Computer Support Forum

Task Manager wont end processes, Google searches redirected

Question: Task Manager wont end processes, Google searches redirected

ok I have a Dell gx240 with windows xp home edition with 512 mb of ram.
It has been running extremely slow lately.
and bringing up task manager to stop the unwanted processes isn't working at all (Ill hit end process and nothing at all happens)
And I too am also experiencing the search engine redirecting thing. sometimes clicking a link prompts a download for a application-octet stream(?) type file.....

Relevance 100%
Preferred Solution: Task Manager wont end processes, Google searches redirected

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Task Manager wont end processes, Google searches redirected

Hello can we run MBAM as it should resolve a few of these issues. 512 RAM with XP is the bare minimum so slownees will be somewhat common.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.If Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it here so the research team can investigate.Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.

11 more replies
Relevance 94.3%

I will open a program, close it, and then when i try to open it again a message appears saying that an existance of it is still running. When i look at my processes i see that it is in fact But when i try to "end Process" it does not close. The warning pops up, i say yes, and yet it does nothing. I can not seem to close these programs. And this causes shuting down to take up to 15-20 min unless i force a shut down. The problem has occured with Opera.exe CCAPP.exe outlook.exe and maybe more. Please help thanks!
 

Answer:HELP Task Manager wont close certain processes. End Task does nothing!

http://www.softtreetech.com/24x7/archive/49.htm
 

5 more replies
Relevance 91.43%

I have a Toshiba laptop running on Vista. All my Google searches are being redirected, even in safe mode. Popups galore. Tried (and paid) for Stopzilla and Malaware Removal but neither worked. Friend said do a sytem restore to a week ago, before all this happened. I did, but all the problems are still there. Now after I restart it shows a msg that something is wrng & shuts down. I can hardly get online, maybe once out of 3-4 restarts/shutdown. Any ideas? Sorry I'm having to do this on my blackberry. Thanks for your help!!!Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Answer:google searches redirected/system restore wont work

Before doing anything if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.How and Where to backup your files in XP or VistaHow to Backup and Restore in Windows 7How to use Ubuntu Live CD to Backup Files from your dead Windows ComputerPlease follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Any objects found, will show in the Scan results - Select action for found objects and offer three options.If an infected file is detected, the default action will be Cure...do not change it.
Click Continue > Reboot now to finish the cleaning process.<- Important!!
If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that fil... Read more

1 more replies
Relevance 90.61%

Hi everyone,I'm looking for help with my computer which seems to be infected with a particularity nasty Trojan or malware. Right now my computer works but my Google searches done using firefox get redirected often to pages unrelated to the link I clicked on while using Google. Additionally I am unable to update and use many malware removal programs like Adaware, Spybot, and AVG malware scanners. I downloaded HijackThis and got a log of my system here it is: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:06:05 AM, on 6/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\CTHELPER.EXEC:\WINDOWS\system32\CTXFIHLP.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\WINDOWS\system3... Read more

Answer:Google Searches Get Redirected + malware removal programs wont work

Hello Max Hennings, Sorry for the delay. We have many logs backed up. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.******************Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fre... Read more

2 more replies
Relevance 90.61%

I was given a computer that I had to have a friend reformat for me. Since it was done any browser I use IE, firefox or google chrome they will show up under processes in my task manager after i have shut down what ever browser i use. The stanger thing is, it wont let me shut it down. so if I use a few tabs say under firefox it will say I have 3 running and my computer slows to a crawl. I have to reboot my computer all the time. I have ran advance system care, defrag, malware and virus scanner nothing works I can click end process all I want and it still wont go away under processes. any ideas?
 

Answer:browser wont shut down under processes in task manager

You can try PsKill. I know it's a workaround but it might make your life easier until we can find an explanation or a solution to your problem. You won't need to reboot anymore...

You can also use Taskkill from the command prompt.

Other free programs to kill stubborn processes:

Process Assassin

Kill

Process Explorer

Or,


 

1 more replies
Relevance 89.79%

I have a Windows 7 Lenovo laptop that is running very slow.  I ran virus scans, including Malwarebytes that returned zero results.  I have noticed in Task Manager that there are several processes running with a description of "Google Chrome". 
 
The exe file is in the \userprofile\appdata\locallow\Sun\ folder. This exe cannot be deleted since there is a lock on it. Even if I kill the processes from Task Manager, they regenerate faster than I can delete.
 
Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome processes in Task Manager

Hi. Please do the following:
Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/Note: please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

7 more replies
Relevance 89.79%

When I restart from Sleep, I have windows open that look like a browser with various ads in them. I looked in my task manager and saw a number of Chrome processes named Wgvsgnxdj.exe *32 that use about 20% of the CPU. When I end the processes, they restart on their own. The processes are all located in the AppData/LocalLow/Adobe/zqjpwqzm folder.

Can you please help me out? I have scanned with MalwareBytes, MaAfee, SpyBot 2, and tdsskiller. None of these have found anything.

I have attached FRST scan logs.

Thank You!
 

Answer:Fake Google Chrome Processes in Task Manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 89.79%

Hello, I've seen a few topics relating to my problem but wasn't sure if the steps are exactly the same for each person or if they are customized from problem to problem.
 
I'm running windows 7 and as other users have stated, my computer was running slowly, freezing up periodically and minimizing programs I was using. I checked task manager and at that time I saw many dllhost with description COM surrogate running, and trying to end the processes they just kept appearing again. At that time I had AVG as my antivirus and malwarebytes. Only AVG detected the file but it could not delete it. I then uninstalled AVG and changed my antivirus to Bitdefender and that seemed to have stifled the symptoms although I don't believe it ever fixed the problem. My computer was running smoothly for about a week and now I have a filename uirrvmzweu.exe with description google chrome. My computer symptoms are about the same as they were when the dllhost process was running. They both act very similar as far as I can see.
 
Any help would be much appreciated, thank you.

Answer:COM Surrogate and google chrome processes in task manager

Welcome njsLets start with this ...Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.The tool will produce a log in the same directory the tool was run from.Please copy and paste the log in your next reply.Next run Autoruns.Please download AutoRuns and save it to your desktop.Right click on the downloaded file and choose Extract All Files.Once extracted, open the program named Autoruns.Click on Options and then Hide Microsoft and Windows Entries.Press F5 to refresh the startup list.Next go to File -> Save and choose the file type to Text File (.txt).Please attach the text file to your next reply.

15 more replies
Relevance 87.74%

A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 87.74%

Strider said:


A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.Click to expand...

I had the same issue. Hopefully you can help. File attached. The google chrome process was called "Eskuyiyifxt.exe*32"
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 87.74%

Hello -
A customer of mine brought their personal laptop to me to look into why large amounts of data are being used up on their Verizon Hotspot.  This is a Windows 7 Home Premium laptop.  I ran multiple virus scans including ComboFix and Malwarebytes that returned zero results.  I then noticed in Task Manager that there were multiple processes running that belonged to Google Chrome.  I then verified that Chrome is not even installed.  I found the running .exe file in the \userprofile\appdata\locallow\Google directory.  Rebooted into 'Safe Mode' and then removed the folder and then scanned the registry for the same .exe name and removed them as well.  I then restarted the pc and the files reappeared, this time in the Adobe directory rather than Google.  I repeated the steps above with the same results.  Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome Running Multiple Processes in Task Manager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

10 more replies
Relevance 86.92%

Hello there,
 
I recently noticed my laptop running very slow, especially when using Youtube videos.  I deleted some old junk to free up some memory but that didn't help.  Defragged my laptop and ran several virus scans, but no improvment and nothing found on the scans.  I found a new program installed on my laptop called "Spigot Search Protection" which I uninstalled.  No improvement after this.  I then noticed about a dozen processes running on my Task Manager that appeared to be Google Chrome windows.  They were using up a ton of memory... and I use Firefox not chrome so I thought it was weird.  I uninstalled Google chrome, but they remained open and listed as google chrome programs.  I opened the file location and ran a virus scan directly, and it came back with no threats detected  (I ran Kaspersky). The image name for each process that is running is Lnzdypqnuf.exe*32 and appears as a GoogleChrome file.
At this time I did a Google search and came up with this website (it seems others have had the exact same problem).  I saw that each case should be handled specifically, so I decided to register and post instead of trying to figure it out myself. 
 
If anyone can assist me with getting rid of this problem I would greatly appreciate it.  I have never downloaded a virus before, and do not open ads or clickbait on websites.  I do use Utorrent once in awhile and expect that is how I downloaded this vir... Read more

Answer:Multiple Google Chrome Processes in Task Manager; Cannot close and laptop slow

BTW, am running on Windows 7

4 more replies
Relevance 86.1%

The process name is listed as wgjbmmc.exe *32 in task manager.
When I 'Open file location' it is located at...
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\pgngpdf\zhgekhrmttku

I attached the FRST results files.

