Over 1 million tech questions and answers.

searches getting redirected to unknown sites from bing and google

Q: searches getting redirected to unknown sites from bing and google

I am doing searches on my computer using bing or google and when I get the searches and access them they direct me to unknown sites. I also tried putting the url's in the web address bar and it will also redirect to random sites. I ran a highjackthis and I have attached. Thanks for any help you can give me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:23 AM, on 3/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Sally\Local Settings\Temporary Internet Files\Content.IE5\G4EW6VUE\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PCTuneUp] C:\Program Files\PCTuneUp\PCTuneUp.exe -boot
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe -update activex
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sally\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.clubpenguin.com
O15 - Trusted Zone: http://*.scout.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games Matchmaking) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - https://training.aapilots.com/authorware_web_files/cab/awswaxd.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://144.26.58.59/kxhcm10.ocx
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} (HTECtrl Class) - https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (MSN Games Game Chat) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.topproduceronline.com/Downloads/arview2.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 10058 bytes

Read other answers
RELEVANCY SCORE 200
Preferred Solution: searches getting redirected to unknown sites from bing and google

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 101.6

My searches on google and bing have been redirecting to random websites. I am using Windows 7. Microsoft Security Essentials didn't find anything.

I tried restarting my computer in safe mode. The first time I got a blue screen. I downloaded Malwarebytes and it found 13 infected files and deleted/quarantined them. I am not really sure what to do next. Is my problem fixed? I'm very worried because I logged on to paypal and bank account earlier. Thanks.

Memory Processes Infected:
c:\Users\juile\AppData\Roaming\E861E\AD6F9.exe (Backdoor.Bot) -> 1556 -> Unloaded process successfully.
c:\program files (x86)\internet explorer\F92E\B0D.exe (Backdoor.Bot) -> 808 -> Unloaded process successfully.
c:\program files (x86)\1E7AA\lvvm.exe (Backdoor.Bot) -> 1100 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B0D.exe (Backdoor.Bot) -> Value: B0D.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B0D.exe (Backdoor.Bot) -> Value: B0D.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Bac... Read more

A:google/bing searches redirected

Welcome aboard With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

Read other 3 answers
RELEVANCY SCORE 101.6

I am having a problem that I see others also have where my searches are re-directed to random, usually advertising sites. This happens on both the active browsers that I use, IE9 and Google Chrome. I am running Windows 7 on a 64 bit computer. (not sure if I have a Windows Install disc...but I have something called System Recovery Discs)

Thanks for your help,

Ken

Here is DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Ken at 9:04:03 on 2012-09-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16366.12902 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLAN... Read more

A:Google/Bing Searches Redirected

Please run the following

Refer to the ComboFix User's Guide
Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Read other 11 answers
RELEVANCY SCORE 101.6

Hello, I seem to be having the same problems as alot of folks here. My problems started last week on my Dell laptop......searches on Google and Bing were being intermittently redirected to various different websites. I would also get random popup windows/tabs on Firefox and IE. I scanned my laptop with Malwarebytes, Super Antispyware, and Avast and they could not find anything wrong. I also ran a scan online from Windows Live One Care and it found the Alureon H Trojan but could not remove it. Here are my DDS and GMER logs and attachments. I appreciate all the help I can get since I feel so defeated by this virus. DDS (Ver_10-03-17.01) - NTFSx86 Run by Jeff at 21:35:04.47 on Mon 06/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.277 [GMT -7:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS ... Read more

A:Google and Bing Searches Redirected

Hi dhrifter,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. If the issue is not resolved please update me on the current condition of your computer. Also do the following:We need to remove some settings added by malware.Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:[email protected] OFFReg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /fReg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /fproxycfg -dGo to the File menu at the top of the Notepad and select Save as.Select Save in: desktopFill in File name: fix.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate fix.bat on the desktop. It should look like this: Double-click to run it.A window flashes, this is normal.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:[email protected] offif exist mbr.log del mbr.logmbr.exe -t ping 1.1.1.... Read more

Read other 11 answers
RELEVANCY SCORE 101.6

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/10 21:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9A985000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_974.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\BK\Cookies\[email protected][2].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\BK\Cookies\[email protected][1].txt
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\bk\local settings\temp\~df5cc5.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\bk\local settings\temp\~dfd223.tmp
Status: Allocation size mismatch (API: 393216, Raw: 16384)

Path: c:\documents and settings\bk\local settings\temp\~dfe061.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\bk\local settings\temp\~dfee57.tmp
Status: A... Read more

A:Redirected google and bing searches

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Read other 3 answers
RELEVANCY SCORE 101.6

Hi,

My computer started acting slow a couple days ago and my google searches were being directed to random websites. I downloaded malwarebytes. It seems like everything is fine now but I want to be sure before it could become something worse. Is it safe to log in to my paypal and bank account? I was on these websites during the time my searches were being redirected. Thanks!
Memory Processes Infected:
c:\Users\juile\AppData\Roaming\E861E\AD6F9.exe (Backdoor.Bot) -> 1556 -> Unloaded process successfully.
c:\program files (x86)\internet explorer\F92E\B0D.exe (Backdoor.Bot) -> 808 -> Unloaded process successfully.
c:\program files (x86)\1E7AA\lvvm.exe (Backdoor.Bot) -> 1100 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B0D.exe (Backdoor.Bot) -> Value: B0D.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B0D.exe (Backdoor.Bot) -> Value: B0D.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\... Read more

A:google/bing searches redirected

Forgot to include attach file.

