Over 1 million tech questions and answers.

Google sites blocked and searches redirect to various puma.com sites.

Q: Google sites blocked and searches redirect to various puma.com sites.

Any google affiliated site comes up with a "404 not found, nginx" page. I can do a search on google.com, but when I click on a link from the search it first redirects to dietpuma.com or any ****puma.com site before taking me to the site I want. This problem will spontaneously go away once in a while but always comes back. I've tried solutions I found online about 'hosts' files but didn't work. Any help is much appreciated! I tried to adhere strictly to the instructions found on the 'preparation guide'. Here is the DDS log, I ran GMER and it said 'no modifications found' or something to that effect. I saved the gmer log, but it is blank. Please advise if I did this correctly. Thanks again!
-Andy

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Andy at 1:28:00 on 2012-02-13
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.3999.2644 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
StartupFolder: C:\Users\ANDYKI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andy \AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://qp2.sgu.edu/qp2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sgu.webex.com/client/T27LB/webex/ieatgpc1.cab
TCP: DhcpNameServer = 85.195.91.34
TCP: Interfaces\{717D9478-9040-420F-B209-DFAE07146D13} : DhcpNameServer = 85.195.91.34
TCP: Interfaces\{717D9478-9040-420F-B209-DFAE07146D13}\1417571624561627D27657563747 : DhcpNameServer = 63.245.66.41 63.245.66.42
TCP: Interfaces\{717D9478-9040-420F-B209-DFAE07146D13}\A456C6C697245616E6 : DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{ED3B826A-19B6-446C-B8DB-A00C9F83C938} : DhcpNameServer = 192.168.1.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AutorunsDisabled - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-10 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-2-11 821592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-6 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-31 130008]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-9-19 45312]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-24 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-2-11 33184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\F97C.tmp --> C:\Windows\system32\F97C.tmp [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-2-11 21872]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-2-11 21384]
.
=============== Created Last 30 ================
.
2012-02-13 04:58:08 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2012-02-13 03:35:16 6144 ------w- C:\Windows\System32\F97C.tmp
2012-02-13 03:33:51 6144 ------w- C:\Windows\System32\B05B.tmp
2012-02-13 00:54:22 -------- d-----w- C:\Users\Andy\AppData\Roaming\AVG
2012-02-13 00:29:17 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-12 19:41:12 6144 ------w- C:\Windows\System32\8832.tmp
2012-02-12 08:59:28 6144 ------w- C:\Windows\System32\3C8.tmp
2012-02-12 08:57:31 6144 ------w- C:\Windows\System32\3948.tmp
2012-02-12 04:57:17 -------- d--h--w- C:\ProgramData\Common Files
2012-02-12 04:38:35 -------- d-----w- C:\ProgramData\MFAData
2012-02-12 03:27:41 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-02-12 03:12:13 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2012-02-12 03:11:27 -------- d-----w- C:\ProgramData\Hitman Pro
2012-02-12 00:14:06 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2012-02-12 00:14:06 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-02-12 00:14:06 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-02-12 00:09:30 -------- d-----w- C:\Users\Andy\AppData\Roaming\IObit
2012-02-12 00:09:28 -------- d-----w- C:\Program Files (x86)\IObit
2012-02-11 23:48:19 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-02-11 23:37:53 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-02-11 21:22:19 6144 ------w- C:\Windows\System32\4AC5.tmp
2012-02-11 20:30:29 -------- d-----w- C:\Windows\pss
2012-02-11 09:01:56 6144 ------w- C:\Windows\System32\65D7.tmp
2012-02-11 05:33:36 -------- d-----w- C:\## aswSnx private storage
2012-02-11 05:18:53 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-11 05:18:53 -------- d-----w- C:\Program Files\AVAST Software
2012-02-11 03:57:52 -------- d-----w- C:\Users\Andy\AppData\Local\NPE
2012-02-09 06:20:12 98816 ----a-w- C:\Windows\sed.exe
2012-02-09 06:20:12 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-09 06:20:12 256000 ----a-w- C:\Windows\PEV.exe
2012-02-09 06:20:12 208896 ----a-w- C:\Windows\MBR.exe
2012-02-09 04:24:38 6144 ------w- C:\Windows\System32\9E9F.tmp
2012-02-08 17:31:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 06:32:14 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-02-08 05:12:12 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-02-08 05:12:12 -------- d-----w- C:\Program Files\HitmanPro
2012-02-08 05:11:28 -------- d-----w- C:\ProgramData\HitmanPro
2012-02-08 04:38:49 -------- d-----w- C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 04:38:16 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-08 04:38:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-08 00:37:59 6144 ------w- C:\Windows\System32\2FB7.tmp
2012-02-08 00:37:39 -------- d-----w- C:\Program Files (x86)\Sophos
2012-02-07 23:42:32 388096 ----a-r- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-07 23:42:32 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-07 22:11:31 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2012-02-07 01:59:54 -------- d-----w- C:\Users\Andy\AppData\Roaming\Malwarebytes
2012-02-07 01:59:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-07 01:59:36 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-07 01:59:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-04 05:07:59 -------- d-----w- C:\Users\Andy\AppData\Local\DDMSettings
2012-01-31 05:22:45 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207000.00D\symefa64.sys
2012-01-31 05:22:45 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207000.00D\srtsp64.sys
2012-01-31 05:22:45 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207000.00D\symds64.sys
2012-01-31 05:22:45 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207000.00D\srtspx64.sys
2012-01-31 05:22:45 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207000.00D\symnets.sys
2012-01-31 05:22:45 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207000.00D\ironx64.sys
2012-01-31 05:22:34 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207000.00D
2012-01-29 05:33:53 -------- d-----w- C:\ProgramData\Gogii
2012-01-27 21:46:19 -------- d-----w- C:\Users\Andy\AppData\Roaming\WildTangentv1001
2012-01-27 13:31:22 -------- d-----w- C:\ProgramData\SpinTop Games
2012-01-26 16:09:04 -------- d-----w- C:\Users\Andy\AppData\Local\TimeParadox
2012-01-26 07:05:38 -------- d-----w- C:\ProgramData\Enkord
2012-01-26 06:51:02 -------- d-----w- C:\ProgramData\Sony Online Entertainment
2012-01-21 20:20:54 -------- d-----w- C:\Program Files\iTunes
2012-01-21 20:20:54 -------- d-----w- C:\Program Files\iPod
2012-01-21 20:20:54 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-21 20:17:08 -------- d-----w- C:\Program Files\Bonjour
2012-01-21 20:17:08 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-21 20:12:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-21 20:12:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-21 20:12:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-21 20:12:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-21 20:12:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-21 20:12:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-21 20:12:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-20 04:19:33 -------- d-----w- C:\ProgramData\Panasonic
.
==================== Find3M ====================
.
2012-01-12 00:19:16 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 1:28:38.98 ===============