Thank you
 

Answer:Fake Google Chrome processes named wgjbmmc.exe *32 in task manager slowing computer down

Hello.
Uninstall Microsoft Security Essentials

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:

Start
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\Software\Classes\.exe: => <===== ATTENTION!
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\Run: [Wkudeas] => regsvr32.exe /s "C:\Users\Jeff\AppData\Local\{CB212118-3492-4DED-963D-DAB6283A1E07}\Wkudeas.dll" <===== ATTENTION
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {08c6c7e4-0e4a-11e0-9774-96bca1c77bb5} - G:\setup.exe -a
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {e5848bdb-fdad-11e1-8325-8bf135db7bca} - G:\setup.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that bo... Read more

8 more replies
Relevance 86.1%

Infections date probably on 10/26/2014. Fake google chrome processes (a lot of them) are running in the task manager, hogging memory and CPU. Computer is slow.

The process name is listed as Mjjckmsq.exe *32 in task manager, and is running from the location....
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\Uuiputi\fzsdleeocr
.....as mentioned by task manager when I right-click on the process and ask to open file location.

This EmieUserList is a hidden folder and is not visible in the LocalLow folder even if I enable the "show hidden files and folders" option.

I have run the Farbar Recovery scan tool and have attached the results with this post.

Please let me know if there is anything else I can do to help solve this problem.
 

Answer:Fake Google Chrome processes named Mjjckmsq.exe *32 in task manager slowing computer down

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 84.46%

Hello and thanks in advance for your time! I am running windows XP with service pack 3. Starting yesterday I noticed that my search results in google and yahoo was being redirected upon click, I could back space and get the page I originally wanted. When I switch to an alternate search engine like Altavista this does not happen. I restarted my computer in safe mode and ran superantispyware and put all threats cookies as well as registry into vault and it went down hill from there. I restarted computer and no task bar, I was able to bring up task manager and run explore.exe and this restores my task bar but not on restart. Also none of my normal things start like printer, zone alarm, avast, etc... I can manually start zone alarm and it will live in task bar until I restart but antivirus will not. I ran CW shredder and it cleaned up one infection but would not run an update. And on restart nothing. i did restore the items from the vault but to no avail nothing changed. I created a new user and my taskbar starts fine on that desktop but nothing automaticlly starts up but lavasoft which I did download and I deleted SUPERAntiSpware ran lavasoft scan and it found a variety of things I deleted cookies but put other entries in vault.Hope that is enough information to get some help below I have posted what lava soft put in vault as well as my hijack this log.

Thanks Jen...

lava soft found an quarentined the following:

file c:\windows\dowloaded program files\cpnmgr.dll
Registry Ent... Read more

Answer:google and yahoo redirected, task bar gone, protection software wont update!

16 more replies
Relevance 83.64%

Recently I was infected with 3 rogue software at the same time. XP Total Security, MS Recovey tool, Windows Recovery Tool(Same thing basically). I was able to remove them with the help of Malwarebytes, Hijack This, and RogueKiller. After they were gone I mentioned the accomplishment on facebook and a friends of mine told me to get MSE. So I looked it up on google and noticed something was redirecting my search results to random websites when clicked on.

So I downloaded MSE and got it installed but when I try to run it something kills it instantaneously, thinking the problem was the same culprit that was redirecting my search results I goggled it and learned about TDSS. TDSS "downloads and executes other malware, delivers advertisements to your computer, and block programs from running."(Bleeping computer removal guide) Thought that was what i was infected with,so I downloaded TDSSkiller, which this site provided the link for and followed your guides instruction ran its scan and sure enough I was infected by it under the name Alureon, it removed it no problem, I restarted and went to google to try it out, but much to my dismay it still does it and it wont let MSE boot either. I thought I would be sneaky and rename the .exe file name to .com.exe. It booted up and would start to update and then something would kill its connection to their update server.. and then it would kill the real-time protection after a few minutes not even allowing it enough time to scan 250 fi... Read more

Answer:Processes killed / Redirected Searches

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

17 more replies
Relevance 82%

My browser is redirected upon searches at Yahoo and Google to mock sales and ad sites. Being more than a newb, but less than an expert, I have tried to identify the problem myself, but to no avail. Whenever I open up either browser (when there is not an instance of it running), I get several tabs that will pop up as well and go to the redirect sites, which are often mock-sales sites, ad sites, etc..

I do not know how to fix this issue. This is the first time I have been unable to fix an issue with malware on a computer, it's somewhat emasculating.

Per instructions, I have run DDS and RootRepeal. DDS log is below, Attach and ark are attached.

Help!

-Derek

*******
DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 21:33:29.31 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.244 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\C... Read more

Answer:Browswers Redirected (Chrome & IE8); Yahoo, Google searches redirected at results...

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

13 more replies
Relevance 82%

My google start page keeps coming up in German. I set the home page to google.com/ncr, but I know there's still a problem. Also, I get redirected sometimes to sites that are NOT what I know the end result page is supposed to be - but rather to a site displaying shopping sites as a search return. This is being posted by a friend using my comp via logmein...

Answer:google redirected to german version, searches redirected to shopping sites

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

5 more replies
Relevance 77.08%

Hey there. I've recent been having problems with Firefox/Google Chrome where my searches are being redirected to random sites when I click on the results. In addition the spellcheck function doesn't work if this searches are mistyped. I've tried several different programs with no success in fixing the matter. Among them are Dr. Web Cure it. As well as Malwarebytes which caused my computer to crash both times I tried using when it reached a file called zipfldr.dll

I've looked around at a couple sites but as nothing seems to be working I thought I'd give this a try. Any help would be apperciated, and it only seems to be affecting Firefox, and Chrome. Oh, and in addition to the redirect it's highlighting random phrases within the webpage with something called Clicksor, as well as the redirects going through something called 123bounce.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:14 AM, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Creative\USB Headsets... Read more

Answer:Google Searches being redirected in Firefox/Chrome. Google Redirect?

You have a DNS hijacker.

Disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm
Try updating and running Malwarebytes again.
 

1 more replies
Relevance 77.08%

Hello all.

My Google searches in Firefox are intermittently being redirected, every link in the search results is "www.google.com/go? and random 8 digit nummbers". Clicking any link goes to searchbif and some other websites that don't even load. This happens only sometimes in firefox and I have not noticed it happening in IE yet. I have run a full scan using MSE and it removed some items but the search redirect is still happening. Please help.

Answer:Google searches being redirected to www.google.com/go? and clicking leads to searchbif

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malware... Read more

9 more replies
Relevance 76.26%

So, when I attempt to use Google to search for something either by way of the search bar in firefox, google.com, or google.com/ig, I have to open my links in a new tab because if I click them I will be redirected back to google.com.

A few notes:
I cannot use the back button to go back to my search results, it just takes me to whatever page I was on before I conducted the search.

The google.com URL is changed upon redirect to read as follows (some examples):

Code:
http://www.google.com/webhp?emsg=NCSR&noj=1&ei=netPToSLE6XJsQLVvaT3Bg
http://www.google.com/webhp?emsg=NCSR&noj=1&ei=Nu5PTrqzHqLjsQK3u82GBw
http://www.google.com/webhp?emsg=NCSR&noj=1&ei=Q-5PTuKSOMiKsQKLkLmHBw
I don't think that there's anything malicious about this, as it just takes me back to google, therefore I don't think that it's a virus. I have run ComboFix and all it succeeded in doing was removing my steam.exe

I've also reinstalled firefox (didn't delete all my personal settings and bookmarks).

Any other ideas?

Answer:Google searches are redirected back to google. I don't think it's a virus.

Haxxed, what version of FireFox are you using? What toolbars are you using? At one time the ZoneAlarm toolbar cause me a problem similar to this.

6 more replies
Relevance 76.26%

I have been battling these problems for several weeks now. I have received much help from these forums but it is now time to post for my own problem. The original infection seems to have been a Fake Alert trojan. This included corruption of the rundll32.exe that disabled just about everything. With help from this forum I was able to repair the rundll32. Since then when doing a McAfee scan I would get an alert telling me McAfee found a root kit. McAfee recommended a program called McAfee Pre Scan which I have not been able to find on their site. I performed Safe Mode scans as advised but McAfee did not detect anything.I have installed Comodo Firewall, MalwareBytes, Combiofix, and HijackThis. MalwareBytes does not detect anything in Normal mode or Safe Mode. Symptoms are as follows:1. Redirected searches, Google, Bing2. Mozilla Firefox opening a tab on its own 3. Task Bar has changed from XP blue to old Windows gray4. Unable to connect network, IE advises Winsock error5. When I go to Microsoft Updates I am redirected and cannot access MS Update. So that is where it stands now. Item 4 is most recent occurring just last night. I tried a Winsock repair tool (LSPFix) that told me that everything was fine with Winsock. Still unable to connect.I have a recent HijackThis log. I have deleted a couple items in this log, the omzun.exe, ctfmon.exe and two others that the tool on this site could not identify. I have also deleted MSN Messenger. The log is posted below.Logfile of Trend Micro... Read more

Answer:Rootkit, Winsock Error, Redirected Searches, Task Bar color change

Clik Here...and follow the Instructions...