Read other 15 answers
RELEVANCY SCORE 101.6

Hello

I am another user experiencing redirects when trying to search using Google or Bing on Internet Explorer. I have tried McAfee, AdAdware, Spyware Doctor, Malware Bytes. None have found the issue or fixed it. I have run Hijack This and have a log that I can post if required.

Also, Java does not work and I am getting random crashes to bluescreen. I can also see Internet Explorer running in processes even when I don't have it open. Sometimes I also get a message the Internet Explorer has stopped working even when I haven't started it.

Please can you help?

Thanks

Doinnow

A:IE Google and Bing Searches Being Redirected

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- If TDSSKiller does not run, try ren... Read more

Read other 1 answers
RELEVANCY SCORE 98.4

Hey,
It's pretty much just like the title says- anytime I search anything I end up on bogus pages. Really out of ideas, I have run TDSS, Hitman Pro, Malwarebytes, Spyhunter, you name it, iv'e run it. Any help would be greatly appreciated.
Logs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3999 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1807 Mb
Hard Drives: C: Total - 292361 MB, Free - 34897 MB; D: Total - 12877 MB, Free - 2033 MB;
Motherboard: Quanta, 3627
Antivirus: None
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:22 PM, on 12/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 97.6

Hi there and thanks for taking time to read my post.I have been working on a fix for my current issue from another post/conversation - you can read it here:http://www.bleepingcomputer.com/forums/t/274339/ie-browser-hijack-when-searching-w-googlebing/Issue - when using IE, and conducting a search either in the browser tool bar search or if I go the the specific search engine - when I execute the search I get normal results. When I click on a link, I get redirected to an unwanted search site. If I go back, and re-click - I am brought to the appropriate site. This seems to only happen on page one of the results. This is also random - periodically following these steps, I am not re-directed - but more often than not - the HiJack is taking over.Running XP SP3Browser IE8 - started in IE7, upgraded hoping it would fix.Have run various fix attempts (read linked post/conversation)Since starting the various fixes - the issue has progressed - the last time I launched Google Chrome, I got another browser (chrome) as well that launched into a poker site? hmmm....DDS Log:--------------------------------------------------------DDS (Ver_09-12-01.01) - NTFSx86 Run by Dan at 11:26:54.45 on Tue 12/01/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1392 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost ... Read more

A:IE Browser HiJack for Google/Bing Searches (unknown name)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 97.2

My google start page keeps coming up in German. I set the home page to google.com/ncr, but I know there's still a problem. Also, I get redirected sometimes to sites that are NOT what I know the end result page is supposed to be - but rather to a site displaying shopping sites as a search return. This is being posted by a friend using my comp via logmein...

A:google redirected to german version, searches redirected to shopping sites

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

Read other 5 answers
RELEVANCY SCORE 94.8

Hi,

Search results from Google, Yahoo and Bing are being re-directed to other sites. It seems like the first result I click on is OK, but if I back-arrow back to the results and select another it is redirected to random sites. Your assistance is appreciated. Here is the log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Christina at 14:33:03.57 on Sat 08/01/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1286 [GMT -4:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32�... Read more

A:Google/Yahoo/Bing Results are redirected to other sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 93.2

Dear Sir:

When I run a google search, after clicking on a link (which has a known url such as psu.edu), it redirects me to another site. Some of the other sites are campusexplorer.com and something with the word "click" in it. This is through using Mozilla Firefox. I am using Windows 7 32 bit.

Is this malware? I ran Kaspersky Full Scan and it did not show any threats.
 

Read other answers
RELEVANCY SCORE 93.2

For the past 3 days, I have been battling this issue. My search results from any search provider are being redirected to ad sites. The only way I can get to search result pages is to copy the link and paste it into the URL of my browser. I have run complete scans from fully updated Spyware Doctor, Malwarebytes, SuperAntiSpyware and Spybot and I come up clean, but this is still happening. Also, the only way I can open Malwarebytes and Spybot is to copy the executable, rename it, and then open it that way, so those programs are being blocked from opening by something. This is getting pretty frustrating and I can ususally fix this stuff on my own, but I am at a loss, and need the professionals, hehe. I am posting my most recent hijackthis log here as well. I appreciate any help anyone can offer.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:39, on 11/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program... Read more

A:Google searches redirected to ad sites

Hello lwb33 ,Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

Read other 2 answers
RELEVANCY SCORE 93.2

Most sites I search for using a click on Google , i'm getting redirected to ad and sales sites - below is my log from "hijackthis" - Can someone please tell me what I need to remove?

