Over 1 million tech questions and answers.

google links redirect, entry points missing and vbs files created

Q: google links redirect, entry points missing and vbs files created

Hello,

I have it seems contracted a virus. I tried running "Regcure" which said that I had over 2000 corrupted files. I fixed them but still would get the QPServices Entry Point error on start up. When I use google the search works fine but often when I try to click on a link it either opens several windows along with the one I was looking for - or it opens only one window but it is not the correct link and is often blocked for bad content.

I downloaded and ran the hjthis and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:36 AM, on 1/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WeFi\WeFi.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WinSplit Revolution\WinSplit.exe
C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\MemTurbo 4\MemTurbo.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: WeFiBar Toolbar - {0b876028-b388-4f6d-922f-f52faec8535f} - C:\Program Files\WeFiBar\tbWeFi.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WeFiBar Toolbar - {0b876028-b388-4f6d-922f-f52faec8535f} - C:\Program Files\WeFiBar\tbWeFi.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\nusphere\phped\NuSphereIEBar.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: WeFiBar Toolbar - {0b876028-b388-4f6d-922f-f52faec8535f} - C:\Program Files\WeFiBar\tbWeFi.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wefi] C:\Program Files\WeFi\WeFi.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Winsplit] C:\Program Files\WinSplit Revolution\WinSplit.exe
O4 - Startup: Dropbox.lnk = Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\nusphere\phped\NuSphereIEBar.dll/1000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\filezillaftp\filezillaserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11980 bytes

Thanks for any help,

RELEVANCY SCORE 200
Preferred Solution: google links redirect, entry points missing and vbs files created

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: google links redirect, entry points missing and vbs files created

Read other 7 answers
RELEVANCY SCORE 76

Hi,
It is a peculiar problem faced by me. I could create SR points and i do not know, whether the SR polints are created by the system. It was creating before. Whenever an uninstall , takes place, it the revo uninstaller creates a restore point, and likewise, some programs if changed or uninstalled create SR points, and it is not showing any error message.
But to my surprise, that which casually checking the available restore points, i was shocked to find the SR points totally missing. or it is vanishing after creation.
Why this behaviour, will you please say and also please inform me whether there are any fixit available.
Creation is always success. but , SR missing . I am only configured SR in c: If i allow , all the programs to create SR, then each is created on huge size. How to allow only system restore creation only please

Read other answers
RELEVANCY SCORE 76

Hi,
It is a peculiar problem faced by me. I could create SR points and i do not know, whether the SR polints are created by the system. It was creating before. Whenever an uninstall , takes place, it the revo uninstaller creates a restore point, and likewise, some programs if changed or uninstalled create SR points, and it is not showing any error message.
But to my surprise, that which casually checking the available restore points, i was shocked to find the SR points totally missing. or it is vanishing after creation.
Why this behaviour, will you please say and also please inform me whether there are any fixit available.
Creation is always success. but , SR missing . I am only configured SR in c: If i allow , all the programs to create SR, then each is created on huge size. How to allow only system restore creation only please

Read other answers
RELEVANCY SCORE 69.6

I some sort of malware (could be more than one) that: 1) causes all Google search results to be redirected (not exactly redirected as the link in the status bar of the browser will actually be changed also). The links sometimes randomly change to different sites or will show adwords.securegroup.com. 2) I entered credit card info for bill payment to a perfectly credible site (it did show lock and https) and when I submitted the form, a seperate window popped up with a title something like "additional credit card information", and didn't appear secure (didnt have address bar or anything though) telling me basically to re-enter all of my credit card and bank info. It was a page at 209.222.6.227. I closed it with the "X" without entering anything

Read other answers
RELEVANCY SCORE 69.6

I some sort of malware (could be more than one) that: 1) causes all Google search results to be redirected (not exactly redirected as the link in the status bar of the browser will actually be changed also). The links sometimes randomly change to different sites or will show adwords.securegroup.com. 2) I entered credit card info for bill payment to a perfectly credible site (it did show lock and https) and when I submitted the form, a seperate window popped up with a title something like "additional credit card information", and didn't appear secure (didnt have address bar or anything though) telling me basically to re-enter all of my credit card and bank info. It was a page at 209.222.6.227. I closed it with the "X" without entering anything. Recently have noticed when I open IE, it always tells me the last session closed unexpectedly; always "goto home page" but did try the other option once. It opened 4 pages ive never been to before and mtch the urls in: Recent topicMy DDS.txt:DDS (Ver_10-10-10.03) - NTFSx86 Run by Owner at 22:20:26.98 on Tue 10/19/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.132 [GMT -5:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC... Read more