14 more replies
Relevance 75.85%

When i start the computer i get an error that says google installer has encountered a problem.
When i search on google i get redirected to other sites. Sometimes when i start the computer it doesnt fully start, and it freezes at random times

Answer:Google searches are redirected

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

8 more replies
Relevance 75.85%

Early this morning I noticed that my Google searches were being redirected to a website called scour.com I did not noticed the problem last night when I was using the internet. I left the computer on, like I usually do unless I'm leaving the house. This problem only occurs in Firefox, I haven't encountered the problem with Internet Explorer as of yet. DDS (Ver_10-03-17.01) - NTFSX64 Run by Alexander at 11:57:47.10 on Tue 09/28/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1848 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Realtek\Audi... Read more

Answer:Google searches being redirected.

uTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Copy-paste following contents into custom scan -area:netsvcsdrivers32%SYSTEMDRIVE%\*.*%systemroot%\Fonts\*.com%systemroot%\Fonts\*.dll%systemroot%\Fonts\*.ini%systemroot%\Fonts\*.ini2%systemroot%\Fonts\*.exe%systemroot%\system32\spool\prtprocs\w32x86\*.*%systemroot%\REPAIR\*.bak1%systemroot%\REPAIR\*.ini%systemroot%\system32\*.jpg%systemroot%\*.jpg%systemroot%\*.png%systemroot%\*.scr%systemroot%\*._sy%APPDATA%\Adobe\Update\*.*%ALLUSERSPROFILE%\Favorites\*.*%APPDATA%\Microsoft\*.*%PROGRAMFILES%\*.*%APPDATA%\Update\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\System32\config\*.sav%PROGRAMFILES%\bak. /s%systemroot%\system32\bak. /s%ALLUSERSPROFILE%\Start Menu\*.lnk /x%systemroot%\system32\config\systemprofile\*.dat /x%systemroot%\*.config%systemroot%\system32\*... Read more

17 more replies
Relevance 75.85%

Hi I'm having trouble with google searches being redirected. I'm running XP and none of the malware /antivirus programs I've tried can find the problem. I have attached a HJT log done a few minutes ago
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:58:42 PM, on 04/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Allway Sync\Bin\syncappw.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lava... Read more

Answer:My Google searches are being redirected

16 more replies
Relevance 75.85%

Hi All,I'm new on here and have searched the posts but I'm not sure if the cures therein are applicable to my circumstances. As with several other members, my searches on Google get redirected. I've run MBAM and CCleaner but still get redirected. I've run hijackthis and include a copy of that log below. I'd appreciate some help with this problem if you will.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:07:12 PM, on 27/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.... Read more

Answer:Google searches redirected

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies
Relevance 75.85%

So I made a poor choice and left my laptop with my 11 year old sister for the weekend. Now that I have it back, all of my Google searches are being redirected to random sites. I can still view the site I want by clicking the cache version of the site, but I'd rather just get rid of whatever virus I have.DDS (Ver_10-03-17.01) - NTFSx86 Run by Christian at 15:30:58.15 on Sat 10/02/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft? Windows 7 Eternity? 2009 6.1.7600.0.1252.1.1033.18.3032.1711 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows... Read more

Answer:Google searches being redirected, need help.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

15 more replies
Relevance 75.85%

Greetings, I have read several post regarding searches being redirected from search engines and have come to the conclusion I still don't know what Im doing. I seem to have this problem as well and would appreciate any help to resolve this annoyance. Here are the file logs requested (dds pasted and 2 attached) and I hope they give some insight to the problem. Thank you.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Jason at 22:23:25.31 on Tue 06/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.639.247 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobil... Read more

Answer:Redirected google searches

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


To make cleaning this machine easierPlease do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Thanks

10 more replies
Relevance 75.85%

I picked up a virus/something by clicking on a link on Facebook. I was able to fix a redirection to a "Private Security" window telling me my computer was infected me and trying to get me to download removal software. I got rid of it by running full scan on Malware Bytes. I have not been as fortunate getting rid of the Google search redirection. It sends me to various other websites that have nothing to do with my search. I am attaching the DDS log. I could not get the GMER to finish without my computer freezing up.

Answer:Google searches get redirected.

Hi lynnt1958,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Please copy and paste the logs instead of attaching them unless it is instructed otherwise. Thank you.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:[email protected] OFFmbr.exe -t sc query type= driver group= "SCSI Miniport" > Log.txttype mbr.log >>log.txtStart Log.txtGo to the File menu at the top of the Notepad and select Save as.Select Save in: desktopFill in File name: dirlook.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate and double-click look.bat on the desktop.A notepad opens, copy and paste the content (mbr.log) to your reply.Please copy and paste the second log of DDS (Attach.txt) to your reply.

17 more replies
Relevance 75.85%

My main problem is that I was trying to watch a TV show I downloaded and it tricked me into download a virus, it downloaded it through windows media player, called it an update to the codec. But now after I search through google, and click a link, my searches get rediracted. I must black click and click again and then it works.

Also I have tryed going through the Windows XP Cleaning Procedure, but when I get to installing SUPERAntiSpyware, it says its encountered an error and needs to close.
I have also installed Malwarebytes and after installing, I try to run it and nothing happens.

Can anyone help?

Thank you.
AL
 

Answer:Google Searches Redirected

I have figured it out. Since malwarebytes installed, I changed the .exe to aaa.exe and this worked. The virus must have also blocked the mb.exe. Once I ran malwarebytes and removed infected files I was able to install SUPERAntiSpyware, and also had to change its .exe to aaaa.exe. Ran this and found nothing. Then I installed and ran the comobofix.exe which found something and removed it. Tested my google searches and not a problem.

Thank you MajorGeeks. Remember to follow these steps:

http://forums.majorgeeks.com/showthread.php?t=35407
 

2 more replies
Relevance 75.85%

For the past few days, my google link searches are being redirected to websites such as freetwittube, word.dictionary.co.uk, sometimes facebook and more often and very annoyingly to an extremely disgusting porn website When I realized this, I tried running my Microsoft Security Essentials and realised that it wouldn't open at all. I uninstalled this and installed Kaspersky which did not pick anything. After removing this, I ran MalwareBytes. A few threats were detected and removed.. Then I booted my computer in safe mode.. the problem was not present..I realize some 3rd party programs are running.. so i ran an avast! boot-time scan.. a few threats were detected and deleted. NO use! I even tried ComboFix knowing that this was my last solution. Also, I have made sure only one antivirus program existed at a time. Everything helps for a while and after restarting, the problem is the same. Im attaching my ComboFix log results.
Want to fix it right away.. Dont know what websites may pop up next Im not the only one using the comp..

Answer:Google searches redirected!!

Please do the following:
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


Code:
http://www.techsupportforum.com/forums/f50/google-searches-redirected-671618.html

Collect::
c:\windows\SysWow64\authzq.dll

File::
c:\windows\system32\services.exe.63C9E0B3D38C794E
c:\windows\system32\services.exe.24D93E1826DF7A63
c:\windows\system32\services.exe.35674026F2F29EF5
c:\windows\system32\services.exe.996BDDC59D10FC29
c:\windows\system32\services.exe.C14903551F9B2A61

FileFox::
FF - ProfilePath - c:\users\Davies\AppData\Roaming\Mozilla\Firefox\Profiles\zi1nmc4g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQHJYXHov&loc=IB_TB&i=26&search=
FF - us... Read more

13 more replies
Relevance 75.85%

Hi - Have had this problem intermittently for some time.Was trying to fix it by running Malwarebytes (among others) when got error message saying that it could not update.Went to their very good help site and was then taken through using a whole list of tools to find the problem.These included:GMER,ATF-cleaner, avenger,combofix, DrWeb, Fixwareout, Hitmanpro3.5,OTL,Sar_15_sfx, spywareBlaster, superantispyware, tdsskiller and viprerrescue6806Some of them showed a couple of infections that were cleared but nothing very much. I don't know if it makes a difference but the guy assissting me was presumably looking for things that would block malwarebytes rathere than anything relevant to the google redirect although we did not discuss it as his task was to sort the update problem.That was finally solved with this toolhttp://tools.malwarebytes.org/traceroute_m...rebytes_cdn.exeWhich showed that the request to go the the malwarebytes site for an upgrade was being blocked somewhere in my linksys router. When I disconnected it and went through my modem directly the updating worked.Curiously when I reconnected to the router and ran the update again it also worked but when I ran the traceroute programe it showed that it was being blocked.Anyway situation is that my machine has been scoured by at least a dozen logging programs and spyware hunters - I have all the logs if they are of any use - but I still have this annoying redirecting.It looks like it only affects google, doesn't s... Read more