Logfile of HijackThis v1.99.1
Scan saved at 9:32:07 PM, on 6/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Syma... Read more

A:Google searches redirected to ad sites

Hello deca

I`m sorry, but we cannot help you with malware removal in this forum.

Please read ?Virus/Trojan/Spyware Removal Help ? and follow the instructions very carefully; then, post all the requested logs and information in the Virus Help Forum
If you cannot complete any step, just miss it out and do what you can, but be sure to include this information in your post.
Please ensure that you create a new thread in the Virus Help Forum; not back here in this one.

Please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

.

Read other 1 answers
RELEVANCY SCORE 93.2

Hi,
I have a Dell Inspiron Laptop, running Win XP Pro, SP2.
When I search with Google, it returns results consistent with my search. When I click on the links they get redirected to a number of other sites. If I cut and past the URL into the browser it works OK. This problem occurs in Firefox 3.0.4 and IE 6.
Another issue seems to be related to AVG Free. Prior to the above problem it used to download the updates without a problem. Now it can't make the connection to the server.

Thanks for any assistance you can providel

cheers
Chris

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:55 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program F... Read more

A:Google searches get redirected to other sites

bump
 

Read other 2 answers
RELEVANCY SCORE 93.2

Hello,

When I do a search and click on the link I?m being redirected to other ad sites. I?m also having sites to pop up even when I?m not on the internet. I ran my virus and malware programs and nothing was found. I?m not sure what is wrong and what to do at this point. I attached the dds log.

I would greatly appreciate your help

Thanks,
Bumble2016

A:Google searches are being redirected to other sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 14 answers
RELEVANCY SCORE 92.8

Hi,
This is my first post here but I have been on the site before to get help by browsing other members posts & advice. I now, for the first time, am so stuck on what to do to solve this problem that I'm requesting some help myself. PLEASE HELP!!
The problem is that in both Firefox & Internet explorer (I haven't tried other browsers) the results of any search in either Google or Bing are being redirected to junk/ad sites (mostly - but sometimes even ebay or youtube). I then have to click the Back button & clicking the link a second time then takes me to where it should do. This is most annoying!!
So far i have run Avira Antivirus & found nothing. SpyHunter finds nothing. MalwareBytes will only run in safe mode & finds nothing. ComboFix will only run in safemode & does not solve the issue. I have edited my Hosts file to remove a HUGE list of spam sites to leave only this entry: 127.0.0.1 localhost. Also, this may be unrelated but my copy of CopyToDVD stopped working around the same time this issue started. My PC just freezes when I try use this program & I need to switch off with the main power button. Again, this my be unrelated to the search links problem.
Anyway - any help anyone can give me will be greatly appreciated!
Thanks,
Paul.
I forgot to mention that very recently I had a big problem with getting loads of popups, very erratic PC behaviour & stuff disappearing from my Start Menu. Avira & Spyhunter ... Read more

A:Google & Bing search result links redirected to junk sites

I am going to re-post with more information so please ignore this request.

Read other 1 answers
RELEVANCY SCORE 92

Whenever I perform searches on google and click on links I get redirected to malwaresites such as kepko.net.

Eset shows 0 infections.

Maybe you can help me out

A:Google searches are redirected to malware sites

MBAM log:Malwarebytes' Anti-Malware 1.39Database version: 2465Windows 5.1.2600 Service Pack 320.07.2009 14:57:49mbam-log-2009-07-20 (14-57-49).txtScan type: Full Scan (C:\|)Objects scanned: 185165Time elapsed: 53 minute(s), 3 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Edit: I deleted the registry entry, but the problem of redirecting still persists.I also tried running Dr. Web CureIt in SafeMode and regular operation and always get 8j68m.exe has encountered a problem and needs to close. We are sorry for the inconvenience. errors. And the eset log: Scan LogVersion of virus signature database: 4236 (20090712)Date: 19.07.2009 Time: 13:32:48Scanned disks, folders and files: C:\...Scan LogVersion of virus signature database: 4236 (20090712)Date: 19.07.2009 Time: 13:32:48Scanned disks, folders and files: C:&#... Read more

Read other 10 answers
RELEVANCY SCORE 92

Hello,

Not sure when it started, but I just started noticing that after a google search, if I click on a result, sometimes it takes me to some random page like infomash and other sites.
I have bitdefender running - but its coming up clean.

Any help would be great!!
OS is is Windows 7.
Thanks
Rob

A:Google searches being redirected to Infomash and other sites

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to comp... Read more

Read other 12 answers
RELEVANCY SCORE 92

If i search for "cheese" on google, the top searches come up as "cheapcars.com" or something like that.