A:Google Search Result Redirect/CC Info Entry Redirect

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 25 answers
RELEVANCY SCORE 67.2

I'm trying to place links in a pdf file. The original file was created in Microsoft Word. All my links that have a direct address listed work. When I place my hyperlink to "product" with my affiliate link in the "backround" they don't work?

I'm a beginner at this stuff, but I thought I can put a "click here" with a link to said product?

Can someone please clarify?
 

A:Question about putting links in pdf files created in MS Word

Read other 7 answers
RELEVANCY SCORE 67.2

Hello all,

First, thank you so much for providing this free service. It helps a lot of people (and hopefully will help me). I came home to visit my family for the weekend and flipped on the computer to find that it was really quite messed up. Here are the problems:
All the programs are gone from the start bar. All the documents are gone, including music and pictures (though the files were scanned by HijackThis, etc). Almost every desktop shortcut is gone. Browser attempts to redirect, but since I have noscript set up on my old account, it doesn't quite work. I'm sure it does on my parents accounts, however.

I ran an avast bootup scan. Here is what it told me: name of infection and number of files that showed up.

(1) A few different files with the FakeWarn Trojan. (5)
(2) A Trojan called Downloader-ARO (1)
(3) A Trojan called ScriptIP-inf (2)
(4) Trojan called FakeAV-CX (1)
(5) Javascript Expl (Exploit? Not sure what this abbreviation means) called Pdfka-gen (4)
(6) Win32: MalOb-FN (Cryp)
(7) Trojan called Win32: FakeAV-BWF
(8) Expl called CVE-2010-1885-G (2)
(9) Trojan called FakeAV-BUT

The bootup scan couldn't do anything with them, so I had the scanner put them in the chest.
I tried to re-download Malware Bytes and the computer told me access was denied. I know neither of these programs would be enough to fix what happened to this computer, but it was my first instinct.

Here are the copy/pasted .txt as required by the read this.

HijackThis:Logfile ... Read more

Read other answers
RELEVANCY SCORE 67.2

Hello all,

First, thank you so much for providing this free service. It helps a lot of people (and hopefully will help me). I came home to visit my family for the weekend and flipped on the computer to find that it was really quite messed up. Here are the problems:
All the programs are gone from the start bar. All the documents are gone, including music and pictures (though the files were scanned by HijackThis, etc). Almost every desktop shortcut is gone. Browser attempts to redirect, but since I have noscript set up on my old account, it doesn't quite work. I'm sure it does on my parents accounts, however.

I ran an avast bootup scan. Here is what it told me: name of infection and number of files that showed up.

(1) A few different files with the FakeWarn Trojan. (5)
(2) A Trojan called Downloader-ARO (1)
(3) A Trojan called ScriptIP-inf (2)
(4) Trojan called FakeAV-CX (1)
(5) Javascript Expl (Exploit? Not sure what this abbreviation means) called Pdfka-gen (4)
(6) Win32: MalOb-FN (Cryp)
(7) Trojan called Win32: FakeAV-BWF
(8) Expl called CVE-2010-1885-G (2)
(9) Trojan called FakeAV-BUT

The bootup scan couldn't do anything with them, so I had the scanner put them in the chest.
I tried to re-download Malware Bytes and the computer told me access was denied. I know neither of these programs would be enough to fix what happened to this computer, but it was my first instinct.

Here are the copy/pasted .txt as required by the read this.

HijackThis:Logfile ... Read more

A:Fake Alert Trojan, Redirect on Google, files/docs/programs missing.