RELEVANCY SCORE 200
Preferred Solution: Google sites blocked and searches redirect to various puma.com sites.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Google sites blocked and searches redirect to various puma.com sites.

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

Read other 16 answers
RELEVANCY SCORE 115.2

Thank you for taking the time to look at my issue.

I first noticed a problem when I got some kind of error message on startup about "viewpointservic.exe" (it was not "viewpointservice.exe" with the "e" at the end). I tried searching online about the problem, but every link I clicked on in Google searches came to marketing websites. Copying and pasting links directly into the address bar would work, but any antivirus site I tried to access was blocked completely (including this forum--I'm on my wife's laptop at the moment). The internet connection seems to be running very slowly as well.

I removed Viewpoint Media Player through Add/Remove Programs, but that of course has not solved the problem. I had recently switched from AVG to Avast, and thinking that that may have been the problem, I removed Avast and reinstalled AVG (which cannot update itself, since access to www.avg.com is blocked).

I downloaded dds and gmer and transfered them to my desktop on a thumb drive. Gmer would not run (double clicking resulted in a brief moment of the hourglass mouse icon and then nothing), but I was able to run dds. The log is below, and the "attach" file is attached.

Thank you in advance for your help!


DDS (Version 1.0) - NTFSx86
Run by (my name removed) at 11:58:51.03 on Sat 12/06/2008
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1023.829 [GMT -5:00]

============== Running Processes ===============

C:\WINNT... Read more

A:antivirus sites blocked, google searches redirected

1. Download this file

2. Double click to run it

3. When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 6 answers
RELEVANCY SCORE 110.8

Hi,

Whenever I use Google on either Firefox (3.5.7), or Internet Explorer (IE8), the search results come up fine. However, when I click on a result, it SOMETIMES redirects me to some other, random page. Other times it works ok.

Please help!

Here is a HijackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:42, on 31/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files... Read more

A:Google searches redirect to different sites

From the look of things, the ComboFix seems to be recommended to everyone with this problem, so I took the liberty of running it myself. Here is the log file:

ComboFix 10-01-30.07 - Jim 31/01/2010 19:29:58.2.2 - x86
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2036.1055 [GMT 0:00]
Running from: c:\users\Jim\Desktop\comfix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 19:36 . 2010-01-31 19:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-31 19:36 . 2010-01-31 19:36 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-01-31 19:36 . 2010-01-31 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-31 19:36 . 2010-01-31 19:36 -------- d-----w- c:\users\Darren\AppData\Local\temp
2010-01-31 18:18 . 2010-01-31 18:18 -------- d-----w- c:\program files\Trend Micro
2010-01-31 17:44 . 2009-12-14 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\NAVENG.... Read more

Read other 3 answers
RELEVANCY SCORE 110.8

When I search something in google and the list of findings come up, if I click on any of them I get redirected to an advertisement site.
It redirects to a form of go.google.php then takes me to an ad page.
I have tried searching for people with similar problems but none of the solutions work.
Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:29:06 PM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\hello\Desktop\d2hackmap_v1.14\d2hackmap.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\buoN54HT.exe
\greenteapc... Read more

A:Google searches redirect me to ad sites

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, please do this:

You are using an outdated version of HijackThis. Please uninstall from Add or Remove Programs, and then delete your current version.

Next, download HijackThis to your desktop

Alternate link
Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Just close it for now.
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click U... Read more

Read other 2 answers
RELEVANCY SCORE 110.8

This showed up about a week ago. It was sporadic, now it seems to be most search results. McAffee and Malwarebytes do not find any infection, though Malwarebytes frequently stops the redirect stating that I'm attempting to go to a dangerous website. It is often Scour.com, but there are other sites too. My machine is running Windows 7, 64 bit. This occurs in both Internet Explorer and Firefox. I have not included the gmer logs since it notes that it isn't valid for 64bit machines. Thank you for taking your time helping me.

