some sort of generalized info hub - somewhat on topic - but not what I desired. Clicking on a site I find in the Google search results takes me to one of these web clearinghouse sort of pages immediately.Any help would be appreciated. My log file is below. Thank you.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:44:29 AM, on 12/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe... Read more

A:Firefox redirected, occasional new tabs opened, cannot utilize Google search

I wanted to post the log files you require and noticed I had not previously - my apologies - but here they are.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Kellie at 19:45:39.57 on Fri 12/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1331 [GMT -6:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgs... Read more

Read other 3 answers
RELEVANCY SCORE 83.6

I would very much appreciate your help with this. It?s driving me Crazy. When clicking on links using Google search pages, I am relentlessly redirected to other commercial sites, many infected and most of them sticky. I must copy and paste the URLs to reach the correct site. Even that can be overridden. The same is true of Yahoo search to a lesser degree. Once redirected, an AVG ?Threat Blocked? window often comes up with a basketful of Trojans. MalwareBytes etc. have neither detected nor fixed it.Wow. Things have gotten nasty out there! Thank you so much!p.s. While running GMER, Resident Shield found 2 instances of ?Trojan Horse Generic2_cACOT?. I removed one but the other was ?inaccessible?, presumably because it had just been removed. (?) DDS (Ver_10-03-17.01) - NTFSx86 Run by Kay at 20:38:40.00 on Wed 05/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.783 [GMT -7:00]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\S... Read more

A:Google, Yahoo search redirect to infected sites, commercial sites

Hello nandinaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a war... Read more

Read other 25 answers
RELEVANCY SCORE 79.6

Help! A malware has infected my computer and I don't know how to get rid of it. When I do a serach using either my IE or Firefox serach engines the results of the search redirects me to unwanted sites like "DOT.com". How do I get red of this?

Here's a copy of my DDS.Txt log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 0:46:26.51 on Sun 08/23/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1214.626 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\sys... Read more

A:Redirect Firefox and IE search to unwanted sites

Hello, skippy53.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksPlease note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.We need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:Log.txtinfo.txt

Read other 21 answers
RELEVANCY SCORE 79.6

Hi,

The problem that I am having is when I search using either Firefox or Internet Explorer and click on a link I get redirected to some add sites. I have done many virus scans but can't seem to get this sorted.

I need your help folks to get this sorted. I have attached my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:51:34, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files... Read more

A:Firefox & Explorer are redirect to add sites when I search (HJT Log)

Hi again,

I have done another virus scan and Trend has picked up 5 viruses but cannot quarantine them. The viruses are listed as below.

Trojan_Agent.AXNB
Trojan_Alureon.BVW
Trojan_Sudient.AK
Trojan_TDSS.WQ
Trojan_TDSS.XK

Any help guys?
 

Read other 1 answers
RELEVANCY SCORE 78.8

It seems I have a vrius that is causing redirects after doing search through Google. If I cut and paste the appropriate search link, no problem...but if I click on the link...I'm redirected.
Any help would be greatly appreciated!!!
Sony Vaio
WindowsXP SP2

DDS
----

DDS (Ver_09-03-16.01) - NTFSx86
Run by TR at 16:10:17.75 on 03-27-2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05

============== Pseudo HJT Report ===============

uStart Page = https://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShE... Read more

A:Redirect to other sites from Google search

Since my earlier post re: a redirect problem, the problems continued...system restore was not functional, I was unable to open IE without it freezing the computer, and applications wouldn't execute (even in safe mode).

Since IE was not working, I couldn't download Malwarebyte's anti-malware software to see if I could get the system to detect the viruses. I tried FF, which I hadn't used in a long time. Thankfully, that seemed to work and after a bit of trouble trying to get the file to execute (found a work-around for that)...voila - a number of nasties found, quarantined, then deleted upon reboot. Did another scan...and nothing was detected. My guess is...there are some 'leftovers' as the system is running very slowly now.

As a side note, checked/updated Windows incl from XP SP2 to SP3.

So, here is a new DDS and along with zipped attachment. I appreciate anything you can do to get this computer back on track. Thanks!!

---
DDS (Ver_09-03-16.01) - NTFSx86
Run by TR at 17:02:40.39 on 03-28-2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.423 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Fi... Read more

Read other 12 answers
RELEVANCY SCORE 78.8

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by owner at 13:58:07 on 2011-06-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1057 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\W... Read more

A:Google (and the other search sites) redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 78

Hi BleepingComputer,

I'm new at this -- think I might have a malware infection that's causing Google search links to be redirected to ad sites. Very annoying. MBAM is not picking up the infection. Can you please help walk me through a cure?