Read other 9 answers
RELEVANCY SCORE 66.8

Hello,
I have been getting the google redirect virus/malware for the past few weeks. The redirect does not occur on every single search. Almost seems random. Happens both in explorer and chrome. I have tried malwarebytes and superantispyware, which have found some things, but it seems to keep coming back. Also looked through several topics in the forum regarding google redirect but it has lead me nowhere. I figured it was time to ask for help. Looking forward to talking to someone. Thanks so much!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brian at 3:14:16 on 2012-08-13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4062.1857 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Win... Read more

A:Google redirect, created log

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you... Read more

Read other 70 answers
RELEVANCY SCORE 66.4

Hello,
As with many other people, when I do a google search and get results, my initial click takes me to some ads, then i can hit the back button and continue with my searching.
Also, some webpages i visit have some keywords pick out as links to ads and the such.
I will now post all the logs you require:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:45 PM, on 1/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
R1 - HKCU\Software\Microsoft\In... Read more

A:Google links redirect, webpage keyword ad links

Read other 16 answers
RELEVANCY SCORE 65.6

Hi,
I've got a situation here whereby .TMP files are appearing in network directories, and the files are going missing. The size of the TMP file matches the original file.
I'm trying to narrow down the issue, because I think there may be two problems here.  
1. Offline Files are enabled, to allow profile redirection.    It seems that this is also by default, is allowing Clinet Side Caching when there are network issues.  Does the original file (.doc for example)  get renamed
as a HR234.TMP for example when the Slow link detection sees slow performance? 
2.  If the above TMP file is created when there are network issues, should this resolve itself (sync itself back to the network) when performance improves?
Currently we are in a situation where we have a department that have files missing from many network shares, all the missing files seemlingly replaced with a .TMP file, so do we have to go round to every machine in the department, and manually
sync them to resolve this?  
 

A:TMP files created, files missing Offline files issue?

Hi,
 
After checking the Hotfixes and Security Updates included in Windows 7 and Windows Server 2008 R2 Service Pack 1 in the

Documentation for Windows 7 and Windows Server 2008 R2 Service Pack 1 (KB976932), I found the following hotfix is available:
 
Temporary files do not synchronize correctly to a non-DFS share on a server from a client computer
that is running Windows 7 or Windows Server 2008 R2
 
Regards,
 
Sabrina

 
TechNet Subscriber Support
in forum.

 
If you have any feedback on our support, please contact
[email protected] posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question.
This can be beneficial to other community members reading the thread.

Read other 7 answers
RELEVANCY SCORE 65.6

I was asked to create a new topic after sending in a number of logs during the initial analysis.

I was asked to disable any CD emulator programs. I ran Defogger to do this.

I was asked to install the DDS.SCR on my desktop and to doubleclick the icon. When I do this, it says "dds.scr is not a valid Win32 application".

I stopped there and have not re-run the GMER to produce more logs.

How can I run the DDS.SCR icon?

A:More serious issues; new topic created (Google Redirect)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434724 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 73 answers
RELEVANCY SCORE 65.2

Like the title says, I seem to have gotten all sorts of nastiness. First, last night, I was browsing Firefox when I started getting these popups on my desktop acting like a virus scan telling me I'm probably infected. I checked my processes and I've got 3 or 4 IEXPLORE.exe and one adp.exe. I ended them all but kept getting popups and what-not. So this morning, I started getting weird, extraneous sounds like a strange kind of "bong" (when I ended the IEXPLORE.exe, that one went away) or the "mouse click" sound. Then a few minutes ago, I was searching something on Google and I'm getting some sort of redirect. First the address bar reads something like "yourfindhome"... after which I'm usually taken to some apartment hunting site. This all sucks big-time, and I am eternally grateful for any help anyone can offer.Edit: Now I don't seem to be able to connect to my network either. I'm seeing the "this connection has limited or no connectivity" message.

A:Search Redirect, missing retore points, fake antivirus

So I tried running Malwarebytes, dds, Gmer, Dr. Web, and Spybot S&D. Most of them run for a few seconds then shut down, but Gmer and Spybot wouldn't run at all. When I try to re-run malwarebytes and Dr. Web I get a message saying that I'm not permitted to.
I did manage to get Malwarebytes to soldier on long enough to quarantine ADP.exe, but it shut down before I had the chance to save the log. It seems that ADP is longer to be an issue, but I'm still getting search redirects, weird audio (sounds like videos playing in an invisible window but goes away when I end the IEXPLORE.exe process) and none of the anti-malware want to work.