Steph

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by steph at 9:47:04.01 on Fri 04/08/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7928.5777 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNet... Read more

A:Google Searches Redirect to Other Sites, both FF and IE

I tried many things listed on the other threads, and it *seems* that running ComboFix did the trick. So if you all would like to ignore me, feel free. I will post again if the problem should return.

THANK YOU!!

Read other 2 answers
RELEVANCY SCORE 110.8

When I do Google searches, much of the time the links I click will redirect me to one adsearch site or another, which then redirects me to an ad site. When I run command/cmd, it just restarts explorer. Various programs have randomly been getting 'critical errors' and 'need to close'. I have the free versions of AVG and Malware-Bytes installed. I tried getting combofix.exe off your site, but when I tried to download it, firefox closed itself. When I did get it off another computer via USB drive, it wouldn't run. Any help would be very appreciated.

A:Google searches redirect to ad sites

Lets start here:The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 13 answers
RELEVANCY SCORE 109.6

Hi Everyone. I'm new here, and this is my first time posting a topic. I use Mozilla Firefox 3.6.4 on Windows 7, and when I click on links from Google search, it redirects me to other sites. This happens about 25% of the time, and I have to click on the same link 4-7 times before it directs me to the right site. Occasionally, ads pop up even though I didn't click on anything. I ran a scan with BitDefender, but it didn't detect anything. If anyone can help me with this, it would be great. I've pasted a HijackThis log below. Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:39:45 PM, on 6/25/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\windows\system32\Dwm.exeC:\windows\system32\taskhost.exeC:\windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\System Control Manager\MGSysCtrl.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\... Read more

A:Links on Google searches redirect to other sites

Hi Rigen,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - Preparation GuidePlease follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.STEP 2 - MBAMPlease download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When... Read more

Read other 15 answers
RELEVANCY SCORE 109.6

When using the Google search engine the links that I want to go to get redirected to a random, various ad sites. It does not happen all the time. Some help would be awesome. Thanks.

DDS file:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000
Run by Thien at 8:48:58 on 2011-08-13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4027.2091 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:... Read more

A:Google searches redirect to unwanted sites.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 109.6

Like others who have posted here, I find that when I perform a Google search, I am directed to pages that look like good matches according to the blue text, but which actually turn out to be redirected to unrelated sites, including security-antivirus.com, freescan.antivirus.com, www.strikingoffers.com, www.monstermarketplace.com, and stuff.maxim.com, to name just a few recurrent examples.

Before and while this problem has occurred, I have had McAfee Internet Security 2009 installed and running, with automatic updates that take place daily. System scans run after this problem appeared indicated no problem. The firewall is in place. Since I have discovered this problem I have downloaded and run Spybot-Search and Destroy, which told me it detected no problem. But I definitely think there is one! I am careful with my browsing (no adult sites, no questionable sites) and don't click on links in emails of unknown origin (and in fact generally don't open emails of unknown origin) so I am a little chagrined at having picked up this bug somewhere.

In addition to the search redirection, my C: drive has been making the kind of noise it makes when it is running some kind of process in the background--it makes this sound almost constantly. At times, the computer's performance slows considerably, but at other times it seems fine (though I'm limiting my time on this computer while the problem is going on).

Here is my log that I got by following the steps laid out in the instru... Read more

A:Google searches redirect to unrelated sites

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 16 answers
RELEVANCY SCORE 109.6

I see that this seems to be a relatively-prevalent problem recently. Google search link results are randomly redirecting to what I am sure are malware sites. Thankfully, I have NoScript active, so the pages don't actually load. Still, all attempts to remove the problem using Windows Defender, UnHackMe, Avast, and Housecall have failed I even changed over my DNS to OpenDNS in the hopes that it would solve the problem. I didn't think it would, and it didn't, but it was worth a shot.

I am running Windows 7 Ultimate on a Lenovo IdeaPad Y510.

Thanks so much for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:13 PM, on 10/24/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Users\Geekza\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilter... Read more

A:Google searches redirect to random sites

I ended up reverting to a restore point created yesterday, when all was well. It seems to have worked. If the problem rears its ugly head again, I'll come back and post again. Thanks!
 

Read other 1 answers
RELEVANCY SCORE 109.6

Hi Everyone. I'm new here, and this is my first time posting a topic. I use Mozilla Firefox 3.6.6 on Windows 7, and when I click on links from Google search, it redirects me to other sites. This happens about 25% of the time, and I have to click on the same link 4-7 times before it directs me to the right site. Occasionally, ads pop up even though I don't click on anything. I ran a scan with BitDefender, but it didn't detect anything. If anyone can help me with this, it would be great. I've pasted my HijackThis log below. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:21 PM, on 6/28/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCA.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\Ar... Read more

A:Links on Google searches redirect to other sites

Download TDSSKiller and save it to your Desktop.
Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log

 

Read other 1 answers
RELEVANCY SCORE 109.6

When I do a google search and I click on the hyperlink, I am not taken to the pages I am trying to go to. I am taken to random advertisement pages. I have run malware-bytes and prevx, both show clean. This redirect problem happens under mozzilla and IE

The URL that causes the redirects 83.133.124.109 that is the main website that all the redirects come from an example of one of the redirects is
83.133.124.109/click.php?c=66b866880b771b1b7dd6f9b9ec00



DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 21:36:22.95 on Sat 01/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1979.1348 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 091229-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Intel... Read more

A:Google searches redirect to random sites

Welcome to the forum ramscards05
Are you still in need of assistance ? if so are there any changes since you last posted and what has been done ?