I see the status bar on the lower left first loading something like "7.7.7" (an ip address?) before it loads the google spam results.

I have already ran the following:

CCleaner, Malware Bytes, Superanti spywear, and I have updated my java to the latest version and deleted my old java.

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:27 AM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software... Read more

Read other answers
RELEVANCY SCORE 92

Hi,

Not sure what is happening, but all of my Google searches are being redirected to advertising sites! When I click the 'back' button and click on the links again, they do tend to go to the correct sites, but this is a bit frustrating; I've run antivirus and 3x anti-spyware programs but the problem continues. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:23:58 PM, on 4/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\syst... Read more

A:Please help - Google searches getting redirected to advertising sites

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.... Read more

Read other 7 answers
RELEVANCY SCORE 92

Hey guys, I'm new here.

Down to business , Now - For about a week or so I've been having this problem.
Every time I search on google and click a link, I end up being redirected somewhere else.
I'm aware of such programs as Malware Bytes and I have ran it once, It found 19 items and deleted them. But, I'm still getting the random redirects, Now if anyone can help me I'd highly appreciate it. This is rather annoying :\

Thanks in Advance!
 

A:Google searches Redirected to other sites & Random pop up ads

Closed and reposted.
 

Read other 1 answers
RELEVANCY SCORE 92

My computer was recently infected with the Windows Recovery Virus. This happened on May 6th. I was able to remove the virus and did a system restore to get my information and settings working correctly. I then noticed random script errors popping up even without my Internet Browser open. Also, random sound bites (commercials and such) would come on even without my browser open. My search engine is being redirected to random websites that have a vague connection to my search. Finally, I keep getting a request to save my changes to the "normal" file in Microsoft Word. This usually happens when I try to close the program or shut down the computer and occasionally when I don't even have Word open. I am attaching the OTL log file I ran last night. Any help you can give me to get rid of these problems would be greatly appreciated.Sincerely,TreyBTW, I have run every Spyware and Antivirus I can think of with no luck. They find somethings, but never find what is causing this problem.OTL logfile created on: 5/11/2011 9:40:35 PM - Run 1OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 959.00 Mb Total Physical Memory | 172.00 Mb Available Physical Memory | 18.00% Memory free2.00 Gb Paging File | 1.00 Gb Avail... Read more

A:My google searches are being redirected to random sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 92

I don't know why but now whenever I type something in the search box of yahoo, google, or msn, and click on the link, I always get redirected to an ad site, not the one I'm looking for. This happened in both Internet Explorer and Firefox. Since my friends' computers are still normal, I thought that maybe this is beecause of a virus/malware.I tried to scan with AVG 7.5, but my computer restarted halfway when I came back. I guess it must be because of the version. I wanted to download AVG 8.5 (there's a message telling me to), but someone told me I would have to pay for it. Does anyone know about this?I also tried to scan using Malwarebytes' Anti-Malware, but it doesn't work. I tried to open it, and there's an hourglass appear telling me to wait. Then it disappear, and then program never opened.I have had another problem a while back, and it still remains until now. When I turn on my computer, there would be a message saying:"IDE Channel 1 no 80 conductor cable installedWarning! CPU has been changed.Please re-enter CPU settings in the CMOS setup and remember to save before quit!"I wonder if this may have something to do with the problem.I have read the guide and installed dds.scr. There're some problems, though. The picture doesn't look like the one in the guide. When I open it, there's no black screen, and there's no attach.txt either. There's a dds.scr though, but it looks gibberish. I attached it here so you guys can look at it.Hope you guys can help! T... Read more

A:Yahoo/Google searches got redirected to ad sites

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

Read other 3 answers
RELEVANCY SCORE 92

Hello, and thanks for any help that may be provided!I'm not sure how long this has been an issue or if this is actually more than one issue. It started with computer slowdowns over the past several months. Virus scanning revealed nothing so I assumed it was hardware-related.However, very recently I began to have difficulty with popup ads. I've never had an issue with popup ads so I began to search for some solutions. Following some advice that I got from this site, I ran the suggested utility (Malwarebytes) and found that my computer was infected with several nasties!!!:Trojan.Vundo.HBackdoor.BotTrojan.DownloaderTrojan.VundoBackdoor.SdbotDisabled.SecurityCenterFollowing the strategies provided in these forums, I was able to clean up most of the mess.The scanning is no longer finding anything, but my Google and Yahoo searches are still being redirected. Sometimes I get a "302 Moved" error page, and sometimes just a blank page.Here are some screenshots to clarify:302 Moved error message when trying to search google from the Firefox search box.
 302_moved.jpg   5.43KB
  4 downloads--------------Message displayed when trying to access Gmail or the Blogger Dashboard
 untrusted_gmail_connect.jpg   44.17KB
  9 downloads--------------Invalid certificate details when trying to access Gmail
 invalid_certificate_details.jpg   39.61KB
  6 downloads--------------Intermittent dialog... Read more