Many thanks!

A:Google Search Links Redirect to ad sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 78

This is my first post on this forum and am a new member, my name is Peter and I am from Illinois. I have a problem though, for quite some time I have had problems with clicking on links to search results in Google. They seem to redirect me to websites that have a different URL than the ones I clicked on. Now last week someone from Kuwait hacked into my Face book page. Ever since I have tried every virus scanner that exists, every malware remover possible, in normal mode, safe mode. Some found stuff, like PC doctor I believe and removed it, but the problem remained. I eventually had a life malware scanner that detected the redirects every time I searched Google and blocked the suspicious website each time. But none of these programs were able to remove the culprit itself. I still have the redirecting problem and even was blocked from saving a file to the desktop, telling me it was not possible to safe anything to this folder. Then I tried again and then it worked. Same with the redirect links, they redirect, but when I go back to Google results and click on the link again the correct website and URL appears... I am at my wits end. What do I need to do??? I have planned to completely do a fresh install of Windows 7 and format my C drive in the next few days. But am waiting on the arrival of my portable hard drive to make my necessary backup.

I did perform one last scan with Combofix as suggested in several forums. I first wasn't able to run it, it would freeze everything ... Read more

A:Google search results redirect me to other sites....

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will a... Read more

Read other 3 answers
RELEVANCY SCORE 78

Hi everyone,
I've noticed that this virus has been very common lately.

Firefox gets redirected to a random site every so often after clicking a google search result.

DDS log is below:
My monitor had no signal after leaving the computer on for a while during the GMER scan, so I had to restart the PC. I'll attach the scan once it completes properly.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 2:26:07.60 on 29/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1174 [GMT 11:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator.EXPERIEN-E04FA4\Application Data\dwm.exe
C:\Documents and Settings\Administrator.EXPERIEN-E04FA4\Application Data\Microsoft\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32 ... Read more

A:Google search redirect - scour.com and other sites

Ok here's some fresh logs, and I've also noticed a new symptom.

I got a Windows Delayed Write Failed error after the leaving the computer on for the GMER scan.
After saving the ark.txt (thankfully), I tried opening another .doc file to paste the screenshot of the error, but the computer locked up upon opening the .doc file, and needed a hard reset.

Here's the logs:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 0:47:59.53 on Thu 30/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1352 [GMT 11:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\GIGABYTE�... Read more

Read other 23 answers
RELEVANCY SCORE 78

HiI am using firefox as a browser and when searching on Google the search comes up as expected but when a link is clicked the page is redirected to either another search engine i.e. askjeeves or alternatively to a spurious or blank page. This also slows down the search. The computer will not start in safe mode.Thanks for your helpDrew[codebox]DDS (Ver_09-12-01.01) - NTFSx86 Run by Drew Kirkland at 13:29:53.19 on 18/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.478 [GMT 0:00]AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files�... Read more

A:google redirect to other search and spam sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 17 answers
RELEVANCY SCORE 78

I was infected with fake spyware, which i thought i removed with spybot. Now when i use google to search and click on the results it redirects me to a fake search sites. I am also getting popup websites for websitesurvey.com and TheTribune. I have run Spybot, Malwarebytes, Lavasoft Ad-aware, Windows Defender, Trojan Remover, goored.exe. I have McAffee and use Firefox.
Your help is greatly appreciated! I don't know what else to try.....
DDS (Ver_09-12-01.01) - NTFSx86
Run by Cindi Diederichs at 23:33:42.25 on Mon 12/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.121 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1... Read more

A:google search redirect and popup sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 78

Hi

I am having problem with melware, spayware on my laptop past 3 days . it started with "antispyware 2009" & other popups appearing on IE . google search link redirecting to some other site from IE

I ran the antivirus software Malwarebytes' Anti-Malware , Adware , spybot -s&D . also ran registery cleaner - CCleaner , tried Hijack This .
Also tried the same cleanup starting in Safe Mode. but the issue remains .

Now I see there is also an additional problem of not able to access certain sites from IE , including the antivirus download sites . I tried accessing same sites from FireFox also but the same issue

also it is not allowing to update the existing the Antivirus software , stating unable to connect to the site for update

to mention I am running win xp - service pack 3 . IE 6 search engine

please help me what should I do . your help will very much appreciated
Thanks in advance

A:IE-google search redirect , not able to access certain sites - Pls Help !