Read other 3 answers
RELEVANCY SCORE 109.2

Hello
This thanksgiving i was download a few files from the internet.. and wha thappened next is that .. whenever i search for something on google, it redirects to a new site that are allll maliciious sites/porn sites !! I am scared to death as this is my office laptop and i am not the kind to browse for this sort of stuff, especially on my office laptop ! I am sure there is a lot of viruses/malwares infecting my laptop . I tried running sophos antivirus , avast antivirus (which did remove a few viruses)) , followed by malware-byte antimalware and spyware doctor. The problem still remains !! I have tried this on IE , Firefox and Chrome. Problem persists on ALL of them !!
Please help me ... here is the contents of the dds.txt pasted below , and the attach.txt and ark.txt are attached. Thanks !!!!

DDS.txt ---
DDS (Ver_09-11-29.01) - NTFSx86
Run by 203017980 at 12:18:36.74 on Mon 11/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1152 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sophos Client Firewall *enabled* {0786E95E-326A-4524-969... Read more

A:Malware infected. Redirects google searches to mal-sites and porn-sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 108.8

Hi all,

My PC appears to be infected, but nothing is detecting it, including Malwarebytes' Anti-Malware.

I'm experiencing tons of redirects on site loads, e.g. typing in a site into the address bar, Google searches, etc. as well as inappropriate popup ads.

Could someone please assist me in some next steps as to how to remove these redirect attacks I'm experiencing?

Thanks -

Best,

Anthony

A:Sites & Google Searches Redirecting to Ad Sites, Innapropriate Popups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please dow... Read more

Read other 34 answers
RELEVANCY SCORE 108.8

Google search redirects through clickfraud.com to advertising sites.

I live on google search, so it's been very tough for me. I am an internet marketer.

here is my log file


DDS (Ver_09-12-01.01) - NTFSx86
Run by laci at 12:03:36.89 on Thu 03/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3134.1773 [GMT -5:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\TeamViewe... Read more

A:Google searches redirect through clickfraud.com to advertising sites...

Hi,

DNA
UseNeXT

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 19 answers
RELEVANCY SCORE 108.8

I seem to be having the same problem that many others are having where I open IE or safari, do a google search and then I see this "overclick" redirection and the results take me to random sites. I have tried both Malware Bytes and Ad-aware, both did nothing. I also have noticed that there doesnt seem to be a problem if I am browsing using AOL 9.1. Also of note, before I found BleepingComputer.com for help I found another forum that reccomended d/l ComboFix. I ran the program, and noticed that it sped the computer up a bit, but I am still getting overclick redirects. Little did I know but you guys (Bleepingcomputer.com) designed the combofix program. Anyway after some other searches I found you guys. (wish I started here first.) Any help would be great. Thanks.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Tyler at 18:45:19.48 on Tue 07/21/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2008.957 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows�... Read more

A:Google and Yahoo Searches Redirect to other sites in IE and Safari

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please. Also, include contents of c:\ComboFix.txt file.

Read other 2 answers
RELEVANCY SCORE 108.8

google search works correct but clicking on provided links redirect to different websites only on 3rd click it redirect to correct website.Ran Hijackthis, Norton Antivirus, spyboot, mbam.Please help.Here is a latest Hijack file after all cleanup:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:10:46 PM, on 10/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXED:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeD:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\LTSMMSG.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B... Read more

A:Google/yahoo searches redirect to random sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 108.8

I noticed last few weeks that my laptop has been behaving strangely when I do web searches and get redirected to many fake sites without logitimate results presented. When I am logged in with my google account, however, I can search google with normal accuracy and no issues, so this seems to happen when I am not logged in to google account, and rather just simply searching the web. I downloaded and ran several malware programs including Spybot S&D, Malwarebytes, and AdAware with no success. I have XP firewall turned on now, and since then installed McAfee anti-virus suite which is running. See HijackThis log below. Not sure what's infecting it, but it won't go away. ThanksDDS (Ver_09-01-07.01) - NTFSx86 Run at 14:50:04.60 on Thu 01/08/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2318 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\... Read more

A:Google, Yahoo Searches Redirect to fake sites

Howdy, my name is Hoov, and I will be helping you with your dilemma. Sorry it took so long to get you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow th... Read more

Read other 2 answers
RELEVANCY SCORE 107.6

Yesterday most of the links on Google began redirecting me to sites blocked by Trend Micro. Also random tabs occasionally appear containing ads. All pop-ups are still blocked.
Dell Inspiron e1705
Windows Vista
Mozilla Firefox
Any help is appreciated
Thanks!
-Luke

A:Google Links Redirect to Blocked Sites

Anyone?

Read other 1 answers
RELEVANCY SCORE 107.2

Please help me. I am having several problems that I've never had before with my computer and I am now convinced that it is hi-jacked and infected with malware.