A:Google related-sites and searches being redirected.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 92

okay so I tried to solve this myself by finding previous posts from people with a similar problem, and I tried everything that others have said worked for them, but still no luck.basically if i click a search results directly, or even open in new tab/window, it will get redirected to some random ad site (they vary, not just one ad site). however if I copy the link and ctrl+T to open a new tab and the paste the link, no redirection happens. I use Firefox 3.5.7.i have tried:-malwarebytes (no malicious files found)-super anti-spyware (ran it and nothing found after the 2nd time)-spybot s&d (found some stuff and cleared those, but still have the redirection problem)-combofix - doesn't work for me, i open it and i see the green bar loading, but nothing happens after thatI am looking for some way to fix this Google and other search engine redirection to advertisement websites.Thanks for any feedbackhere is my Hijack This logfile---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:57:10 PM, on 3/20/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesIntelWirelessBinEvtEng.exeC:Program FilesIntelWirelessBinS24EvMon.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesCommon FilesAOLACSAO... Read more

A:Google and Yahoo searches get redirected to ad sites

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 3 answers
RELEVANCY SCORE 91.6

I am using a toshiba satellite laptop with windows 7 64 bit version. I have been using Firefox as my default browser. I also have IE and google chrome. In the past three days, whenever I click on any of the search results in google, it gets automatically redirected to some random website. I have noticed the website blinx opening more than once. It is really frustrating. Initially I thought that the problem might be with the browser add-ons or extensions and I uninstalled Firefox altogether and switched over to Chrome. But the same problem exists. Following the instructions, I am pasting the DDS log below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Lirin at 21:47:32 on 2011-10-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3894.1151 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rap... Read more

A:Google searches are being redirected to unknown site

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 32 answers
RELEVANCY SCORE 91.6

HI! When I do a Google search, then click on a result, I often times get redirected to an ad site, or to Bing. Exceptionally annoying. I have tried Spybot, MBAM, and Advanced System Care, and none of them are removing the malware. I cannot figure out what is causing this. Google's help menu is no help. Any thoughts/suggestions would be appreciated. Ark.txt and Attach are attached, and here's the DDS Log: DDS (Ver_10-10-10.03) - NTFSx86 Run by Steve Snyder at 21:21:51.87 on Thu 10/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.672 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exesvchost.exeC:\Program Files\Application Updater\ApplicationUpdater.exeC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\S... Read more

A:Google searches redirected, unknown malware?

Hello seafarersteve ,I see pieces of Norton in the logs....but not running. Is it out of date? We'll need to get you a good AntiVirus afterward.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Be especially sure that TeaTimer is disabled, or it WILL interfere. If it gives you problems anyway, then temporarily uninstall it so we can do what we need to do here. 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.If you have trouble running it the first time, then rename ComboFix.exe to seafarersteve.exe and try again.Thanks,tea

Read other 6 answers
RELEVANCY SCORE 91.2

Hello everyone.
For the past couple of weeks every time I do a Google Search and click on a link, I get redirected to other sites, sites like dating sites, comparison sites or search engine sites. I have attempted to find any viruses or addware/malware/spyware on my laptop using Microsoft Security Essentials and Malwarebytes anti malware tool but all to no avail.

After searching around I noticed I was not alone in this situation and most people who have been able to solve it have used a program called HiJackThis and then someone points out affected files or something. I'm a computer newbie.

Here is my HiJackThis file log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:01:14 PM, on 31/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Window... Read more

A:I keep getting redirected to other sites when I click on links in Google Searches

Read other 16 answers
RELEVANCY SCORE 91.2

Thank you for taking the time to look at my issue.

I first noticed a problem when I got some kind of error message on startup about "viewpointservic.exe" (it was not "viewpointservice.exe" with the "e" at the end). I tried searching online about the problem, but every link I clicked on in Google searches came to marketing websites. Copying and pasting links directly into the address bar would work, but any antivirus site I tried to access was blocked completely (including this forum--I'm on my wife's laptop at the moment). The internet connection seems to be running very slowly as well.

I removed Viewpoint Media Player through Add/Remove Programs, but that of course has not solved the problem. I had recently switched from AVG to Avast, and thinking that that may have been the problem, I removed Avast and reinstalled AVG (which cannot update itself, since access to www.avg.com is blocked).

I downloaded dds and gmer and transfered them to my desktop on a thumb drive. Gmer would not run (double clicking resulted in a brief moment of the hourglass mouse icon and then nothing), but I was able to run dds. The log is below, and the "attach" file is attached.

Thank you in advance for your help!