Read other 2 answers
RELEVANCY SCORE 64.4

I too am experiencing google links redirect to random sites, just like the DaddySouth who posted "Google links redirect to random websites, Requesting help fixing redirect problem". I've tried applying the instructions given to DaddySouth and I cannot fix this myself. So, I am hoping desperately that someone here at my bleepingcomputer.com can help me.

Please help!

Thank you,

vincamato

A:Another: Google links redirect to random websites, Requesting help fixing redirect problem [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 3 answers
RELEVANCY SCORE 63.6

When I go to a URL via Google Search Result or from just manually entering a URL in the address bar, the page is redirected to one of a variety of random sites. These sites include: 64.111.212.229 (a blocked "attack page"), findstuff.com, starterbizplan.com, theclickcheck.com, aptm.phoenix.edu, etc. Sometimes it goes through a redirect site called "clicks.nethelper.com"

I use FireFox on a Windows Vista laptop (my wife's computer, actually). I tried to see what happens in IE, but it never opens (it starts the process ieuser.exe, but nothing happens after that). :/

I've attached the Attach.txt and ark.txt files. Here are the contents of my DDS.txt file:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Carrie at 19:23:07.75 on Tue 01/25/2011
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3581.1960 [GMT -7:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe... Read more

A:Infected Malware, Browser redirect from Google or address bar entry

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 63.6

My computer, running Windows XP is infected with the Redirect Virus. Primarily, links in Google and other search tools are redirecting to unrelated sites. This is manifest in Firefox and Internet Explorer. I have also noticed an increase in popup ads, but that may be unrelated.

My Norton Anti-Virus does not detect anything wrong. I have attempted to remove virus with TDSS Killer, but that does not find anything on my system. Also, both Malwarebytes' Anti-Malware and Microsoft's Malicious Software Removal tool have failed as well.

I have also reset my router to factory settings, but that did not solve the problem either.

Thanks for taking the time to look into this.

DDS log is below:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Jeremy at 15:05:32.71 on Fri 02/18/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.445 [GMT -6:00]

AV: Norton AntiVirus *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
... Read more

A:Infected with Redirect Virus - Google links redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".Gringo

Read other 16 answers
RELEVANCY SCORE 63.6

My wife's computer recently picked up several viruses. I ran a number of virus scanners, malware scanners, and utilities which seemed to find several infected files, but the problem still persists. When navigating to google, any links I click on automatically redirect to this server adwords.onlinesecuregroup.com and then send me off to some random page. I've attached the DDS and GMER logs, any help would be much appreciated, thanks!DDS (Ver_10-03-17.01) - NTFSx86 Run by Una at 21:09:26.20 on Fri 06/11/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.140 [GMT -7:00]AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\igfxext.exeC:\WINDOWS\System32\igfxsrvc.exeC:\Program Files\Apoint2K\HidFind.exeC:\Program Files\Apoint2K\Apntex.exesvchost.exeC:\WINDOWS\system... Read more

A:Google redirect virus sends google links to adwords.onlinesecuregroup.com

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 17 answers
RELEVANCY SCORE 63.6

My poor PC is on the brink, whenever I select a link in google it redirects me to another website called 'bit-find' and sometimes ebay, I have seen other people with similar problems to this on this forum so I'm pretty certain that it is malware. I had a crude attempt at trying to fix this using instructions in someone elses thread but didn't have much luck so I have created a new topic. Hopefully I have created this topic in the correct place this time, here are my logs, if some friendly person could help me i would be much obliged.

I have attached my 'DDS' and 'attach' file

Cheers chaps/chapets

A:Malware- Google links redirect me to 'bit-find', google maps don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 63.2

I don't think I'm imagining this...

When I have just created a new file, or downloaded it, or moved it from one folder to another, or renamed it, I have the impression that it doesn't show in Windows Explorer. It looks as if it's just not there. You can't find it by browsing, nor by searching. But if you try to create the file again (with the same name) you get an error saying you can't do that, because there is already a file here with the same name. I suppose the file shows up in Explorer some minutes or hours or days later. I have not researched exactly how long it takes. But this is extremely annoying.