The only protection I have used since I got the computer is avast antivirus protection and piriform ccleaner. I have had no malware, spyware or viruses on this computer in the past. I've had it for almost a year.

However my computer has since yesterday (i think) become infected. It has not slowed down much, but whenever I use Google, it redirects me to random sites. Many websites I visit regularly that have never had pop-up ads before now have pop-up ads.

When I went to check my e-mail in Hotmail, I received this message constantly:

"Please refresh your browser window. When you access your Windows Live Hotmail account from more than one computer, we ask you to sign in again to help keep your account private and secure."
At this point I decided to install Spybot, however the website was blocked. I went to download.com and downloaded it and attempted to install but I was unable to, receiving this message:

"Error sending request. The server name or address could not be resolved."

I just installed ad-aware and did a full scan and it found one malware agent and supposedly fixed it, but after rebooting all of these issues are still occuring.

So this brings me to here and now. I just downloaded Trend Micro HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Sca... Read more

A:Google redirects to random sites, some sites blocked, can't install spybot.

Read other 6 answers
RELEVANCY SCORE 101.6

I would very much appreciate your help with this. It?s driving me Crazy. When clicking on links using Google search pages, I am relentlessly redirected to other commercial sites, many infected and most of them sticky. I must copy and paste the URLs to reach the correct site. Even that can be overridden. The same is true of Yahoo search to a lesser degree. Once redirected, an AVG ?Threat Blocked? window often comes up with a basketful of Trojans. MalwareBytes etc. have neither detected nor fixed it.Wow. Things have gotten nasty out there! Thank you so much!p.s. While running GMER, Resident Shield found 2 instances of ?Trojan Horse Generic2_cACOT?. I removed one but the other was ?inaccessible?, presumably because it had just been removed. (?) DDS (Ver_10-03-17.01) - NTFSx86 Run by Kay at 20:38:40.00 on Wed 05/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.783 [GMT -7:00]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Data Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\S... Read more

A:Google, Yahoo search redirect to infected sites, commercial sites

Hello nandinaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a war... Read more

Read other 25 answers
RELEVANCY SCORE 101.6

Hey Guys,

I sure hope someone can help me with this one. The problem is basically what the title says - any link clicked on via Google is redirected to an ad site, a dead site, or some kind of anti-spyware site (seldom the same site), pretty much all Anti-Virus anti-spyware sites are inaccessible unless visited via a proxy, and likewise no programs can update via the internet.

I read somewhere that it could be in the windows Hosts file redirecting traffic, but there is nothing like that in there. Really clueless here. Here are my logs.

Info.txt

info.txt logfile of random's system information tool 1.04 2008-12-09 16:39:09

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120... Read more

A:All Google Links & Antivirus Sites Redirect to Spam/Ad/Junk Sites

Hello rolypoly,Well, you posted all the garbage I don't need, and didn't post the part I do need. Delete that thing, please and get HijackThis : http://www.trendsecure.com/portal/en-US/th.../hijackthis.phpPlease post the log in your reply. Do you have a router?Thanks,tea

Read other 9 answers
RELEVANCY SCORE 100

I have run both HiJackThis and RTIS... I will post the HiJackThis logfile below, please take a look and let me know if you will need the RTIS logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:51 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Micros... Read more

Read other answers
RELEVANCY SCORE 100

I have a Windows 2002 XP/SP3 computer with Firefox. Three weeks ago I had a malware infection, Windows Security Essentials, that seemed to be deleted by an install of Malwarebytes. As my AVG anti-virus free software had been begging for an update I did so but noted that the install screen seemed to run for hours and after a reboot though the AVG folder was in the Program folder there were no AVG icons or EXE's to run. I was busy and time passed. A week later I noticed the Just-in-time debugger started popping up and asking me to run a JIT debugger but there was not one to run. Dismissing it simply let it pop up minutes later so I minimized it and ignored it. After a week of that I found that my browser started redirecting to other sites, first on occasional searches then on every search. Re-running the Malwarebytes and the already installed Spydoctor did not help. One time a pop-up window appeared asking me to install some alternate browser, I used the task window to close it. I now cannot do any searching though I can plug in a website and go to it directly. After reading your "how to" message I ran the programs and will attach the proper files and post below.
Thank you for your time and attention.

DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 20:22:15.68 on Sun 11/14/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.114 [GMT -5:00]

============== Running Processes ===========... Read more

A:IE blocked searches go to Adware sites

Hello VetDoctor, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click... Read more

Read other 5 answers
RELEVANCY SCORE 98.4

my browsers keep showing vimax ads, and also when i click on some links they redirect to other sites that seem like more malware sites. thanks in advance for your help!i scanned with hijackthis and the log will follow, along with the dds report.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:00:49 PM, on 2/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\ALCMTR.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetE... Read more

A:vimax ads / google sites redirect to other sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 94.4

Hello,

My first post here. I recently used Malware Bytes (paid edition) and Super Antivirus (free edition) to remove Antimalware Trojan. I thought all was well until all my searches (Google, Yahoo, & Bing) are being redirect to to Ad Sites. Please help, this is my work computer!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:57 PM, on 10/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Online Backup\Agent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\sct12509\Desktop\HijackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,De... Read more

Read other answers
RELEVANCY SCORE 93.6

I realized I had a problem when my Google search links started redirecting me to pharmaceutical sites, or sometimes just not loading at all. I notice Firefox is always loading something like "100ksearches" in the bottom left of the browser before it redirects or fails to load. I've been all over the internet looking for solutions, downloading a bunch of anti-virus/malware programs and scanning repeatedly. I can't find anything unusual and I don't know any better myself as to exactly what is going on. The only thing I can tell is that every person has a different solution for a similar problem and none of them seem to work. I found this website in one of the comments sections and thought maybe someone wiser than I could help explain what is going on. The problem is frustrating to say the least, and also nerve racking because I don't know the extent to which my personal information is being compromised. Does anyone have any insight? Thanks so much!