DDS (Version 1.0) - NTFSx86
Run by (my name removed) at 11:58:51.03 on Sat 12/06/2008
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1023.829 [GMT -5:00]

============== Running Processes ===============

C:\WINNT... Read more

A:antivirus sites blocked, google searches redirected

1. Download this file

2. Double click to run it

3. When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 6 answers
RELEVANCY SCORE 91.2

When I click on a search result in Google or Yahoo I am redirected to different sites. Does not happen with MSN.Below is my hijack this file. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:57:08 PM, on 2/16/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\palmOne\Hotsync.exeC:\PROGRA~1\MICROS~4\rapimgr.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOW... Read more

A:Yahoo and Google Searches redirected to weird sites

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Read other 2 answers
RELEVANCY SCORE 86.8

HelloOver the last 12 hours my browser get redirected on searches using google and random web pages windows have popped up out of nowhere.Tried to run gmer and DDR - no luck i get a command screen for a second and it ends with an unknown error. Tried various on and offline virus scanners, spybot and Hitman Pro . Also noticed my taskmgr.exe is missing also.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 03:47:54, on 08/04/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\DNA\btdna.exeC:\Program Files\AnVir Task Manager Free\AnVir.exeC:\Windows\System32\mobsync.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt... Read more

A:google searchs get redirected to unknown sites

Ok I seems that with some tinkering and some files importing - namerly the stuff that magically disapeared from sytem32 ive got GMER and DSS runningGMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-04-08 14:50:08Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\Jayrei\AppData\Local\Temp\pxryipoc.sys---- System - GMER 1.0.15 ----INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CAF8INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C104INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C3F4INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E04FB4INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C1DCINT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C958INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C6F8INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CF2CINT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/M... Read more

Read other 15 answers
RELEVANCY SCORE 86

Using Google in IE7, clicking on links usually takes me to unknown or unintended sites (ad sites, shopping sites, etc...) - probably 75-80% of the time. This appears to have started a few weeks ago. Ran CWShredder and Malwarebytes anti-malware, and that did not appear to resolve the problem. DDS report is below and attach and ark reports are attached. Please advise on next steps.
DDS (Ver_09-10-26.01) - NTFSx86
Run by ExcellaUser at 13:57:01.37 on Mon 11/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1125 [GMT -5:00]

AV: avast! antivirus 4.8.1351 [VPS 091101-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.e... Read more

A:Google links being redirected to unknown or unintended sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 18 answers
RELEVANCY SCORE 83.2

Sympotoms of my problem are as follows:When using IE 8 and performing searches on google, if I click on a link for a security or anti-virus related website (such as security.symantec.com) the browser is redirected to random websites such as (juggle.com - liquidnightclub.com - hobonickel.net - mindtext.net).Steps taken so far:BitDefender, Kaspersky and AVG 9.0 scans have all turned up nothing...DDS (Ver_09-10-26.01) - NTFSx86 Run by HP_Administrator at 9:52:49.31 on Sun 11/08/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.145 [GMT -5:00]AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9... Read more

A:Unknown Infection: Links to security sites on google redirected to random pages

Please close this thread - problem has been resolved via combofix.

Ran combofix with following results

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\recycler\S-1-5-21-3001981416-2881349318-4197590940-500
c:\windows\010112010146115110.dat
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\0101120101465452.dat
c:\windows\0101120101465749.dat
c:\windows\934fdfg34fgjf23
c:\windows\IA
c:\windows\ModemLog_PANTECH USB Modem .txt
c:\windows\system32\ps2.bat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job... Read more

Read other 2 answers
RELEVANCY SCORE 77.6

This is one of the most difficult problems I've faced with Windows.

MSIE 8 will not bring up google.com. It works fine on Bing.com, Yahoo.com, etc.

I can go to most any site and it works, (EXCEPT certain pages on the MS website, google.com, etc)

But if I try to go to a ssl site, https://.... it will either time out, or only show the text and nothing else, or just give an error msg that the page does not exist.

Windows Update also fails. gives error number 0x80072EE2.

I have scanned for viruses, using the MS safety scanner, Forticlient and Mcfee all report nothing. AVG does report hooks into atapi and 3 other files. I read as much as I could on these notices and most people online felt these were false positives. Since everyone other program has not alerted to these I have not been too concerned.

I have tried every solution listed here:
http://support.microsoft.com/kb/813444

except no. 6.

I reset MSIE to all the defaults. no diff
I tried to reinstall MSIE 8 by going to the Ms website with Opera (which also works fine) and downloading the stand alone version of MSIE 8 and it installed, but give several errors and rebooted automatically.

When I ran the sfc /scannow it did it's thing had me put the CD in the drive and copied files over... about 60% of the way it said I had the wrong windows CD. The computer originally came with Windows XP Media Edition sp2 and I had upgraded it to Sp3. The CD I was using was Widows XP pro with SP3 from another computer. Sh... Read more

A:MSIE 8 won't show Google but bing, yahoo okay. Most non-SSL sites okay, SSL sites not

Okay, I solved one part of this myself. I noticed on MS answers that someone said to make sure SSL 2 was checked under advanced. I had reset all parameters in MSIE to default, so I just assumed it would be. But I checked and found it was not. So I enabled it and so far, good signs. google.com redirects to https://www.google.com and it works now.