Answer:Google searches redirected

Did you receive that assistance on a forum? If so, please provide the link to that topic in a reply to this one, and I shall then merge it to your post above and remove my reply so your topic won't get lost.Orange Blossom

4 more replies
Relevance 75.85%

My Windows XP PC is currently infected so that each time I search via google, the first few search results are random things like "monstermarketplace" and "blinx". I've performed a scan with Ad-Aware and with Malwarebytes' Anti-Malware and rebooted after each scan but although they've both cleared some cookies the problem persists when I try to use google again.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:37:19 AM, on 3/19/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC: ... Read more

Answer:redirected google searches

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please:Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

2 more replies
Relevance 75.85%

When I do a Google or a Yahoo search and click on the websites I get redirected to another page that contains viruses. I have windows Vista PC, I am currently using a diffrent computer to seek help. I don;t know what to do?

Answer:Google Searches are being Redirected

"Jewelsxxiv I fixed it"Maybe, run ESET to really make sure.Run ESET & post the log please.http://www.eset.eu/online-scannerhttp://www.eset.com/us/online-scannerWhy Would I Ever Need an Online Virus Scanner?I already have an antivirus program installed, isn't that enough?http://www.squidoo.com/the-best-fre...Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.How can I view the log file from ESET Online Scanner?http://www.eset.eu/eset-online-scan...The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.

23 more replies
Relevance 75.85%

Hi,

First, I appreciate any help on this!

Every time I perform a google search and click on a link to go to the specific page, I'm redirected to an obscure search engine or adware site.

This is my HijackThis report, please let me know if I need to provide anything else. THANKS!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:34 PM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Cyb... Read more

Answer:Google Searches Redirected

16 more replies
Relevance 75.85%

Hi,

Whenever I search something in google or any other search engine and I click on the links, I get redirected to another website (usually another search engine) The problem appears both in firefox 3 and explorer 7.

I scanned my computer with malewarebyte and it found and deleted 3 trojans and the problem seemed to be fixed but it reappeared 2 days later.

I am running a 32bit vista os

here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:54, on 19/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009

\avp... Read more

More replies
Relevance 75.85%

I am running Windows XP professional and using the IE browser. When I do a google search and click on the desired website I am redirected to various directories. If I type the exact URL in the top line I can get around it. I have run Norton, CW shredder and Spybot. Spybot picks up 8 items (DSO exploit- 5 entries;Double click - 1 entry;Avenue A Inc.- 1 entry and Mediaplex - 1 entry). However, when I click to fix, I get a window that says they are fixed but, if I run another scan, the same items are back again.

I should also add some history. Previously (last week) I had been having a problem with some malware that would intercept my browser with a variety of warnings i.e., bogus scans that purport to have discovered a whole list of malware on my computer. Also warnings that would repeatedly pop up with different content and block all my attempts to open my browser. This malware would identify itself as "Windows XP Anti-Spyware" and would suggest that I buy the associated software on the Windows XP Anti-Spyware site. Again I ran Norton, Spybot and CW shredder but nothing showed up. The only way I was able to get around it was to go to system restore and select a back date (January 31) before this problem started. My feeling is there is still a lot of junk in this computer and, while I was able to get around it sort of, the redirect problem is probably the tip of the remaining ice berg. I should also add that this computer was given to me a few months ago so I don... Read more

Answer:getting redirected from google searches

Hello! If someone can help this person, they'd be helping me too. Pretty much the same problem. Any thoughts?

3 more replies
Relevance 75.85%

Hello~ I've had this problem for about a week now. Everytime I do a google search, I'm redirected to some other generic looking search engine (mainly going to other search engines, hotels, shopping searches). I've tried searching on aol search, askjeeves, etc and it seems to effect every one of them everytime I do a search. Running Avast found some viruses and I was hoping it would solve the problem but it didn't.
Other virus scans just come up clean. I don't know what do to now, it seems my computer is getting a little slow overtime aswell.

I am running Windows XP Home Edition and using Firefox.
Currently have installed Avast Antivirus, Malwarebytes' Anti-Malware and SUPERAntiSpyware.

Thank you~

Answer:Google searches are redirected :(

Have you run Malware and SUPER yet if not do so ,if so please post their logs.

1 more replies
Relevance 75.85%

My google searches are constantly being redirected to irrelevant pages at "www.ecata.info".
I'm quite sure this is due to malware, but after scanning and fixing with superantispyware, spybot s&d, malwarebytes, and sophos antivirus, the problem still isn't fixed.
I'm stumped

Here's the dds file:

DDS (Version 1.1.0) - NTFSx86
Run by Mark at 21:57:00.56 on Sat 01/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.188 [GMT -8:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO En... Read more

Answer:Google searches being redirected

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.In your next reply include:-th... Read more

18 more replies
Relevance 75.85%

Hi,When I do a Google search and click on a resulting link it gets redirected.Avast and ESET online scanner are finding nasty stuff.I ran defogger to disable CD Emulation Software I ran DDSI tried several times to run GMER but my CPU usages shoots up to 100% (lsass.exe 50% , winlogon.exe 50%) causing freeze ups. I managed to save a gmer ark.txt file but I'm not sure if it is complete.Thank you in advance,IanDDS (Ver_10-03-17.01) - NTFSx86 Run by Ian at 12:31:46.71 on 22/03/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2312 [GMT -4:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exe -k i... Read more

Answer:Google searches being redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

18 more replies
Relevance 75.85%

I've got a 4-year-old Dell Dimension 8400, running Windows XP Media Center Edition, with 2 GB RAM, a 3.2 MHz Pentium 4 processor, 500 GB of hard drive, Norton 360 Security Suite and Firewall, etc., etc. For the past few months, internet pages have been opening more slowly, but I just assumed it was due to the fact my machine was getting old. About a week ago, I began having problems booting up. Windows would not load completely, or an older configuration would try to load, etc. It often took several tries to get the machine to boot. At about the same time, I noticed that when I clicked on Google search results, I would often be redirected to some ad-based web pages rather than the ones I selected. I finally got tired of all this and decided I'd try a system restore, to a point about 4 weeks ago. However, system restore does not appear to work. When I get to the point where the reset should occur, nothing at all happens.

I've seen some similar questions in this forum and I downloaded the HijackThis program as a result. I've copied the scan I just ran (below) and will await your instructions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:55 PM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\W... Read more

Answer:Google searches being redirected

Bump
 

1 more replies
Relevance 75.85%

Hi,Whenever I do a google search the results are displayed fine but when I click on any one of them the program tries to open the target site and immediately disappears and re-appears with "This Tab has been recovered" message and again disappears. This continues for two-three times and finally I get error from ieframe.dll similar to the following."res://ieframe.dll/acr_error.htm#google.com,http://www.google.com/search?q=android2&rls=com.microsoft:en-US&ie=UTF-8&oe=UTF-8&startIndex=1&startPage=1"And the page displays We were unable to return you to google.com. Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem. What you can do: Go to your home page Try to return to google.com Surprisingly if I remove the part before http: above and hit enter then the page opens fine.This keeps happening in IE, Firefox as well as Chrome.I have run DDS but could not run gmer. Every time it aborts or causes reboot on my system.The DDS log follows:DDS (Ver_10-03-17.01) - NTFSx86 Run by Sunil at 13:00:09.81 on Fri 08/27/2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3317.1853 [GMT -4:00]SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *disabled... Read more

Answer:Google searches getting redirected.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

16 more replies
Relevance 75.85%

For the last couple of days Google searches are being redirected to other sites. I've also had problems with web pages hanging up when loading. The problem is sporadic. Hitting the back button and clicking the same search result will often result in different pages being loaded (sometimes the correct one).

I ran AVG in safe mode and it's coming up clean.

Answer:Google searches being redirected

Hello and welcome krazypete. First I am moving this from XP to the Am I Infected forum. Please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, pl... Read more

9 more replies
Relevance 75.85%

Howdy all. I'm running windows xp and using IE 7. A lot of seraches that come up in google are redirected to a different page than the link says. The page is usualy related to wahtever it is I searched for and the link will work if I click back and click on it again. I've tried running a bunch of things to fix it ( smitfraudfix, combofix, adaware, symantec, Fixwareout, and a few I didnt think did anything and uninstalled) but I cant get rid of this damned thing.