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please update - if possible - and rerun Malwarebytes according to the instructions below. On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot ... Read more

Read other 9 answers
RELEVANCY SCORE 78

google search results are redirected to unrelated advertisers site.
Should I run hijackthis log and post or gooredfix and posrt

A:google search results redirect to ad sites

HelloI see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/271856/spyware-ie-redirects-to-other-websites/ We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once ... Read more

Read other 1 answers
RELEVANCY SCORE 78

Hi,

I'm experiencing a similar problem to other users on this forum. When searching on Google, the result links sometime brings me to ads sites instead of the real sites. I tried to remove the malware with the free versions of AVG, Malwarebytes, SpybotSD, SUPERAntiSpyware and avast but without success. The softwares found and resolve some malwares, but the problem is still happening.

My system is also displaying a blue screen (a memory crash dump) when the system is powering off. I'm able to start it normally after the crash. When I tried to install ComboFix, a blue screen was displayed with an irql_not_less_or_equal error message.

The gmer software is not giving me a rootkit warning, but I did the scan anyway (the log file is included). Before starting the scan, I noticed one item of the list with the name "\Device\00000068-> \??\SCSI#Disk&Ven_ST350042&..." has a value "device not found".

I think the problem was caused by another user which tried to install two versions of the LiteCam software found on torrent sites:
hxxp://www.torrentreactor.net/torrents/3694350/liteCam-2-99
hxxp://fenopy.com/torrent/liteCam+3+1/NjU2OTgwMw

The user told me he thought they were demo versions of the software, but in fact they did nothing when trying to install them (no installer was displayed).

My OS is Windows 7 and I have a Windows install disc.

Please see the DDS.txt below.

Thanks in advance. Best regards,
Roger
------------------------------------... Read more

A:Google search result redirect to ads sites

Hi

Please do the following:

Download Combofix from either of the links below. You must rename it to iexplore before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tab
Set to "Always ask me where to Save the files".
Link 1
Link 2

----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------
NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

-----------------------------------------------------------
Do... Read more

Read other 13 answers
RELEVANCY SCORE 77.2

Running Windows 7 professional 64 bit. Google search links redirect to random sites on clicking. Thank you for your help! I tried running some programs named in earlier forums before reading what to do for help.
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Sreedhar Bharath at 19:59:41 on 2011-07-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.7920.6232 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe
C:\Program Files (x86)\Infineon\Security Platform Software\ifx... Read more

A:Google links redirect to random sites in Firefox

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Fir... Read more

Read other 16 answers
RELEVANCY SCORE 77.2

Hey guys,

I believe I have malware that causes my Firefox searches to redirect to spam some sites. Some info:

-When I click on a result, sometimes I've redirected to a site called searchfindsite.com and other times I get a blank page.
-When I right click anywhere on the page, I get another blank page.
-This only occurs on Firefox. I've testing Chrome and IE 8 and haven't had the same issue.
-This also has seemed to affect other processes on my computer. It's caused other programs to stall to the point where I've had to power down the computer.
-I'm running Windows XP, Service Pack 3.

I first tried to fix this myself. Here are a few of the things I've done.

-Downloaded several malware programs: Malwarebytes Anti-Malware, HiJack This, Spybot Search & Destroy, Lavasoft AdAware, and Windows Defender. Ran full scans for each. Got only tracking cookies except for Anti-Malware showed something called "Worm.Autorun.B", which I fixed.
-Tried disabling then removing all Firefox extensions.
-Tried running GooredFix.exe. My most recent log is below.
-Tried uninstalling Firefox, deleting all associated files, and clearing all associated registry keys.

After all of this it's still happening. Anybody have any ideas? Any help would be greatly appreciated.

Here's my GooredFix log after I uninstalled Firefox:

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\exten... Read more

A:Google searchs with Firefox redirect to spam sites

Have you ran any AntiVirus Programs ?

Read other 12 answers
RELEVANCY SCORE 77.2

Gringo was assisting me and unfortunately I went on vacation therefore was unable to keep up with my previous thread. I copied the text to here and also will be running the many tools that Gringo asked me to run.

I am constantly getting a redirect from google to scour.com and then to other sites. I ran many malware bytes, avg, superantispyware, ad-avert, cc cleaner, and another tool but i forgot the name.