Have you seen the same thing?

Is there a solution?

Does Microsoft know this problem exists? Can we expect a solution within the foreseeable future?

Thanks - Rowan

A:Recently created files missing from Explorer

If you do a dir in a command prompt does the file show up there?

Read other 2 answers
RELEVANCY SCORE 62.8

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download Combofix from either of the links below, and save it to your desktop. Link 1Link 2**Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link--------------------------------------------------------------------Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!When finished, it will produce a report for you..Please include the following in your next post:ComboFix log

A:Google links redirect to go.google spam sites

Note: although it says that AntiVir Desktop is Enabled, i have made sure to uninstall and delete the program, i am not sure why it says it's still there, it doesn't show up on my task bar or my processes and i even made sure to delete the file from my programs folder.

ComboFix 12-01-28.01 - Brian 01/28/2012 8:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3764.2014 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian\AppData\Local\dplaysvr.exe
c:\users\Brian\AppData\Local\dplayx.dll
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\qyfcilsl.default\searchplugins\bing-zugo.xml
c:\users\Brian\AppData\Roaming\vso_ts_preview.xml
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011... Read more

Read other 13 answers
RELEVANCY SCORE 62.8

Hi,
I've come across several Vista machines where the following entry is missing from the hosts file.

127.0.0.1 localhost

On most machines it has both the IPv4 and IPv6 loopback addresses, i.e.
127.0.0.1 localhost
::1 localhost

however on some I've seen that it only has the IPv6 loopback address
::1 localhost

This is affecting how our application runs. Does anyone know if this chagne was done as part of a Windows security update or is this a change that Antivirus software commonly makes?

Many thanks,
Eoin

A:127.0.0.1 localhost entry missing from hosts files

Hi,
I've found the following posts that suggest that a Microsoft Defender update was the cause.
Known Issues in Installation, Configuration, and Deployment
Alex York .NET | Windows Defender deleted localhost entry in hosts file - UPDATE

Unfortunately, Microsoft don't categorically state that this update deleted this entry. Can someone from Microsoft confirm that this was the case?

Thanks,
Eoin

Read other 2 answers
RELEVANCY SCORE 62.4

I have run TDSSKiller, Malwarebytes, Sophos, Super antispyware, and my McAfee AV. All new scans have come back clean, but I still have some redirects. When I first noticed the issues, I ran Malwarebytes and it found and supposedly cleaned Trojan.Medfos. DDS log attached.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Robert at 12:39:41 on 2012-05-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.8788 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system3... Read more

A:Google redirect virus (does not redirect all links, only some)

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Read other 20 answers
RELEVANCY SCORE 60.8

I have just got a new computer less than 2 weeks ago and now its isnt working. There are two error messages whenever I start up the computer, saying

error in C:\user\(myname)\appdata\local\temp\tlgfxwrv.dll
missing entry: run

whenever i click ok the taskbar disapears, also i think it is connected as well, that when i open the folders to try and find these things the folders automatically close on me. At the moment I just tried and now i have no taskbar.

Please help!
 

Read other answers
RELEVANCY SCORE 60.8

hey guys sooooo, Not only do I have the Redirects but also I can't install or run any virus program but Avira....I try everything else but it doesn't run when I click on it. Here is the logLogfile of random's system information tool 1.06 (written by random/random)Run by Baron at 2009-08-15 20:33:50Microsoft Windows XP Professional Service Pack 3System drive C: has 42 GB (71%) free of 59 GBTotal RAM: 1023 MB (49% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:33:55 PM, on 8/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\Ati2evxx.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\Ati2evxx.exeC:\WINDOWS\system32\LEXBCES.EXEC:\windows\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\windows\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Skype\Phone\Skype.exeC:\windows\system32\ctfmon.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Comm... Read more

A:Google Links Redirect

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 7 answers
RELEVANCY SCORE 60.8

I've been working on a client's PC for about a day that was heavilly infected with spyware. For the most part I believe the infections have been cleaned up, however what remains is when you click a link on google it will redirect to either adds or cliccks.cn website. To me the HijackThis log looks pretty good. In the process of attempting to clean the infections I've used MalewareBytes and Spybot Search and Destroy and they currently both come back saying the computer is clean. I hoping that someone can help catch what I have missed. Here is the current HiJackThis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:08 PM, on 8/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS... Read more