A second thing (not nearly as important, just an irritation really) is that when I log into my comptuer it takes a minute or two for the desktop icons/start menu to pop up. The mouse is responsive during this time but clicking control alt del dosnt even respond until the icons show up.

Help with either is greatly appreciated.

-Tony Vida; TK 3204; Austin, Tx

Answer:Google searches are redirected

I am hopeful that you backed up your PC prior to running ComboFix,see blue text at top of forum.Lets see what MBAM may find.Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Ba... Read more

5 more replies
Relevance 75.85%

I received a Malware program tonight from a mp3 download. The fake security software popped up and I immediately shut down its process tree. After doing so I used Malwarebytes and removed the fraudulent files. Then ran a scan from Avast and the search came up empty. So I'm assuming that my system is clean but these hackers always mess with your IP's, proxy, DNS, etc. Can someone look at my HiJackThis report and tell me what to do to fix it? I can surf the net with direct thinks, etc, but can't do Google searches now.

BTW, I only use Firefox for a internet browser, so I believe these Internet Explorer files could be the problem but I honestly have no clue. I also just attached the log to this post in case that helps.
Thanks for the help in advance!

Answer:Google Searches Being Redirected

Can someone look at my HiJackThis report and tell me what to do to fix it?HijackThis logs are not permitted in this forum. Further, HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Therefore, it is limited in its ability to detect infection and generate a report outside these known hiding places and its log may not always reveal all the malware on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.The Malware Response Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. Referrals are made to the Virus, Trojan, Spyware, and Malware Removal Logs forum if we cannot assist you here and we need to use more powerful tools or you don't mind waiting.If you do not mind waiting and want someone to check your system thoroughly, then please follow the directions in the the "Preparation Guide". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. Start a new topic, give it a relevant title and post your log in the... Read more

9 more replies
Relevance 75.85%

Blade Zephon has been helping me and advised me to post a new topic in this forum. The original thread was here http://www.bleepingcomputer.com/forums/topic415127.html

My problem is that google search links are randomly being redirected to random places. Somtimes the links will take me where they are supposed to and other times I am redirected to random locations that have nothing to do with the link.

My system is as follows: I have a dual boot system with 2 partitions. 1 partition has Windows XP Pro SP3 with Ubuntu installed in a working directory on this partition. Partition 2 has Windows 7 Pro SP1 64 bit version. This gives me the option to boot into XP, Ubuntu or Windows 7 at boot time with Windows 7 being my normal bootup OS.

The problem above is only in Windows 7. XP and Ubuntu do not display this problem.

I have run a full scan with eset Smart Security v.4.2.71.2 with latest def update and also Malwarebyte's Anti-Malware v.1.51.1.1800 with latest defs and both find nothing.

As per Blade's suggestion, I am posting here with the initial results from the Preparation Guide.

Below is the DDS info and attached is the Attach file from DDS. There is no gMer info as I am running a 64 bit OS.

If I left anything out, please don't hesitate to let me know what else I should provide.

I appreciate any and all help that you can provide.

Thank you.

- Dan

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Dan Hoffmann at 12:57:... Read more

Answer:Google searches are being redirected

While I am waiting for assistance with my issue, I wanted to post a quick oddity that I noticed. When I type in www.google.com, the favicon that shows up is not the usual colored g but rather an icon that looks like a computer screen. I have attached an image to show what I mean.

Also, if I go to www.google.ca and do a search, I do not seem to get the redirects when clicking on the links like I would had I done the search from www.google.com.

As always, thanks to all that can provide info on ridding this issue.

- Dan

38 more replies
Relevance 75.85%

Searched the broblem(on my ipod)and found this site, realized it's a fairly common problem. I keep getting redirected to Yellow Pages ads, along with bookmark ads and a few others. I recently tried using Google Chrome and the problems seemed to begin then, but my computer has been running fairly slow for quite a while so it's hard pin it on that alone, and the unit was purchased in 06'. I use AVG Free Antivirus protection. Oh, I did try a couple of system restores, as well as going back to using Internet Explorer, but no improvement. There was a different kind of rectangular window notification that came up during the latest system restore which I didn't recognize, looked almost bogus.Any help would be really appreciated. I don't know my way around computers very well so your patience will be also appreciated as even some of the simplest requests you may have might go way over my head. Thanx.

Answer:searches are being redirected in google

Hi CompuConkedCanada,

Start with Malwarebytes http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
You can always transfer it from one computer to another with a flash drive if needed.

cmom

1 more replies
Relevance 75.85%

I am running on Vista SP2. My AV is Microsoft Security Essentials and WIndows Defender.

I clicked on a link while searching for cell phone roms. Popups informed me I was infected and needed to clean up my computer. I closed my browser and did a full spyware and virus scan with Microsoft Security Essentials. FOund a couple of trojans and deleted them. I went into safe mode and redid a scan. Found no more virus files. I then tried to turn Windows Defender on and it would not respond. I went to do a Google search and when I click on a link, every now and then, I get redirected to another website.

Attached is my DDS file. My GMER file is too large to upload and when I try to attach it as a zip file, it says I am not allowed. I guess I can send it by PM to whoever replies to my post. Thanks a million in advance for any help.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gabi at 1:43:07.06 on Thu 03/31/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1976.1176 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomL... Read more

Answer:Google searches being redirected.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

4 more replies
Relevance 75.85%

Hello- Picked up a virus that is redirecting google searches to pages like 'toseeka, rihanna, info.com' etc. Had a trend micro popup warning that a virus called 'html_malscript.w' was taking over. Then an explore type page pops up saying there are many virus and to click ok to get rid of them. I went offline ran spybot and it picked up some bad files. Repeated the scan and is coming up clean but still have the redirected searches.
Here's the dds:DDS (Ver_09-05-14.01) - NTFSx86
Run by john jochen at 11:39:51.03 on Mon 05/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.580 [GMT -4:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\D-Link\DGE-530T\dlnetst.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TorCP\torcp.exe
C:\WINDOW... Read more

Answer:Redirected google searches

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.
1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am going over your log now and... Read more

19 more replies
Relevance 75.85%

Greetings, I have read several post regarding searches being redirected from search engines and have come to the conclusion I still don't know what Im doing. I seem to have this problem as well and would appreciate any help to resolve this annoyance. I dwnlded hjt and pasted the log below. Please let me know what my next step should be.
Regards

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:56 PM, on 6/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.e... Read more

Answer:Redirected google searches

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 75.85%

Search results are being redirected and I'm also finding win32.TDSS.rtk with spybot and spyware doctor. Software removes it then it reappears on reboot also scanned in safe mode with no luck. Please help....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:05:17 PM, on 5/14/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\driv... Read more

Answer:Google searches being redirected

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

2 more replies
Relevance 75.85%

I recently recovered from a nasty virus
i thought everything was gone
but now ive noticed my google searches have been redirected often
help please?

Answer:Google searches redirected

Didn't you post a HJT log?

4 more replies
Relevance 75.85%

My browser is being hijacked to various sites. I have run Super Anti Spyware, Malwarebytes, CC cleaner. AdAware but have not had any luck. I ran DDS and GMER and posting the logs. Any help in removal is greatly appreciated DDS (Ver_09-11-24.02) - NTFSx86 Run by Joe McKain at 16:41:16.93 on Fri 11/27/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.115 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Messenger\ms... Read more

Answer:Google Searches being redirected

As I am not familiar with reading the above logs, can you post the logs from Malwarebytes and SUPERantispyware?

14 more replies
Relevance 75.85%

When I click on a search result in Google I am redirected to a different site, namely Jokeroo and Britannia Search.I have ran TFC, Malwarebytes and SuperAntispyware, all found nothing.I posted this in someone elses thread and for the want of not hijacking someone elses thread!Can you help? Please?SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 11/28/2009 at 04:25 PMApplication Version : 4.31.1000Core Rules Database Version : 4316Trace Rules Database Version: 2177Scan type : Complete ScanTotal Scan Time : 00:47:15Memory items scanned : 334Memory threats detected : 0Registry items scanned : 7662Registry threats detected : 0File items scanned : 67419File threats detected : 0Malwarebytes' Anti-Malware 1.41Database version: 3246Windows 6.1.710028/11/2009 02:44:01mbam-log-2009-11-28 (02-44-01).txtScan type: Quick ScanObjects scanned: 95645Time elapsed: 8 minute(s), 39 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)

Answer:Google Searches Redirected

Hi, please run 2 other tests/Part 1 of S!Ri's SmitfraudFix Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time... Read more

9 more replies
Relevance 75.85%

When I perform google searches I am being redirected to other search engines like askjeeves etc. I would really appreciate some help as I have run several different programs to try and find the problem but nothing has worked. I do not have an install CD.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Garth and Louise at 18:02:47.99 on 08/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3292.1078 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svch... Read more

Answer:Google searches are being redirected

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > scroll down to and tick 'Run command' box > OK > Apply > OK.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.Open Spybot Search & Destro... Read more

2 more replies
Relevance 75.85%

hi, first post here!!!

i have recently been infected with the "anti virus 2008" virus which i have managed to get rid of however, my google searches are now redirected to another search page without my permission. it doesnt always happen mind you ! about 6 searches out of 10 say, then ie will hang for about 30 secs before the web page appearing ( again about 6 times out of 10).

i have downloaded hijackthis but i will wait to post a logfile untill instructed.

thanks guys

Answer:searches redirected from google

ok maybe i didnt explain myself properlythis is a thread i found when searching the forum for answers. my problem seems the same as this.http://www.bleepingcomputer.com/forums/lof...php/t51217.htmlobviously the logfile of this member isnt relevent to me but any help is appreciated.