Can someone assist with reviewing my log?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:25:46 PM, on 6/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=9B5FD1D9EFBD709AA6EF214FCBFFB4E4&tbp=homepage&v=2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ht... Read more

A:Hijackthis.log --- Google search redirect scour and other sites

I ran Defroger and it disabled the CD emulation drivers.I ran security check and here is the log: Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Ad-Aware AVG PC Tuneup 2011 Java™ 6 Update 29 Java version out of date! Adobe Flash Player 11.2.202.235 Adobe Reader X (10.1.3) Mozilla Firefox (12.0) Google Chrome 19.0.1084.46 Google Chrome 19.0.1084.52 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! AVG avgwdsvc.exe AVG avgtray.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log``````````````````````

Read other 31 answers
RELEVANCY SCORE 77.2

just yesterday my google search results started redirecting me to all these random sites. i did full system scans with norton antivirus and ad aware but they both came up empty, so i downloaded hijackthis and proceeded to this forum.in the preparation guide, i completed steps 1-7.i'm having trouble with step 8 (creating a gmer log) because after i click the gmer.exe file, the program opens up but i get an error message that says "C:Windowssystem32configsystem: The system cannot find the file specified."many of the check boxes on the right are grayed-out (System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries). There are only a few options that i can check/uncheck (Services, Registry, Files). because of this, i cannot match the options that i need checked according to the preparation guide. how should i proceed?i am running windows 7 and my main/only browser is firefoxDDS (Ver_10-03-17.01) - NTFSX64 Run by Robert at 16:26:33.88 on Fri 10/01/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3832.2099 [GMT -4:00]============== Running Processes ===============C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k RPCSSC:Windowssystem32atiesrxx.exeC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k ne... Read more

A:google search results redirect me to random sites

Hello cleanjackWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Read other 1 answers
RELEVANCY SCORE 77.2

Hi

I am having problem with melware, spayware on my laptop . it started with "antispyware 2009" & other popups appearing & google search link redirecting to some other site from IE

I ran the antivirus software Malwarebytes' Anti-Malware , Adware , spybot -s&D . also ran registery cleaner - CCleaner , tried Hijack This .
Also tried the same cleanup starting in Safe Mode. but the issue remains .

Now I see there also additional problem is not able to access certain sites from IE , including the antivirus download sites . I tried accessing same sites from FireFox also but the same issue

also it is not allowing to update the exiting the Antivirus software , stating unable to connect to the site for update

to mention I am running win xp - service pack 3 . IE 6 serach engine

please help me what should I do . your help will very much appiciated


Thanks in advance

please find DDS log(dds.txt ,attach.txt) & GRMR (ark.txt)
-------------------------------------------------------

DDS (Version 1.1.0) - NTFSx86
Run by Sanjay at 19:44:53.79 on Fri 01/02/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1454 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth So... Read more

A:melware IE-google search redirect , not able to access certain sites. help !!!

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode tha... Read more

Read other 2 answers
RELEVANCY SCORE 77.2

Hello, recently my Google search results (when clicking) started redirecting to what appear to be random search sites. This happens in both IE8 and Firefox. Also, and I am not sure this is related, I have a program called "Windows Live Messenger" appearing on start-up. The program is difficult to close/minimize and will keep popping up. I ran Malwarebytes with no success. Thanks in advance for your help! Here is the DDS log:
******

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by John at 9:13:39 on 2011-09-17
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.295 [GMT -7:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C... Read more

A:Google search results redirect to random sites.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 77.2

I am constantly getting a redirect from google to scour.com and then to other sites. I ran many malware bytes, avg, superantispyware, ad-avert, cc cleaner, and another tool but i forgot the name.

Can someone assist with reviewing my log?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:25:46 PM, on 6/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=9B5FD1D9EFBD709AA6EF214FCBFFB4E4&tbp=homepage&v=2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 -... Read more

A:Hijackthis.log --- Google search redirect scour and other sites

COMBOFIX Log
ComboFix 12-06-03.05 - Neil XXXXXX 06/03/2012 22:05:03.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2642 [GMT -4:00]
Running from: c:\users\Neil XXXXXX\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Neil XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\obd844ux.default\searchplugins\bing-zugo.xml
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\devil.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 02:11 . 2012-06-04 02:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 00:23 . 2012-06-04 00:23 -------- d-----w- c:\program files (x86)\Vid-Saver
2012-06-04 00:23 . 2012-06-04 00:23 -------- d-----w- c:\users\Neil XXXXXX ... Read more

Read other 4 answers
RELEVANCY SCORE 77.2

About two weeks ago I must have downloaded some malware that is causing the google redirect issue I have heard so much about. When I do a google search and try to click on any of the results links I am redirected to another site. The sites are different but I get a yellow pages site and this site a lot hxxp://www.informationgetter.com I have tried to find a resolution by reading thru the forums and have ran spybot and Maleware bytes with no luck. I have decide to ask the professionals. Please help. Here are my logs:
DDS (Ver_09-12-01.01) - NTFSx86
Run by NBK98XI at 18:55:48.76 on Wed 12/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1223 [GMT -5:00]

AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
FW: ISS Proventia 9.0.226.2074 *enabled* {3AE40256-317F-4C0B-A372-4B4AB54E30B2}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\CyberGatekeeper Agent\cgasvc.exe
C:\PROGRA~1\CYBERG~1\cgagent.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Progr... Read more

A:Google search result links redirect to different sites

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 12 answers
RELEVANCY SCORE 77.2

Last weekend, my daughter's friend was using her laptop and ended up with several Trojans but I have no idea which ones. He supposedly cleaned her system; I was able to further clean things up using AVG, Windows Live Onecare Safety Scanner, and Malwarebytes. The most recent AVG and Malwarebytes scans did not show any infections whatsoever. However, when doing a Google search, clicking on search results links redirects me to advertising sites. Can you help get this cleaned up?

The OS is Windows XP. I have backed up her "My documents" folder. I ran DDS and the log files are attached, but I could not run GMER - on executing the program, a screen flashed quickly and all I could see was "A problem...." and then the entire system shut down. I do have the original Windows XP operating system disc.

Thanks in advance!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 9:54:31.82 on Fri 09/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.434 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:... Read more

A:Google search links redirect to advertising sites

Welcome to TSF!


Please run GMER with the minimum requirements as stated in First Steps

Post the result

Read other 19 answers
RELEVANCY SCORE 77.2

A couple days ago when I use Google Search engine from IE or FireFox when I receive my search results, the descriptions of the various hits look fine but when I click on any of these results I go to a shopping website. It happens for about the first 10 entries..... Anyway it is clear that you guys have been dealing with that lately and can probably help me!

It looks like there is no quick fix if there is that be great. And looking at someone elses thread didn't exactly scream out to me what I can do. So here is the state of my machine from DDS and the attachment has the two files requested.

Thanks in advance!

It be nice if my system got quicker too. I find things like when I open a directory like My Documents and try and scroll down 50 or so entries my system will just make me wait for 5 or 8 seconds -- but that is a different less important problems.


DDS (Version 1.0) - NTFSx86
Run by david.edrich at 23:35:13.14 on Mon 12/08/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1091 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC... Read more

A:Google Search redirect to shopper sites malware

So looking at other replies it seems I need to run combofix and post the log. So here it is. Strangly the problem seems to have gone away with that one action. Am I still infected? Really I want to know if someone is able to see my passwords and intercept everything I am doing on the internet....


I don't know why my original post seems to not be word wrapping either.

thanks again in advance

ComboFix 08-12-09.02 - david.edrich 2008-12-10 0:29:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1360 [GMT -6:00]
Running from: c:\documents and settings\plesieur\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\Recycled
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\Cache
c:\windows\system32\ntnet.drv
c:\windows\system32\sysaudio.sys
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 16:55 . 2007-05-07 01:30 7,168 -ra------ c:\windows\system32\ppspCoInst.dll
2008-12-09 16:44 . 2005-10-24 21:41 245,760 -ra------ c:\windows\system32\MosUSer.exe
2008-12-09 16:44 . 2005-10-24 21:44 229,376 -ra------ c:\windows\system32\MosUPar.exe
2008-12-09 16:44 . 2006-05-04 00:26 144,756 -ra------ c:\windows\system32\mosUsbSr.sys
2008-12-09 16:44 . 2006-05-04 00:26 140,419 -ra------ c:\windows\system32\MCSENUM.vxd
2008-12-09 16:44 . 2004-... Read more

Read other 1 answers
RELEVANCY SCORE 77.2

my computer is being redirected to different sites like Happilli* from google search results links. I think i got this from live streaming video from cricvid.com - sports website.
so far i tried scanning entire computer with Avg anti-virus,malwarebytes anti-malware, super antispyware & Cleanup but it didn't solve any problem. They all detected and removed something but problem still exist. Yesterday i update malwarebytes anti-malware 1.60.1.1000 of 14 day trial but still problem exist. I have Windows Vista with service pack 2. I have IE and firefox. I just uninstalled firefox with all data and settings. Problem still exist with IE.

here is DDS.txt report
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Vani at 8:42:05 on 2012-04-08
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3032.961 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
... Read more

A:Google search redirect to happilli* and others dangerous sites

DDS.txt & Attach.txt report as follows after running Defoggers:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Vani at 12:28:14 on 2012-04-08
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3032.1724 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WL... Read more

Read other 6 answers
RELEVANCY SCORE 77.2

Seems to be common these days. I tried scanning with malwarebytes, CCCleaner and Spybot and McAfee, however neither were able to remove the infection.McAfee is finding the following file C:\Windows\system32\drivers\atapi.sys infected with what it is calling Patched-SYSfile.a (Trojan)Hijackthis log below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:32:47 PM, on 1/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SYSTEM32\DWRCS.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exeC:\WINDOWS\system32\CCM�... Read more

A:Google search results redirect to marketing sites

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 77.2

Hi,

I think I am infected with some virus , spyware etc..