However other secure sites are having some trouble with images/graphics. The page starts to load but does not complete sometimes.

On one of them I got an error msg. I've attached a screen capture.
And windows update still does not work.
 

Read other 1 answers
RELEVANCY SCORE 77.2

I am not sure where to start so I will just jump in. The main problem is that my browser is redirecting me to places I do not want to go. I use Windows XP. I was using EI7 and in an attempt to fix it upgraded to EI8 this morning, it did not help. After experimenting a bit, I noticed that if I do a Google or Bing search from my browser tool bar, I am redirected 100% of the time when I click on the link I want. If I do a search using Yahoo, most of the time, I get to the right place. However, if I do a search through my Yahoo Home Page (which I assumed uses Yahoo as a search engine but I could be wrong) I get redirected through what looks to me like Google and then off to what usually looks like gibberish on a blank screen. Before I found your website, I ran something this morning called unhack me. This is a partial log that I received (it goes on and looks like this all the way down the page):

RegRun NTFS Checker 1.0.3
Processing C:\WINDOWS\

Found rootkit point!
C:\WINDOWS\\$hf_mig$\KB890046\KB890046
Type is MOUNT POINT
Final Destination:
\Device\__max++>\^
Error opening reparse point C:\WINDOWS\\$hf_mig$\KB890046\KB890046 (error 0x5)
Found rootkit point!
C:\WINDOWS\\$hf_mig$\KB904706\KB904706
Type is MOUNT POINT
Final Destination:
\Device\__max++>\^


I tried to follow the instructions on your website and... Read more

Read other answers
RELEVANCY SCORE 77.2

Hi All,

It seems I'm infected with a search engine redirect virus.

All my searches are being redirected when searching on both Google and Bing.

Malewarebytes, Spybot, Hitman Pro have not helped. This happens using IE and Firefox.

OS windows XP -- I need some help please!

Here is my HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:15:33 AM, on 3/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files�... Read more

A:Searches redirecting using Google and Bing

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 4 answers
RELEVANCY SCORE 77.2

Hello,
My searches keep redirecting in both Bing and Google. I have IE9. Previous to this I had the File Recovery Virus on my system. At that point I was using Microsoft Security Essentials, but have since removed that and installed Norton Internet Security 2012. When I ran a full scan with that it found the Trojan maljava!gen8 virus and tracking cookies, but that is it. I used a websie to learn how to remove that and found out about your site and Combofix. The redirect problem still remains. In addition, even without having the Internet up I can hear ads running in the background occasionally if my volume is turned up. It is as if there ghosts in the machine.

I have done all the prequisites as per the Preparation Guide.

Here are the results of my DDS Scan:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Darci at 14:18:07 on 2012-08-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6071.1889 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunc... Read more

A:Bing and Google searches keep redirecting

Good evening. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:

Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Click on Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next.On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt. In the Command Window type in notepad and hit <ENTER>. When a notepad window opens, under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64.exe and hit <ENTER>.

Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

Read other 83 answers
RELEVANCY SCORE 76.4

My browser is redirected upon searches at Yahoo and Google to mock sales and ad sites. Being more than a newb, but less than an expert, I have tried to identify the problem myself, but to no avail. Whenever I open up either browser (when there is not an instance of it running), I get several tabs that will pop up as well and go to the redirect sites, which are often mock-sales sites, ad sites, etc..

I do not know how to fix this issue. This is the first time I have been unable to fix an issue with malware on a computer, it's somewhat emasculating.

Per instructions, I have run DDS and RootRepeal. DDS log is below, Attach and ark are attached.

Help!

-Derek

*******
DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 21:33:29.31 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.244 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\C... Read more

A:Browswers Redirected (Chrome & IE8); Yahoo, Google searches redirected at results...

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 13 answers
RELEVANCY SCORE 76.4

Hi,When using Google in Internet Explorer7 i will search a particular site click on the link and i'm being redirected to a variety of different sites for example:In google i type in "Guild Wars", searching it i get all the listings for guildwars. I click the link for the guild wars website but i get redirected to a variety of different sites that either advertise free ring tones etc or it's another search engine with listings of my original search.I have used spybot, ad aware and Norton and it hasn't resolved this issue. I have created a HJT Log to see if you can help. Logfile of HijackThis v1.99.1Scan saved at 21:53:33, on 23/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\sys... Read more

A:Hjt Log: Redirected Searches To Different Sites

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.