2 more replies
Relevance 75.85%

COMPUTERDell XPS M1210 laptopOPERATING SYSTEMWindows XP Home Edition Version 2002 Service Pack 3BROWSERMozilla Firefox 7.0.1PROBLEMClicking on links provided by Google searches takes me to other sites, not the ones shown.STEP TAKENNone yetThanks!

Answer:Google searches being redirected

Does the redirection happen in IE as well?Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

6 more replies
Relevance 75.85%

Sorry to be a pain in the ass with this problem but i really need help much appreciated.Thanks in advance, heres my hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:49:11 PM, on 27/02/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\Program Files\iTunes\i... Read more

Answer:Google searches redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 75.85%

Yesterday morning I tried searching using Google and it send me to yellow pages or different advertisers. Please help me.

Answer:Google searches being redirected

Scan with your AV, or malware scanner, as you are infected.

3 more replies
Relevance 75.85%

Occasionally when I Google something it will redirect me to another website. I already tried using Malwarebytes and SuperAntispyware, they both detected something and was removed. But the problem was still present when i rebooted my laptop. There seems to be nothing wrong with my laptop other than the Google redirects. Thanks

Answer:Searches on Google being redirected

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

9 more replies
Relevance 75.85%

I've spent the last several weeks hunting through the internet for solutions to people who have this problem. Most have only sounded similar, but not quite the same, therefore the fixes I've tried to read through and emulate have not worked so I figured it's time I just started a thread for my specific problem.

Symptoms: My google search results, when clicked, are redirected (sometimes double redirects) to the most random, insignificant search engines that turn up more search results instead. I have to click back to google and reclick the link two, sometimes three times to get to the page I want.
Some of the addresses it tries to send me to are...
Helpdeskfunnies.com/search
listnow.com/search
fldogparks.com/results
mnemes.com
...and so forth. It will jump to those "sites", then jump straight from there to a long, unrecognizable address with the search results.

Attempts: None of my virus/malware scanners have picked it up. I've tried Malwarebytes, SUPERAntiSpyware, Ad-Aware, and Fix-It Utilities, a couple even in safe mode.

Anyway, here's the DDS that was requested in the instructions thread. The attachment is here too. I hope you guys can help. :(
--


DDS (Ver_09-10-26.01) - NTFSx86
Run by Sarah at 18:50:40.62 on Sun 11/08/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2903 [GMT -5:00]

AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated) {6A383D4C-7657-408f-BD0D... Read more

Answer:Google searches redirected

Bump, please... Need some help here.

1 more replies
Relevance 75.85%

I have some sort of malware that is causing me to be redirected when I select items from results of google searches. It is not every time I click on a search result, but frequently. I am also getting a lot more instances where my browser cannot access a site.

I have included my dds.txt file and attached my attach.txt and ark.txt files.

Thank you in advance for your help.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Chris at 13:51:47.28 on Sat 08/22/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.523 [GMT -5:00]

FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - ... Read more

Answer:Google Searches Redirected

hi.

We need to have another rootkit before we start fixing your computer.
Kindly follow the instructions below.

Download RootRepeal.zip to your Desktop and extract the compressed file to it's own folder.

Open the folder and doubleclick on RootRepeal.exe to run it.Click on the Report tab, and then click on: Scan
A window opens asking what to include in the scan.
Check the following boxes then click OK:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT You will then be asked which drive to scan.
Check C: (or the drive your operating system is installed on, if not C)
Click OK once again.
The tool will begin scanning and may take a while to complete, so please be patient.
When the scan finishes, click on: Save Report. Save it to your desktop so you may find it easily.

Please attach the report in your next reply.


Mark

19 more replies
Relevance 75.85%

When I click on a search result in Google, I am redirected about 70% of the time to another side, usually yellowpages.com or tooseeka.net. I removed the prunnet.exe trojan earlier this evening with a Malwarebytes' scan (along with 71 other infected files), thinking that was the problem, but it's still happening. I can't figure out what is running that might be causing this! Any help is appreciated. Thanks in advance! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:11:42 AM, on 2/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\Apple... Read more

Answer:Google searches are being redirected

Still the same issue, I ran more virus scans and removed some more infected files. Here's the new results of the HijackThis scan. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:58:09 AM, on 2/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC: ... Read more

13 more replies
Relevance 75.85%

I get redirected to sites like scour.com and find-quick-results.com.I tried running DDS; it says it doesn't support my OS, which is Windows XP Pro 64-bit. Likewise, most of GMER's check boxes do not allow me to select them for whatever reason.Any help is appreciated!

Answer:Keep getting redirected from Google searches

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409455 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

14 more replies
Relevance 75.85%

Hi, when I do a Google search the normal results come up but when I click on the first or second result it ends up redirecting me to some BS website. My computer is also running incredibly slow. Here is my HJT log, thanks for your help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:44 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.... Read more

Answer:Google searches redirected

Hello,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS.txt will open. Click Yes at the next prompt for Optional Scan. Save both reports to your desktop. DDS.txt Attach.txt

20 more replies
Relevance 75.85%

Hi there! I hope that someone here can help me. Today my wife's computer had a worm called sysguard. It was telling her to block IP Addresses, etc. some of which she did. By the time I returned home and she told me, something happened that would not allow me to work without constantly being bombarded with popups for the fake site. I disconnected from the internet and then proceeded to run my antivirus, which got rid of it. I then tried to load up a new version of Ad-Aware, but it woudl not let me navigate to it through google, and instead redirects me to other sites. It would not allow me to go to other sites either, including Lavasoft.com, CNN, etc. Some other lesser known sites were ok though.

I was able to get to Download.com and get a new version of Ad-Aware and ran it. It found a couple things, but the system did not improve.

In researching, I thouhgt I'd try MalwareBytes, but thouhg I could download it from download.com, it would not run. Same with HiJack this. So now here I am hoping that you guys can help me.

I've ran this forums DDS version of Hijack this and am posting it below. My wife said that she didn't knowingly open anything odd, except emails from trusted persons.

here's the DDS.txt file:
DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Owner at 14:51:40.71 on Sat 02/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.95 [GMT -8:00]

AV: Trend Micro Internet Security *On... Read more

Answer:google searches being redirected

bump
nothing???

3 more replies
Relevance 75.85%

Hi,

Apologies if I am not following a particular rule on the forum. Upon clicking a link in google search, I am getting redirected to ad sites like searchfindsite.com, hanawascanner010.com, searching4all.com etc. At times, I have noticed that upon clicking browser back button if the same link is clicked again then it redirects correctly.

I tried removing malwares but at this point not sure on the exact problem. I am using IE 8, please refer attached hijack log. Kindly help me on the same.

Answer:Google searches getting redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 75.85%

Greetings,

I have the same problem as the chap here: http://www.bleepingcomputer.com/forums/topic304734.html ... Please help. SysRestore and SmitFraudFix have not worked thus far. Below is my dds.txt, and attached is my attach.txt. I'm also going to re-post with my OTL results, but I cannot follow the other advice as the file c:\program files (x86)\mozilla firefox\plugins\npOGPPlugin.dll does not exist on my system. I assume you will find some comparable file, or not, in my logs.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Eiss at 7:43:34.04 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1014.169 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\... Read more

Answer:Google Searches Redirected

Here are my OTL.exe files:OTL.TXTOTL logfile created on: 12/18/2010 07:28:36 - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Eiss\DesktopWindows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18975)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 437.00 Mb Available Physical Memory | 43.00% Memory free2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 134.36 Gb Total Space | 69.35 Gb Free Space | 51.62% Space Free | Partition Type: NTFSDrive D: | 14.65 Gb Total Space | 8.61 Gb Free Space | 58.77% Space Free | Partition Type: NTFS Computer Name: LEVIATHAN | User Name: Eiss | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/18 07:27:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eiss\Desktop\OTL.exePRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exePRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:... Read more

11 more replies
Relevance 75.85%

Hi Guys

As the title says im experiencing browser redirection issues. It happens on both Firefox and Internet Explorer browsers. Both browsers are on the latest version.