A:Searches Redirect to Junk Sites

What all have you downloaded and tried?

Read other 9 answers
RELEVANCY SCORE 91.6

Hi,
I have a Dell Inspiron Laptop, running Win XP Pro, SP2.
When I search with Google, it returns results consistent with my search. When I click on the links they get redirected to a number of other sites. If I cut and past the URL into the browser it works OK. This problem occurs in Firefox 3.0.4 and IE 6.
Another issue seems to be related to AVG Free. Prior to the above problem it used to download the updates without a problem. Now it can't make the connection to the server.

Thanks for any assistance you can providel

cheers
Chris

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:55 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program F... Read more

A:Google searches get redirected to other sites

bump
 

Read other 2 answers
RELEVANCY SCORE 91.6

Hi there,

Whenever I use Google, or any other search engine for that matter, whenever I click on any link from that search engine I automatically get redirected to some other add site. I'm not sure if you can help, but if you could it would be much appreciated. Thanks!!

DDS (Ver_09-07-30.01) - NTFSx86
Run by Evan at 4:51:03.93 on Mon 08/24/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.3069.1290 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.10\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k ... Read more

A:Google searches keep redirecting me to add sites.

hi.

Welcome to TSF once again.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe

-------------------------------------------------------------------------
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

-----------------------------------------------------------------------
I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

----------------------------------------------------------------------

We will begin with ComboFix.exe. Please visit this webpage for down... Read more

Read other 18 answers
RELEVANCY SCORE 91.6

they redirect me to sites like tazinga which i have no idea what it is help me plz is getting very annoying

Read other answers
RELEVANCY SCORE 91.6

First I conduct a Google search. Then when I click on the link it doesn't take me to the intended site. Instead it will redirect me to an ad site like infomash or a site advertising a something in my search such as an "ipod". It has been occurring for a couple of months now and seems to becoming more frequent. It only occurs when I search for things on Google and not when I use my bookmarks. I use Windows XP SP3, Firefox 3.6.8, AVG Free 9.0.851, and Comodo Firewall 4.1.150349.920DDS (Ver_10-03-17.01) - NTFSx86 Run by Josh at 9:15:38.15 on Wed 08/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1259 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\Explorer.EXEC:\WINDOWS\syst... Read more

A:Google searches redirecting to ad sites

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 13 answers
RELEVANCY SCORE 91.6

Every time I use Google or Yahoo to search for different sites, I would be redirected to other search sites.I am unable to remove the malware/infection with Malwarebytes Anti-Malware, Cwshredder, Super Antispyware, McAfee, Avira Antivirus, and Spyware Terminator. I have included my log from Hijack This, and would appreciate some help on this matter.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 6:44:16 PM, on 7/7/2011Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\apple_v50\wdm\STacSV.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WIN... Read more

A:Google searches being diverted to other sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 91.6

For the past 3 days, I have been battling this issue. My search results from any search provider are being redirected to ad sites. The only way I can get to search result pages is to copy the link and paste it into the URL of my browser. I have run complete scans from fully updated Spyware Doctor, Malwarebytes, SuperAntiSpyware and Spybot and I come up clean, but this is still happening. Also, the only way I can open Malwarebytes and Spybot is to copy the executable, rename it, and then open it that way, so those programs are being blocked from opening by something. This is getting pretty frustrating and I can ususally fix this stuff on my own, but I am at a loss, and need the professionals, hehe. I am posting my most recent hijackthis log here as well. I appreciate any help anyone can offer.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:39, on 11/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program... Read more

A:Google searches redirected to ad sites

Hello lwb33 ,Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

Read other 2 answers
RELEVANCY SCORE 91.6

Hello,

When I do a search and click on the link I?m being redirected to other ad sites. I?m also having sites to pop up even when I?m not on the internet. I ran my virus and malware programs and nothing was found. I?m not sure what is wrong and what to do at this point. I attached the dds log.

I would greatly appreciate your help

Thanks,
Bumble2016

A:Google searches are being redirected to other sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 14 answers
RELEVANCY SCORE 91.6

Good morning!

A couple of weeks ago, I noticed my google search went to some unknown domain site. I dismissed it. But now every google search goes somewhere else like 'googlesearchserver.net, then 'searchland.net' then to a variety of unintended sites.