A:Google links redirect

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh HijackThis log back here

Read other 2 answers
RELEVANCY SCORE 60.8

I have had trouble with google redirecting to an advertisement site me when I click on a link. Here is what I am running on my computer, and thanks ahead of time for every ones help.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:39:18 AM, on 6/5/2010Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.17037)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Spyware Doctor\pctsTray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Users\AngieCole\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\ehome\ehtray.exeC:&#... Read more

A:Google Links redirect me

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 9 answers
RELEVANCY SCORE 60.8

Hi all, I just finished running Malware Bytes and Ad Aware pro to get rid of somethings on my computer and after doing so I've noticed that everything works fine, except google. When I search something and click the corresponding link, it just takes me to some spam site. Everytime, and regardless if it's in IE or Firefox. No idea what to do with this, but I'd really appriciate any help at all. Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 10:48:59 AM, on 4/6/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\... Read more

A:Google links redirect?

Moved from XP, please read/follow all administrative procedures in this forum, listed above. Thanks.Louis

Read other 1 answers
RELEVANCY SCORE 60.8

Whenever I click Google Links, I get redirected to miscelaneous shopping sites (bizrate, ebay, etc.). Also, I may have some DNS resolution issues as when I try to do online kaspersky scan, or install sby bot S&D, it will not update b/c it cannot find the update server...
DDS LOG:
DDS (Ver_09-03-16.01) - NTFSx86
Run by lromano at 14:50:54.92 on Sat 04/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.175 [GMT -4:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\P... Read more

A:Google Links Redirect

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 60.8

I know alot of people seem to have similar problems, but as there always seem to be different solutions and I'm way over my head, I thought i'd post here to be safe. Basically, alot of google links direct me to random websites, normally vaguely related to my initial search terms. They seem to redirect through different websites each time, usbshare and websiteishere being the two i've noticed. This occurs with both firefox and IE
Also, I have noticed IE start up once on its own, directing me to a page which sets of AVG antivirus, blocking 'Phoenix Exploit Kit' or something similar - it's quite hard to replicate. Also, some of the redirects also set off AVG for the same reason. Any help would be muchly appreciated. Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:10:36, on 10/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Users\Administrator\Documents\My Games\HijackThis.exe
C:\Program Files\Internet Explo... Read more

A:Google links redirect

Download TDSSKiller and save it to your Desktop.
Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log

 

Read other 3 answers
RELEVANCY SCORE 60.8

Whenever I try to click a link in Google after doing a search I get redirected to other sites that have nothing to do with what I am opening. I can still click the cached link without any redirection. I have tried to find TDSS files like other sites said to that I have searched, but I cannot find any. When this first started happening my touchpad started to act up, so I tried getting a new driver and it would not let me install it. It kept saying my internet security would not let me download files from the internet. I can now install the driver, but the redirection won't go away. I have tried using free AVG 9.0 system scan, Advanced Systemcare4 deep clean, and free Malwarebytes' anti-malware full scan along with something from Kaspersky that is said to find and delete TDSS.

Sorry if I post something wrong, this is my first time posting here

This is my DDS log

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Paul at 17:47:33 on 2011-07-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.399 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\A... Read more

A:Google links redirect

Hi zayber, and welcome to Bleeping Computer.Any reason to attach/give the FRST logfile??..Please do the following:Firstly,Note: if you do have Malwarebytes' Anti-Malware already installed, just update the databases and run a quick scan...Please download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Secondly,Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar)... Read more

Read other 2 answers
RELEVANCY SCORE 60.8

Recently, I have noticed an issue when I am on Google. This happens selectively amongst links and is certainly an issue for me. When clicking on a search result, the link will redirect itself to multiple online vendors, without showing any of them, and then it will settle on a random location. There is no set category for the website I land on. To get to the actual search result on these selective sites, I have to click on the link multiple times before my browser (FF, IE, Chrome, Safari, it doesn't matter) will eventually go to the specified location. This only occurs on Google, and not anywhere else. I can click on links elsewhere and it will go there fine. I am running XP SP3, and have scanned with Malwarebytes, AVG, and Spyware doctor. None have found anything wrong with my computer.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:32 PM, on 11/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program File... Read more

Read other answers
RELEVANCY SCORE 60.8

Hello, I have a problem were all the Google links after a Google search redirect me to spam websites and shopping websites. Even this website, after the search "Google links redirect me", took me 3 clicks for it to open. Also, Google is loading very slowly and it has never been slow before and is not slow on any of our 2 other computers.