Read other 7 answers
RELEVANCY SCORE 76.4

Any time I do a search and then click the link the search is redirected to a different site like asklots, gugle, gurrgle or weird shopping sites. Favorites menu usually works as does copying and pasting the web address. Included is the requested information. Thank you in advance for you time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Mary Belot at 13:47:20.79 on Sat 09/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.87 [GMT -4:00]AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CSHelper.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\iolo\common\lib\ioloServiceManager.exeC: ... Read more

A:All searches are redirected to various sites

Hello mjb2010 and welcome to the forums here at BleepingComputer.Sorry for the delay in getting to your post here, as you can probably see the forums are very busy. Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Read other 28 answers
RELEVANCY SCORE 76.4

My computer was infected with a virus. I used Malwarebytes and Spybot Search and Destroy. Both removed multiple viruses. I thought the problem was fixed, but that was not the case. Whenever I do a google search in IE and Safari browsers, about 30% to 40% of the links I click on are redirected to reandom sites, usually things like apartmentfinder.com, ect. If I manually enter the URL of a site, it works fine. It is only when I search that I have the problem. I ran Combofix after a friend suggested it. It did not fix the problem. I also uninstalled IE 8 and had no results.

DDS (Ver_09-11-24.01) - NTFSx86
Run by HP_Owner at 21:47:27.70 on Mon 11/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1733 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:�... Read more

A:IE Searches Are Redirected to Different Web Sites

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 21 answers
RELEVANCY SCORE 76.4

Hi Guys,I'm looking at my Aunt's computer for her as many of her searches on Google or Bing are being re-directed to various different advertising web sites. The same thing happens in Internet Explorer and FireFox.I have had little experience with this type of problem, especially with Window 7 Home Premium - 64 bit version (as is installed on this PC).Normally, she uses SpyBot Search & Destroy and SuperAntiSpyware, with AVG antivirus. None of these programs can detect a problem.GMER would not allow me to select all the suggested options. It would only allow Services, Registry, Files (C:) and ADS. All the other checkboxes were greyed out.Any help you can offer would be greatly appreciated. Cheers.DDS (Ver_10-10-21.02) - NTFS_AMD64 Run by Z5610 at 20:40:20.97 on Mon 25/10/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4093.2186 [GMT 10.5:30]SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files (x86)\AVG\AVG9\avgchsva.exeC:\Program Files (x86)\AVG\AVG9\avgrsa.exeC:\Windows\system32\lsm.exeC:\Program Files (x86)\AVG\AVG9\avgcsrva.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system... Read more

A:Browser re-directs from Google or Bing searches

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 17 answers
RELEVANCY SCORE 76.4

This just started earlier today. My default search engine in Firefox is set to Google. WhenI first start Firefox and type in a word like gold in the search bar, I get a page of Google results as expected. If I then enter another word, like silver, in the search box, I get a page of Bing search results for that word. All the following search box entries also go to Bing. Checking the Firefox search preferences still shows Google.

If I enter www.google.com in the address bar, I get the https version of the Google search page with a search box in the middle of it. If I start to enter a word like titanium in the search box, the search box jumps to the top of the page. Clicking on the magnifying glass takes me to a page of Bing results. The three attached screen caps show each of the previous steps.


I am using 32-bit Firefox version 53.0 on a computer running Windows 8.1 Pro. Comcast is our ISP and traffic is going through a SonicWall firewall device. I do not get this behavior with IE 11.
 

Read other answers
RELEVANCY SCORE 75.6

I'm not sure what I'm infected with, but it looks like it might be called Akamai. My google and bing searches time out after about 10 seconds, the page never loads. Everything else about my computer seems fine and even google related sites are fine such as gmail and plus. Looking for help, I posted first in the internet help forums where we found this in my hosts file: 87.229.126.50 www.google.com87.229.126.51 www.bing.comAfter manually deleting these files they still came back, so I posted in the Am I Infected forum which you can read here.Ran Security Check, Super AntiSpyware, GMER (even though I'm 64-bit, oops), ESET, MiniToolBox, reset my hosts file and router and TDSS killer which found this: 22:00:54.0234 6776 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll22:00:54.0234 6776 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af22:00:54.0240 6776 Akamai ( HiddenFile.Multi.Generic ) - warning22:00:54.0240 6776 Akamai - detected HiddenFile.Multi.Generic (1)22:02:16.0677 5152 Akamai ( HiddenFile.Multi.Generic ) - skipped by user22:02:16.0677 5152 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip At which point I was told to come and post here, so here I am, and here are my logs as requested, minus GMER since I'm running 64-bit.

A:Infected with... Akamai? Google/Bing searches time out

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 16 answers
RELEVANCY SCORE 75.6

whenever i search on any search engine and on any browser(opera, firefox, and explorer). I have used Avira, malware bytes, spybot search and destroy, ad aware, and hitman pro none of which have fixed my problem here is my hijack this log someone please help!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:02 AM, on 5/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpe... Read more

A:bing, yahoo, and google searches go to wrong site

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents ... Read more

Read other 3 answers