I ran the DDS program: Results are below and the 'Attach' file is attached. Thank you in advance for your help!
DDS (Ver_09-06-26.01) - NTFSx86
Run by Brian at 7:43:24.45 on Sat 07/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1333 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Fil... Read more

A:Google searches hijacked to other sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 10 answers
RELEVANCY SCORE 91.6

Most sites I search for using a click on Google , i'm getting redirected to ad and sales sites - below is my log from "hijackthis" - Can someone please tell me what I need to remove?

Logfile of HijackThis v1.99.1
Scan saved at 9:32:07 PM, on 6/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Syma... Read more

A:Google searches redirected to ad sites

Hello deca

I`m sorry, but we cannot help you with malware removal in this forum.

Please read ?Virus/Trojan/Spyware Removal Help ? and follow the instructions very carefully; then, post all the requested logs and information in the Virus Help Forum
If you cannot complete any step, just miss it out and do what you can, but be sure to include this information in your post.
Please ensure that you create a new thread in the Virus Help Forum; not back here in this one.

Please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

.

Read other 1 answers
RELEVANCY SCORE 91.6

Hi, within the last week or so my google searches within IE7 have been going to the wrong sites - thankfully nothing too embarrassing yet. For example if I search for Argos I get www.argos.co.uk in the results. First time I click on it I go to www.comparebudgetinsurance.com the second time I click on it I get www.argos.co.uk. I have run ZoneAlarm, Spybot Search and Destroy, Ad-Aware and was rather alarmed at the number of spys that have got through. Whatever is happening also doesn't let me update the spys lists or get through to any sites that help me research what is going on.

Help. What is happening ?

Kentishmills
 

A:Google searches are going to the wrong sites

It sounds like you have a browser hijacker on board
please read this and post a HJT log

http://forums.techguy.org/malware-removal-hijackthis-logs/622404-please-read-here-first-before.html
 

Read other 2 answers
RELEVANCY SCORE 91.6

Dear Sir:

When I run a google search, after clicking on a link (which has a known url such as psu.edu), it redirects me to another site. Some of the other sites are campusexplorer.com and something with the word "click" in it. This is through using Mozilla Firefox. I am using Windows 7 32 bit.

Is this malware? I ran Kaspersky Full Scan and it did not show any threats.
 

Read other answers
RELEVANCY SCORE 91.6

Hello,

Happili.com
click.get-answers-fast.com
scour.com
topmarketsfinder.com

When I click on a search on google, these sites come up with ads and whatnot.

Without really looking anywhere, I used 2 antivirus software (malwarebytes and superantispyware) and they did catch something. I, like normal, just deleted them and rebooted. Still isn't working properly.

I have attached the required files. "GMER hasn't found any system modification" came up when GMER was run so the ark.txt was empty.

Thank you for your time

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Danny at 11:42:39 on 2012-03-30
Microsoft Windows 7 Professional 6.1.7601.1.949.82.1033.18.4087.2571 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32 ... Read more

A:Google searches redirecting to various sites

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 21 answers
RELEVANCY SCORE 91.6

Hello,

I have gotten something on my computer recently, and I am having problems getting it off. When I do a search in a search engine, I will sometimes be redirected to another fake search site. It will usually redirect through multiple sites, such as "whattoseek.net" or "multifreedom.com".

Also, at the same time, I began having issues with updating windows. It seems that every time I go to shut down the computer, Windows will have updates to install. I know that Windows will sometimes need to be updated, but I don't think that it will need to be updated every time I shut down, including as many as 19 updates that it was to install one time. I don't know if this is related to the other problem, but they both started around the same time.

Nothing I can find can seem to get rid of this malware.

Any help you can provide would be greatly appreciated.

Thanks,
Jim

Read other answers
RELEVANCY SCORE 91.6

Hello,

First time forum poster here.

I'm experiencing chronic browser issues which is almost surely malware related. I use Firefox 99% of the time, with IE as a backup. In the last few months I've experienced very odd behavior in Firefox. First, I usually need to click on the Firefox icon in the taskbar twice before it will actually load and show the browser screen. In Task Manager, I see two active instances of Firefox in the processes section. Second, Firefox runs fine at a normal pace, but at least once every 5 minutes, a new browsing tab will open in Firefox and a suspicious ad or search page will load with a very convoluted URL. A pop-up button almost surely appears as well, sometimes saying I've won a prize, click here, etc, etc. I can close those with out issue. Third, when I click on search links that appear on a search result page from Google or Yahoo(only two I use at the moment), the desired URL loads for a second, then rapidly re-routes to an undesired URL for a somewhat similar search. This happens to all links in a search result page for Google or Yahoo.

I have run MalwareBytes, Avast Free Antivirus, Spyware Doctor w/ AV(currently uninstalled), gmer, and CCleaner, all to no avail.

At one point 1.5 months ago, my outbound Internet was practically disabled. I could not update my AV, load web pages, or ping anything. Strangely, Windows Update was able to function fine, or a boot-up AV could update itself while in DOS. This was fixed by a... Read more

A:Firefox & IE redirect searches and loan random ad sites

Hi imbiber, and welcome to Bleeping Computer.Firstly,Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.Secondly,Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.Execute TDSSKiller.exe by doubleclicking on it.Press Start ScanIf Malicious objects are found, ensure Cure is selected (it should be by default).Click Continue then click Reboot now.
Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
Please post that log here.