Another problem that I was hoping you will be able to help me with; Ad-Aware doesn't update (error shows up) and my scanning gets stuck and the computer freezes requiring a reboot. After a scan with a portable scanner, I found 5 Trojans and I deleted them all.

Thank you in advance for all your help.

P.S. I'm only a beginner so please go easy on me with the terminology.
 

A:Google Links Redirect Me

Read other 7 answers
RELEVANCY SCORE 60.8

i managed to get some nasty spyware on my computer that redirects google search results to ads. i got rid of bittorrent and ran a bunch of scans with various programs and nothing is working. please help!

thanks

A:google links redirect to ads

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

Read other 11 answers
RELEVANCY SCORE 60.8

so ive been looking on forums online n trying to figure this out..so far ive gotten instructions to get hackthis..so i did and ran it then saved this log..can anyone look at this n tell if there is a problem n if so what is it and how i can repair this as soon as possible..id greatly appreciate itRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\SearchIndexer.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\Program Files\Dell\AccessDirect\dadapp.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:�... Read more

A:google links redirect..

can some one help me out please?

Read other 24 answers
RELEVANCY SCORE 60.8

Hello guys at BC,

I have this problem with my google links being redirected to ads. I know there's been quite a lot of these around, and I tried to follow other people's posts, but it seemed to me that for each individual it's a different case (when pasting logs and stuff). I've tried MBAM several times and removed some infections, but the problem still persists. Also tried HijackThis, but didn't really understand which things to fix. I'd really appreciate some help, or if this is a more general problem it would be fine if someone could re-direct me to another thread which could help me.

Yours,
X

A:My google links redirect to ads.

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 4 answers
RELEVANCY SCORE 60.8

I tried to follow the Prep Guide, sorry if I screwed up. Google links are redirecting in Firefox and IE. I would appreciate any help at your convenience. You guys seem pretty busy. Thanks. Here is the DDS.txt :DDS (Ver_09-03-16.01) - NTFSx86 Run by Ben at 10:28:47.23 on Mon 04/20/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1380 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Updated)FW: Norton 360 *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\system32\bgsvcgen.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -... Read more

A:Google links redirect

Hello BJB007, Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following (if they exist) by double-clicking on the following entries:J2SE Runtime Environment 5.0 Update 6J2SE Runtime Environment 5.0 Update 9Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.************Download Lop S&D Lop S&D will only run on Windows XP and Windows Vista Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. To see how to disable security programs visit this tutorial: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs You can enable them after the scan. You can find a detailed instructions with visuals here Double-click Lop S&D.exe If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan. Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt)************Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://... Read more

Read other 2 answers
RELEVANCY SCORE 60.8

Logfile of HijackThis v1.99.1
Scan saved at 11:44:59 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\hjk\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5489... Read more

A:Google Redirect All Links - Please help...

Is this the same machine? http://forums.techguy.org/malware-removal-hijackthis-logs/699416-abebot-wml-exe-malware-please.html
 

Read other 1 answers
RELEVANCY SCORE 60.8

Hi, I'm running a Windows XP Professional on a Dell Lattiude D400. On Google every time I click a link I get redirected another website, usually and containing an ad of some sort. At times, even at random, a new tab opens to a random site. So I've come here for help to remove the problem- a virus or malware or whatever it may be.
Here's my HiJack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:22:36 PM, on 6/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\TBarIconBlanker.exe
C:\Progra... Read more

Read other answers
RELEVANCY SCORE 60.8

Hi,

I am having a problem when using google. When i do a search for something and i find what im looking for i click on the link and it always redirects me to a different page. Most of the time its a ad site. Can someone please help? I would greatly appreciate it.