When ever i click on Google search it goes unknown sites.. i could see some thing like Secure.bidvertiser.com etc.

I have tired different tools like SPYbot, tdsskiller,FixTDSS etc.. But non worked.. i am still facing issue.

Please let me know how i can clear this.

Regards,
Kiran

A:Google, yahoo search redirect to unknown sites

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 16 answers
RELEVANCY SCORE 77.2

Hello, I have spent the last two day trying to rid myself of this problem. When I click a link on google, most of the time it loads a random ad-filled website that looks like a search engine searching for a keyword I used in a google search.
I have ran (both in safe mode and regular boot) AVG free, Malwarebytes, Spybot search and destroy, SUPERantispyware and possibly some other things I've forgotten about. I've always been able to solve spyware/virus issues in the past but this one is quite difficult to figure out. I've done some searches and found people with similar problems, often calling it a "Google redirect virus" but I never find any information that seems to help my infection. I have also reinstalled Firefox(newest version), uninstalled Java, deleted the cache, ran JavaRA to remove old versions, checked the Hosts file(it's fine), ran Regcure(didn't find anything relevant). Some of the antispyware/anitvirus stuff found random virus's, either in files I had before this issue(like a dll file in my playstation emulator that's been there for years) or in temp folders. I think they were mainly false positives but removed them all anyways. I am about to the point where I'm considering just doing a clean install of windows xp, as I do not want to have this machine insecure. Oh yeah, my operating system is Windows Xp home edition, I have all the updates and service packs. I would appreciate any assistance someone can offer.... Read more

A:Google links redirect to generic search sites(ads)

The problem is actually based in your router and that in turn is infecting all the other computers on your network 9if networked).Here is the entire fix(from the beginning) that you will need to run on each PC.Please download Malwarebytes' Anti-Malware from Here or HereNext disconnect your system from the internet, and your router, then?Double Click mbam-setup.exe to install the application. Launch Malwarebytes' Anti-Malware, then click Finish.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the l... Read more

Read other 7 answers
RELEVANCY SCORE 77.2

I noticed yesterday that about half of the time when I searched for something using google, the results are redirected to various other sites (some of them include infosmash, guide-1, etc). I am using Firefox 3.6.10. I have scanned my computer using spybot S&D, HitmanPro 3.5, Microsoft Security Essentials, and Trend Micro Housecall. None of these programs corrected the problem.I have tried to follow all of the directions before posting this. However, I could not run gmer.exe; I tried three times, and each time I got the blue screen of death. However, I was able to use dds.scr:DDS (Ver_10-03-17.01) - NTFSx86 Run by bee at 13:06:25.65 on Mon 09/20/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3062.1571 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\... Read more

A:Google search results redirecting to other sites (using Firefox)

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 9 answers
RELEVANCY SCORE 77.2

I'm having the same problem as anonymous posted 12/6/09

My browser (Firefox 3.5.5) recently started redirecting me to unrequested sites. Usually ad/survey sites, possibly trying to get personal/financial information from me. One appeared to be for a TV satellite dish company, for example. This problem only seems to happen when I click "search" on Google, or if I type "enter" after typing a URL in the address bar in Firefox. At this point, I arrive at the correct page, but at random intervals a new tab will appear and load an unrequested site.

I also noticed it is affecting my Calyx Point program winpoint.exe file seems to be corrupt. I spoke to tech support at Calyx he told me to remove .net framework 3.5, 3.0 & 2.0 since the 2.0sp2 is the one that Calyx uses, then re-install. I was able to remove 3.5 but 3.0 would not remove and can't remove 2.0 before 3.0.

I ran Norton and it did find trojans which it quarantined but am still having the problem. Attached file.

I also just ran hijackthis and have attached that file.

Any help would be appreciated.