Read other 3 answers
RELEVANCY SCORE 91.6

Hello,

My computer is automatically redirecting me searchalligator.com for either single word address bar searches or when looking up intranet sites (but not connected to my intranet via vpn).
This line item pops up every few seconds in my TCP view and the IP address resolves to searchalligator.com. Please help.

I am on a wireless network, if that makes any difference.

Here's my tcpview:
AppleMobileDeviceService.exe 268 TCP 127.0.0.1 27015 0.0.0.0 0 LISTENING
CcmExec.exe 3800 UDP 127.0.0.1 2553 * *
cvpnd.exe 680 TCP 127.0.0.1 62514 127.0.0.1 2487 ESTABLISHED 488 24,400 488 7,808
cvpnd.exe 680 UDP 127.0.0.1 62514 * *
iexplore.exe 1016 UDP 127.0.0.1 1522 * * 1,334 1,334 1,335 1,335
iexplore.exe 3020 UDP 127.0.0.1 1873 * * 20 20 21 21
iexplore.exe 3020 TCP 192.168.0.100 3220 204.2.187.17 80 ESTABLISHED
iexplore.exe 3020 TCP 192.168.0.100 3221 204.2.187.17 80 ESTABLISHED
iexplore.exe 3020 TCP 192.168.0.100 3222 204.2.187.17 80 ESTABLISHED
iexplore.exe 3020 TCP 192.168.0.100 3223 204.2.187.17 80 ESTABLISHED
iexplore.exe 3020 TCP 192.168.0.100 3225 204.2.187.17 80 ESTABLISHED
iexplore.exe 928 TCP 127.0.0.1 3231 127.0.0.1 5152 FIN_WAIT2
jqs.exe 1692 TCP 127.0.0.1 5152 127.0.0.1 2938 CLOSE_WAIT
jqs.exe 1692 TCP 127.0.0.1 5152 0.0.0.0 0 LISTENING
lsass.exe 1728 UDP 0.0.0.0 500 * *
lsass.exe 1728 UDP 127.0.0.1 2500 * *
lsass.e... Read more

Read other answers
RELEVANCY SCORE 90.8

Hopefully I followed the guide correctly, does anyone got any ideas on how I can stop this little bugger? I've tried everything, AVG isn't picking it up, a million other antispyware programs I've tried aren't picking it up, and I'm at a loss. ;_;

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Matt at 14:44:36.25 on Thu 02/24/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.5304 [GMT -6:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32&#... Read more

A:Google Searches Redirecting to Ad sites, Tazinga

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 22 answers
RELEVANCY SCORE 90.8

Windows XP... IE 7.0

I have read this in other topics but can't find the solution. When I enter a search string in Google. The first page (and sometimes past the first page...I saw some other posts that indicated the problem was just the first page) will be incorrect search results, directing me to sites with freescan.antivirus.com/(my topic) or dealsgalaxy.com but they have correct descriptions above the links...Of course I avoid clicking the link. The 2nd page has more appropriate links (but not the exact one I expect)..Please help. Thanks

A:Google searches reveal incorrect sites

I'm having the exact same troubles. Hopefully someone has some advice on what to do.

Read other 1 answers
RELEVANCY SCORE 90.8

This all started with my system being attacked by the Antivirus Plus malware. I was able to get rid of it using MalwareBytes, Spybot, and CCleaner, but have continued to have a problem with Google searches. When I click on links brought up in a Google search, instead of going to those links, my computer is redirected to any of several different spam sites. I can copy the link and paste the address into a new browser tab, but actually clicking on the link never works properly. I've tried updating and running MalwareBytes in safe mode, and a few other things, but this symptom hangs around even when every program I've used says my system is all clear. For the record, I'm on a laptop running Windows Vista, and I use Internet Explorer 7.0 as my browser.Here is my DDS report:DDS (Ver_09-12-01.01) - NTFSx86 Run by Andrew at 15:28:47.70 on Tue 02/09/2010Internet Explorer: 7.0.6002.18005Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2939.1544 [GMT -5:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.... Read more

A:Google searches are redirecting to spam sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 90.8

I don't know why but now whenever I type something in the search box of yahoo, google, or msn, and click on the link, I always get redirected to an ad site, not the one I'm looking for. This happened in both Internet Explorer and Firefox. Since my friends' computers are still normal, I thought that maybe this is beecause of a virus/malware.I tried to scan with AVG 7.5, but my computer restarted halfway when I came back. I guess it must be because of the version. I wanted to download AVG 8.5 (there's a message telling me to), but someone told me I would have to pay for it. Does anyone know about this?I also tried to scan using Malwarebytes' Anti-Malware, but it doesn't work. I tried to open it, and there's an hourglass appear telling me to wait. Then it disappear, and then program never opened.I have had another problem a while back, and it still remains until now. When I turn on my computer, there would be a message saying:"IDE Channel 1 no 80 conductor cable installedWarning! CPU has been changed.Please re-enter CPU settings in the CMOS setup and remember to save before quit!"I wonder if this may have something to do with the problem.I have read the guide and installed dds.scr. There're some problems, though. The picture doesn't look like the one in the guide. When I open it, there's no black screen, and there's no attach.txt either. There's a dds.scr though, but it looks gibberish. I attached it here so you guys can look at it.Hope you guys can help! T... Read more

A:Yahoo/Google searches got redirected to ad sites

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

Read other 3 answers