A:google links redirect

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.Download Link 1Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, ... Read more

Read other 20 answers
RELEVANCY SCORE 60.8

Hi,
Whenever i search on google in firefox or ie, clicking on the links redirects me to pages which were not the search results. have been trying to get rid of this problem for the past two weeks and have tried running malawarebytes, ad aware, super antispyware in normal and safe mode but no luck.
please find the hijack this log below.

don't know if this helps but some of the redirect sites are aisce.com, searchmirror etc. also, i am using a wireless router to connect to internet.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:06:47 AM, on 3/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\ms... Read more

A:google links redirect

bump
 

Read other 1 answers
RELEVANCY SCORE 60.8

I currently have AVG 8.5 and Spy Doctor loaded and functioning but they do not detect any problems. However, when I search in Google (IE 7) and select a link add sites appear. I have created a DDS.txt and Attach.Txt file if required. I have also downloaded and installed in the newest version of Java 6 Update (13). I have also uninstalled any old versions of Java. This thing is driving me nuts. Please help. I'm over my head. Thanks, Ron.

A:Google redirect through links

Hello ronc2784,If you still need help then download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txtYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 6 update 13
J2SE Runtime Environment 5.0
J2SE Runti... Read more

Read other 4 answers
RELEVANCY SCORE 60.8

Hi, I am in need of some help. Everytime i do a google search and click on a link, I am redirected to a random ad site or a site about cars or houses. I ocassionally get popups when I click other links as well, even though my popup blocker is on high, and i am required to approve all popups. Somehow these still manage to get by. My main concern is the google links redirecting me to the wrong websites. I have run the neccesary preperations before posting this. I would appreciate any help anyone can give me. Thank you in advance!!!
heres my DDS log:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Carly Michele at 13:29:58.47 on Mon 03/07/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2068 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\s... Read more

A:Google Links Redirect, help please!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 25 answers
RELEVANCY SCORE 60.8

I've seen this all over the topic and I'm sure you know the situation already. Since several days ago, my computer suddenly started blue screening and restarting by itself.Then, whenever I click on a Google link, it redirects me to an advertisement site.I'm using Windows Vista 64bit. My browser is IE 8. I use Rising Anti-Virus. Please help! Thanks in advance!My HiJackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:25:00 PM, on 7/8/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Windows\VM30xSnap.exeC:\Windows\tsnpstd3.exeC:\Windows\vsnpstd3.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\360safe\safemon\360tray.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Rising\Rav\RsTray.exeC:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exeC:\Program Files\Verizon\VSP\VerizonServicepoint.exeC:\Program Files\DellSuppo... Read more

A:Google links redirect

Hello.. Just post logs as it is.. Don't edit/use fancy fonts or anything.. It will be much easier for my eyes..Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will... Read more

Read other 4 answers
RELEVANCY SCORE 60.8

I have spent three days on this. I am pretty PC savvy but I am stuck now. I have looked at many many many forums to get help and I keep hitting a brick wall. Google links get redirected via z43523673.cn in firefox. I have run spybot, malware bytes, super antispyware, mgtools, runscanner, all to no avail. I am running vista so combofix does NOT work. PLEASE HELP ME, I was going to reinstall my OS with XP (I hate vista) but there are no drivers for a Gateway P171S FX only vista drivers... *******s... I digress. My hijackthis log is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:24 PM, on 10/21/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Window... Read more

Read other answers
RELEVANCY SCORE 60.8

Im pretty certain this is some type of malware, though seeing as how im not so great with computers I could use some assistance.
the site that keeps popping up when I click a google link is
Search-fast-results.com
and star.feedsmixer.org

If need be, Ill download the Hijackthis thing

A:Google links redirect me

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 60.8

Hello,
my OS is windows vista and my problem occurs when I use the Google search engine. When I click on a link after I perform the initial search, I am redirected to another page. If I hit the back button and re-click the same link I am directed to the correct web page. This continuously happens no matter what I search and no matter what link I click, the initial click to the link 8/10 times redirects me to a different page generally an advertisement page with more links to the topic I wanted to open in the original link (if that makes any sense). I would appreciate any feedback or help that I can get to correct this. Thank you.
 

A:Google links redirect me!!!

Read other 15 answers