Thank you,
Rex

A:Firefox 3.5 google search re-directing to unwanted sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 11 answers
RELEVANCY SCORE 77.2

When clicking on the links from Google searches, I am redirected to various ad sites instead of the proper results.This happens in both Firefox and IE.Ran Zonealarm Scan, Superantispyware scan, Spybot Search and Destroy, nothing found.Turned off javascript, still happens.Malwarebytes did detect and quarantine 5 things, which I quarantined and deleted, then rebooted, but did not resolve problem.Malwarebytes logFiles Infected:C:\Documents and Settings\Alex\Local Settings\Temp\pdfupd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.C:\Documents and Settings\Alex\Local Settings\Temp\337.tmp (Backdoor.Tidserv) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\338.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\16P40YCE\eH670d0fd7V03f01930002R1400e6ed102T2cdedb75Q000002fd901801F0016000aJ0e000601l0409Ka57494883180[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\MR9HWMQJ\update[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.Also ran gooredfix.exe, didn't help.Would appreciate help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Alex at 14:44:12.92 on Sun 05/16/2010Internet Explorer: 7.0.5730.13 BrowserJavaV... Read more

A:Google searches redirecting to various search sites in both Firefox and IE

Hi coolshop,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Open your Malwarebytes' Anti-Malware.First update it, to do that under the Update tab press "Check for Updates".Under Scanner tab select "Perform Quick Scan", then click Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the MBAM log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.Close all the open windows.Double-click TDLfix.exe to run the tool.Type (or copy the following and right-click to paste) in the comman... Read more

Read other 44 answers
RELEVANCY SCORE 76.4

Hi desperately need help with this, driving me mad thanks in advance DDS (Ver_09-12-01.01) - NTFSx86 Run by philip bennett at 15:31:21.64 on 27/02/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.662 [GMT 0:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\philip bennett\Local Settings\Temporary Internet Files\Content.I... Read more

A:Google Redirect to spyware sites, and Fastbrowser Search problem

Hi, Scouse29 Please read carefully and follow these steps.. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -vIf it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Read other 14 answers
RELEVANCY SCORE 76.4

Hi, I have a windows XP and seems like it is infected heavily. I use Firefox, IE doesn't seem to work - comes up with lots of popups. Recently when I search on google and get the result page and click on a link, it redirects me to different websites. That's why I am unable to download any spyware removal software. I was looking at some other threads and found out about the combofix.exe but it suggests that I describe my problem first before trying to run it. Please let me know the next steps to follow. Thank you.

A:Clicking On Google Search Result Links Redirect To Other Sites

Yes you are infected. I'll move you to the correct forum

Read other 14 answers
RELEVANCY SCORE 76.4

the top 3 or 4 Google or MSN (I am guessing any) search results are redirected to ad pages, usually briefly going to a specific IP address beginning with 216. or 78, and the first time I use a new search engine is says "Testing" briefly before it goes to the redirected page. I have run complete scans with MalwareBytes, SuperAntiSpyware, CureIt, and also run SDFix, and our antivirus program Sophos, and the problem remains. Each of these scans has found different items and supposedly cleaned them out. I am sending you this as a last hope before I blow the thing away and reinstall. I can attach the logs from the other scans if you wish as well. In searching it seems this might be go.google search virus or some virtumonde variant, but I am unsure what I am actually battling at this point since so many things have come up in the scans. Thanks. Sue
Here is the DDS.txt log, and the Attach.txt file is attached:

DDS (Ver_09-01-07.01) - FAT32x86
Run by Administrator at 9:50:58.64 on Wed 01/14/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.568 [GMT -5:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:�... Read more

A:IE7, Google search results redirect to ad sites, ebay, or shopping

I have not heard from anyone, but thought I would let you know that I have cured this computer. Sophos Anti-Rootkit tool identified the file c:\program files\common files\system\vmp_ln32.dll
It was hidden from Windows API, but I was able to navigate to this file using Safe Mode with Command Prompt and delete it.

Read other 2 answers
RELEVANCY SCORE 76.4

Last week I got a antivirus pro type infection I cannot remember exactly which one), I used rkill and malwarebytes to seemingly clean that off my xp-machine. A couple days later I noticed the redirects. I would search for a website and either I would click on the link and it would take me to another site, usually a site selling a product or Lycos(??) or at seemingly random intervals a new tab would open on in Firefox with a similar site. If the google search was for malware removal topics, or registry editing, the redirects where more prevalent, though avoidable by clicking on the cached topics. Typing the actual address in to the bar does not produce the same problem - just search results and the periodic additional tab openings. Additionally, gmer crashes every time I attempt to run it, so I do not have that "ark.txt" to post. I tried 5+ times to no avail. It either crashed itself, or my computer started to reboot!DDS (Ver_10-03-17.01) - NTFSx86 Run by deasley at 14:23:55.82 on Mon 07/19/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.338 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\Sy

A:Google search results redirect to random product sites

Something seems to be preventing my from posting the DDS.txt. I Get server reconnect messages when I try to post, and it will not let me upload the file. Anything I can do to help resolve my problems, let me know. I will try to post the .txt, but doubt anymore will show than before.-derek:DDS (Ver_10-03-17.01) - NTFSx86 Run by deasley at 14:23:55.82 on Mon 07/19/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.338 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Spyware Docto... Read more

Read other 25 answers
RELEVANCY SCORE 76

clicking on a link redirects me to a different 'weird' page...about 50% of the time.