I have been asked by 'chemist' here to post a few longs

Please find the DDS posts embedded on the thread and the other to as an attachment

Thanks in advance


DDS (Ver_09-12-01.01) - NTFSx86
Run by Zahra at 15:26:29.33 on 07/12/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2046.1033 [GMT 0:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\s... Read more

Answer:Google searches are redirected (FF/IE)

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to glasgow.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompts.
When finished it will produce a log at C:\ComboFix.txt for you
Please include the log in your next reply.

19 more replies
Relevance 75.85%

Hi,I seem to have infected my PC with some kind of malware, causing a bunch of symptoms. The main result that I can detect is that search engine results are being redirected to those irritating ad portal sites.Here are the symptoms I'm aware of. I've noted which ones are gone or changed after running security software.Firefox crashed/was killed off while I was loading a bunch of pages in a window. I don't know what page caused the issue, and Firefox had no record of the window when I restarted it. Immediately after Firefox crashed, the other symptoms began. Since that crash, Firefox has not closed unexpectedly.Fake security software was auto-starting, and re-starting if I killed it off. I don't recall the name. Fixed by Symantec AV 2006 (see below).Windows Task Manager and other utilities getting killed off immediately after launch. No longer happening after fixing the previous symptom.Entire filesystem changed to have "hidden" and/or "system" attributes. I fixed this manually, so I'm sure loads of files now have the wrong attributes.When logging in, the error message "The ordinal 1109 could not be located in the dynamic link library WSOCK32.dll" would pop up twice, with Symantec Anti-Virus in the title bar. This is not occurring now, but Symantec AV doesn't seem to be working properly anymore. Specifically, the system tray icon doesn't show up.Google search result links redirect to various advertising sites. This is s... Read more

Answer:Google searches are being redirected

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

3 more replies
Relevance 75.85%

Windows Vista, AVG Free, Malwarebytes (my first post)

My Google searches are being redirected to various shopping sites like ebay.
I know this is a problem for others but fixes seem to be machine specific.(I've attempted to follow some fixes and frozen my comp).

Thanks very much for looking.

Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:59, on 31/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_... Read more

More replies
Relevance 75.85%

Hello, I came across this website during an online search to remedy a condition I'm having on my teenage son's computer. I appreciate that you've helped numerous others overcome this problem and I'm hoping to receive some help as well? I've followed several of the threads that ended in successful removal but have not attempted anything aside from following the prepost instructions on this forum.
Here's what's happening:
I enter a search term on google's website and receive a list of options related to the search term. When I select an option, my search is redirected to an unrelated site (ie: imfomash or others such). I use Firefox exclusively and AVG Free security. One peculiar thing I've noticed is that when I search from the AVG search bar on top of the browser (google search option selected) the searches are not redirected.
Attached are the files requested in the pre post instructions:
Any help is greatly appreciated.
Respectfully,
Vokey

Answer:Google Searches being redirected

Hello, I came across this website during an online search to remedy a condition I'm having on my teenage son's computer. I appreciate that you've helped numerous others overcome this problem and I'm hoping to receive some help as well? I've followed several of the threads that ended in successful removal but have not attempted anything aside from following the prepost instructions on this forum.
Here's what's happening:
I enter a search term on google's website and receive a list of options related to the search term. When I select an option, my search is redirected to an unrelated site (ie: imfomash or others such). I use Firefox exclusively and AVG Free security. One peculiar thing I've noticed is that when I search from the AVG search bar on top of the browser (google search option selected) the searches are not redirected.
Attached are the files requested in the pre post instructions:
Any help is greatly appreciated.
Respectfully,
Vokey

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_30
Run by Kovells at 9:29:52 on 2012-01-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.326 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\... Read more

15 more replies
Relevance 75.85%

Hi guys,

As you probably can see I have just registered and as the title says im experiencing browser redirection issues. It happens on both Firefox and Internet Explorer browsers. Both browsers are on the latest version.

I'll be very honest this re directing issues is driving me mad. Since I have experiencing this issues I have not logged to my email or any other sites just in case my details would be compromised. I hope i have not just panicked and did the right thing.

From the investigation i have been doing through "google daddy" many forums have been asked for a scan do be done and for the logs to be provided.

I have done the following scans and will attach the logs

SAS - Superantispyware - Safemode - Only adware.tracking.cookie was found and removed
MBAM - Malwarebyte - Safemode - Nothing found
HTL - HijackThis - Normal Mode - Nothing was checked to be fixed

I can post the logs if necessary

I was told by a friend to run combofix which i did but it rebooted the PC so i could not produce any logs. I have also tried on safe mode and it hanged.

I later found out that i was not supposed to run combofix until instructed accordingly. I already had a go to my friend and im sure he wont be recommending it again.

I know why i'm infected and that is the simple that the missus let the nephews use the laptop.

I would really appreciated if you could assist me. Please

Has786

Answer:Google searches are redirected (FF/IE)

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Relevance 75.85%

I'm running WIndows XP and often Google searches get redirected (often to Shopica.com). Below is the Hijackthis log. Can you help me get rid of this annoying thing please?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:10:17 PM, on 3/13/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exeC:\Program Files\F-Secure\Common\FSMA32.EXEC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\F-Secure\Common\FSMB32.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\QCONSVC.EXEC... Read more

Answer:Google searches redirected

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions th... Read more

2 more replies
Relevance 75.85%

Hello,

This is my first time using this forum. I am hoping that it will help me get my computer working properly again.

When I enter a google search and click on the webpages found google is redireting to a different site that is typically an advertisement page. It does not happen every time but it happens frequently. If I search for a store name the links that google returns seem to work. But when I search for how to install a door this is when I will get redirected to other websites that are either advertisements or participating in surveys. I also see lots of redirecting to these types of sites when I click on the refresh button and the back arrow button.

I am not a highly experienced computer person when it comes to doing more then letting the software applications do their thing. However, I am good at following instructions.

thanks for your help

wildcat65

Answer:google searches get redirected

The same thing is happening to me. I'll be watching this post closely. The redirecting happens with IE and with FireFox. I have also read where it can also happen to Chrome.

Doing some reading on this forum has led me to believe it is something called TDSS. We'll have to watch and see what the experts tell us.

Good luck!

2 more replies
Relevance 75.85%

Hello,

i'm also running into the same problem as many others here. I'm currently running XP, and have updated malwarebytes, superantispyware, and spybot all to no avail, and need help badly. Thanks in advance,

alexis

P.S. here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:26:39 PM, on 11/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\S... Read more

Answer:google searches being redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

17 more replies
Relevance 75.85%

I'm getting a lot of ad pop ups, and when I search around google and click results, the pages are often redirected to unrelated ads.
I've run malwarebytes - no results
I've run adaware - no results other than tracking cookies
I've run my avira antivirus - nothing
Spybot yields no results either...

I have of course updated definitions for all of the above programs. Here is my Hijack This log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:54:27 PM, on 12/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dis... Read more

Answer:Pop ups, google searches redirected, etc

HiPlease run the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTDownload GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

1 more replies
Relevance 75.85%

I had originally posted in Am I Infected and was being helped by Boopme. He had me try several things with no success, and suggested my problem be moved to Hijackthis. Here is the link if that helps. When I perform a search with Google, I click on the link, but am re-directed to some completely random website instead. One out of every five times, the link takes me to the right place.http://www.bleepingcomputer.com/forums/ind...view=getnewpostI have run the DDS tool and Rootrepeal again. Here are the text files for them.DDS (Ver_09-12-01.01) - NTFSx86 Run by Big Daddy at 20:12:36.42 on Wed 12/23/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.145 [GMT -5:00]AV: avast! antivirus 4.8.1368 [VPS 091223-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exesvcho... Read more

Answer:Google Searches Redirected

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zip Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer screen.
... Read more

28 more replies
Relevance 75.85%

Since yesterday, I've had this virus that would redirect me to television and video sites and fake anti-malware sites. Now, this actually doesn't happen all that often. It tends to happen most for searches related to malware or virus removal. The funny thing is, I use Google Chrome and this problem doesn't show up when I'm using incognito mode. In addition to that, I'm never redirected when I drag and drop the search result to the tabs instead of just clicking it. Apparently, it's not a very persistent or strong virus. Nevertheless, it annoys me and I'd really like to get rid of it.I am running Windows 7 64-bit Home Edition and I use Google Chrome primarily with Firefox as my secondary browser. (it affected Firefox as well)I am about 99% sure I got this virus from a torrent yesterday. Since then, I've used various anti-virus software one at a time including: AVG, McAfee, NOD23 (free online scan), Malware Bytes, and Hitman Pro. I think I may have weakened the virus since it used to be a lot more annoying and redirect more often, but it's still there.This is a screenshot of one of the sites that it would redirect me to. There are other sites for Twilight, Heroes, etc. I don't even watch TV.

Answer:Google searches being redirected?

Nothing wrong with Twix.

http://www.pctools.com/spyware-doctor/download/ That will do the trick, free download, put it on FULL scan, you find that left hand side of the program. Please ask the MODS in here before deleting anything, and NEVER delete anything Microsoft.
Hope it helps.

1 more replies
Relevance 75.85%

I've read through some posts on this forum and others. I did run combofix and though i cannot interpret the log, i see that it says atapi.sys is infected.
If you guys can help, i'd really really appreciate it!
This is my work laptop - it has symantec antivirus on it and i do update the symantec, but it's not detecting anything wrong with the atapi.sys file.
Thank you!!!
~Grasshopper
DDS (Ver_09-12-01.01) - NTFSx86
Run by jrubinstein at 11:56:03.76 on Fri 12/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.916 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared... Read more

Answer:Google searches being redirected

Hello grasshopper_green Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Since you have already run ComboFix I need for you to post the log it produced. You can find it at C\ComboFix.txtDownload GMER Rootkit Scanner from here to your desktop. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for i... Read more

10 more replies
Relevance 75.85%

When I click on the results of a google search, the site I am directed to is not the correct page. It is usually some other random obscure search engine or website. Once, it was the Chinese Sex Museum website!! I have run AVG, avast!, Malwarebytes Anti-Malware, Spybot and Super Anti Spyware. They all come up clean. I'm fairly useful with computers, but I'm at a loss. I tried Hijack This, but I decided to stop and ask for help before I damage something beyond repair. I've already reinstalled my OS once. I really don't want to do it again. Thanks for any help I can get.

Answer:Google searches redirected

Here is the DDS.txt file.

9 more replies
Relevance 75.85%

When I do a google or Windows Live search, the topics have bogus urls like monsterrmarketplace.
I get this in Firefox or IE7

I have run Malwarebytes which did not fix it.

Here is dds.txt
DDS (Ver_09-02-01.01) - NTFSx86
Run by Steve at 20:37:33.96 on Wed 02/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1383 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\... Read more

Answer:Google and other searches redirected

Hi,Is this the problem you are having?http://miekiemoes.blogspot.com/2008/10/fak...archengine.html

6 more replies
Relevance 75.85%

About ten days ago I used Bittorrent to download an .avi and paid the price for it. I got a legion of vundo-type trojans, hundreds of infections detected by SAS. I deleted the .avi, removed malicious startup items listed in msconfig, uninstalled Bittorrent, and ran SAS, Spybot, Malwarebytes, combo fix, and MGtools. This seemed to solve the problem.

This week, I started having the same issues as other posters on the forum. Google search links get redirected to stuff like yellowpages, Elle magazine, etc. It happens only occasionally. I ran the steps again: Read & Run, Windows XP Cleaning Procedure, but last night it kept happening. I can't tell if it's left over from the torrent infection or a new infection. Please take a look at my logs.
 

Answer:Google Searches also being redirected.

IMPORTANT NOTE: Some if not many, of your Windows system files are infected. And many other non-Windows files could also be infected. Even if we attempt to fix these problems (which may not be easy to do unless you have an original Windows XP SP3 bootable CD), your system may be unreliable and untrustworthy.You may need to reinstall this system.
I'm sorry to have to bring this bad news, but infections like Vitro, Virut,...etc. can infect every executable file on a PC. They will attack all executable and not just the ones related to the Windows OS. Infections like this are not repairable (at least not at this time) and thus continued scanning will eventually result in a PC becoming totally unusable since the scanners will be deleting required system files along with files for all other programs you have installed.


The safest and most reliable thing to do for infections like this is to just perform a total clean reinstall. I suggest that hard disk partitions be deleted and then recreated. Then formatted followed by the reinstall of Windows and other programs. We don't recommend backing up anything since the files could be carrying the infection (especially anything that is an executable type file) and you will just reinfect a new installation if you restore these backups. However if you really need personally data from this hard disk, the only method I would use would be the below:
physically remove the hard disk from this PC and slave it into another well prot... Read more

3 more replies
Relevance 75.85%

After clicking on webpages after using a search engine, and sometimes while hitting tha back button while on a website, AND sometimes when manually entering a web address. I get redirected to a random page that I cannot back out of.
Thanks for any help provided

Answer:google searches getting redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Relevance 75.85%

Sorry. While doing a full scan by Norton Antivirus 2010 the problem is seemed to be gone. But I will come here for help if it occures again. Thanks. :)

Answer:Google Searches Are Redirected!!

Hello -

I take it from your edited comments that you no longer need help. That's great. If you do...

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 75.85%

This is the most frustrating thing ever!!!!! everytime i do a search in any browser it is rediredted to some random site, monster market place being the main one, I dont know much about computers, just tell me where to start and ill be able to do it!! i just need help because i need to do school work! thanksDDS (Ver_10-10-10.03) - NTFSx86 Run by Carla at 17:12:34.95 on 14/10/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3005.1773 [GMT -6:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlSt... Read more

Answer:Google searches being redirected need help bad!!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

3 more replies
Relevance 75.85%

Hello, thank you for viewing this.
About 2 days ago I had gotten the Antimalware Doctor virus. I had managed to remove it with the help of MalwareBytes by renaming the mbam file/program. MalwareBytes had removed some virus and Anitmalware Doctor was gone, but one problem remained which was my Google searches were being redirected to random websites.
I've ran DDS with no problem. But GMER is giving me problems, at first it took 5-6 hours to complete but my computer restarted. Then it finished in 3 hours and everything on my computer got wiped out (as in the only thing there was Recycling Bin, nothing else). But that got fixed by a simple restarting of the PC. Sorry for not posting the GMER log.

*Also a side question: Can a windows CD get infected?
I've tried to reformat with a Windows CD but i get the Blue screen of Death during the process.

I hopefully turned off AVG before the scan, if not I'm sorry once again.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Joti at 13:59:28.53 on Fri 07/16/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.152 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explor... Read more

Answer:Google Searches Being Redirected.

15 more replies
Relevance 75.85%

I have a viruw/malware that is preventing me from doing Google searches. Whenever I select a topic I am directed to http//D6E0.R, (yesturday it was http//317B.R)I am using Avira antivirus but it cannot find this virus. I have run RSIT and GMER and the files are listed below. Help is greatly appreciated, thank you.
Ken
info.txt logfile of random's system information tool 1.08 2011-02-15 15:57:11

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
-->MsiExec.exe /I{D6160F37-7638-4E56-9774-F3C88F30A4A9}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
AAA Map'n'Go 7.0-->C:\WINDOWS\IsUninst.exe -fC:\AAAMNG7\Mng7Uninst.isu
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis?True?Image?Home-->MsiExec.exe /X{D1E0E859-F46D-4708-A41D-ED90C0C1822A}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-... Read more

Answer:Google searches redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 75.85%

Moved to proper forum,Virus, Trojan, Spyware, and Malware Removal Logs ~~~boopmeok so started two days ago my googles searches and anywhere except ask.com have been redirected i hve tried the followingMalewarebytesAdawareAVGMcfeeLSPFIXHJTsystem restore to the day before issue and a week before issueNone of these have helped i dont know what to do i can't reformat the pc i dont have an operating system as the pc was made by a friend i no longer have contact with about a year agoAll my kids pictures and things on on here with no way of getting the info off.. please help someone im at my wits end!I am using Internet Explorer running on windows Xp home editionthis is what i get when i scan with HJTLogfile of Trend Micro HijackThis v2.0.4Scan saved at 4:19:08 PM, on 11/21/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static&#... Read more

Answer:Google Searches Being Redirected...ugh.

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

2 more replies
Relevance 75.85%

My google search results are being redirected to various websites. I primarily use Chrome and IE has the same problem. I scanned with Malwarebytes and it said I had a Rootkit.TDSS and quarantined and deleted them. However that did not fix the problem. I then scanned w/ Kapersky and it said the same thing. But the problem still exists. Here is my HiJack Log. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:24:02 AM, on 1/19/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\WIND... Read more

Answer:Google searches redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

2 more replies
Relevance 75.85%

Hi, went through the 'Read & Run Me First' to the best of my ability. Still getting redirected. Attaching logs, please help if you can.
Thanks for your time and assistance!!
 

Answer:Google Searches Redirected

i believe these are the logs that you posted that are required
 

6 more replies