I noticed there are several other users on this forum with the same problem...but I never found a common answer.

If I manually enter in address it's fine, but after clicking on the google search results, I go to a totally unrelated website.

I've had tracking cookies detected by AVG 9 pro almost every day. It says no infection, but the problem occurs every single day.

Please Help.
Thanks,

ChillonDillon

A:Firefox's Google search links redirecting me to weird sites

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

Read other 1 answers
RELEVANCY SCORE 76

When I run a google search in Firefox, it returns a valid list. However, when I click on any of the links, they get redirected to bogus sites such as yellow pages, can't find web page, etc. When I hit the back button, it just returns the same page. I have to search again to find the links, copy them and paste them to get the information I need.

I've also had issues where GTalk and google desktop will not sign in. They keep trying to connect and get disconnected.

I ran Ccleaner to clean up cache. No luck. I have run spybot. It didn't correct the issue. AVG didn't find the issue. I'm at a bit of a loss on where to go.

I've attached the required logs....thank you for any assistance you can provide.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3891 Mb
Graphics Card: Intel(R) HD Graphics, 1721 Mb
Hard Drives: C: Total - 294042 MB, Free - 176943 MB; Q: Total - 9999 MB, Free - 2384 MB;
Motherboard: LENOVO, 4313CTU
Antivirus: AVG Anti-Virus Business Edition 2012, Updated and Enabled

HiJackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:37 AM, on 4/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBan... Read more

A:Firefox 11 google search links redirected to bogus sites

A friend suggested trying Malwarebytes.

The following was found and quarantined but did not address the problem I am having.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nicklombardi :: NICKLTHINKPAD [administrator]

Protection: Enabled

4/6/2012 10:19:56 AM
mbam-log-2012-04-06 (10-19-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 528966
Time elapsed: 1 hour(s), 22 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Temp\Utilities\Zwinky.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\nicklombardi\AppData\Local\Temp\9A74.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 

Read other 2 answers
RELEVANCY SCORE 76

HelloI am suffering from the same problem as several other people on the forums, so apologies if the answer to my question is already available elsewhere. When using Google in Firefox 3.6.3 the search results are returned as expected, but when I click a link I am not taken where I want to go: instead I end up at a site that looks like Ask Jeeves (I'm not sure if it is the official one, probably not) or a news site. If I type the URL into the address bar I can get straight there. Occasionally Firefox will also open random tabs to those sites even though I have not performed a search. I am not having a problem with pop-ups.I have read through the fixes for others and I have run a complete AVG scan and used their Anti-Rootkit scan. I cleared the cache and deleted all cookies and temp files. The scans came up with nothing. I have also run Malware Bytes Anti-Malware scan which identified 6 files. I followed the instructions to delete them and rebooted my PC normally. I have pasted the log below. After rebooting my PC I did a new search in Google and I was still redirected to the Ask Jeeves-type page so this hasn't worked.I read through the Preparation Guide for Use before Requesting Help and unfortunately I got stuck at point 6: I don't know if I have CD Emulation software. I would appreciate any help you can offer - from what I can tell from other people with the same problem this is just going to get worse so I would really like to crack it as soon as I ca... Read more

A:Browser redirects to other search or news sites (Firefox/Google)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 11 answers
RELEVANCY SCORE 76

Since last week whenever i do a search in google and then click on the links, they get redirected to random advertising websites. I have ran cclearner and Malwarebytes a few times each and have deleted the trojans that i have found from them. Even though malwarebytes and my ad-aware spyware dont find anything anymore, the problem still exists. I really need to get rid of this problem fast. While preparing to make this thread, i followed the directions. I got the DDS.txt and Attach.txt. I was not able to get the gmer log. I got GMER to run for about 5 minutes. While it was scanning, the computer crashed in the middle and restarted by itself.Here is my DDS log and attached it my ATTACH.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by Fine Star USA at 11:39:25.62 on Tue 08/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1058 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============H:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeH:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeH:\Program Files\AVG\AVG9\avgchsvx.exeH:\Program Files\AVG\AVG9\avgrsx.exeH:\Program Files\AVG\AVG9\avgcsrvx.exeH:\WINDOWS\system32&#... Read more

A:Google search links get redirected to other random sites in firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers