Tech Problem Aggregator

Google redirects to googleads.g.doubleclick.com and pleasewaitsearch.com

Q: Google redirects to googleads.g.doubleclick.com and pleasewaitsearch.com

Google redirects me to googleleads.g.doubleclick.com and pleasewaitsearch.com. I've run Spyware S & D, MalwareBytes, and Avira, but to no avail. Below is my HijackThis log. Thanks in advance!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:28:37 PM, on 8/2/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\Sam\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1R1" target="_blank" class="invilink">http://g.msn.com/USCON/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKLM\..\Policies\Explorer\Run: [jgyo0w] C:\Users\Sam\AppData\Local\Temp\19aqp.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)O20 - Winlogon Notify: GoToAssist - Invalid registry foundO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exeO23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXEO23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 8885 bytes

A: Google redirects to googleads.g.doubleclick.com and pleasewaitsearch.com

Hi sbickley, and welcome to Bleeping Computer.Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcsdrivers32%SYSTEMDRIVE%\*.*%systemroot%\system32\*.wt%systemroot%\system32\*.ruy%systemroot%\Fonts\*.com%systemroot%\Fonts\*.dll%systemroot%\Fonts\*.ini%systemroot%\Fonts\*.ini2%systemroot%\Fonts\*.exe%systemroot%\system32\spool\prtprocs\w32x86\*.*%systemroot%\REPAIR\*.bak1%systemroot%\REPAIR\*.ini%systemroot%\system32\*.jpg%systemroot%\*.jpg%systemroot%\*.png%systemroot%\*.scr%systemroot%\*._sy%APPDATA%\Adobe\Update\*.*%ALLUSERSPROFILE%\Favorites\*.*%APPDATA%\Microsoft\*.*%PROGRAMFILES%\*.*%APPDATA%\Update\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\System32\config\*.sav%PROGRAMFILES%|bak;true;false;false /fp%systemroot%\system32|bak;true;false;false /fpHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.

4 more replies
Answer Match 87.9%

Hi there,

I contracted a virus a few months back and managed to remove it sucessfully with help from the MalwareBytes forum. However, when doing Google searches in Firefox a few days later I was beginning to notice that the search results I was clicking on were not taking me to the places they were intended to go.

http://googleads.g.doubleclick.net/ always seems to be behind the issue. Although this problem is intermittently occuring it is now beggining to get on my nerves!

I have scanned my computer for viruses using a combination of AVG Free and MalwareBytes which have both come back negative. So I am not too sure what to do next.....looking at another post on the forum almost identical to this the problem seemed to be with a bogus Firefox extention. I strongly believe that this could be the potential source of the problem.

Any help with this would be greatly appreciated

Kind regards

Richard

A:Google Redirects Mozilla Firefox - http://googleads.g.doubleclick.net/

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

7 more replies
Answer Match 100.8%

All Too FamiliarGOOGLE SEARCH RESULTS REDIRECTING TO THIRD PARTY SITES.HIJACK THIS LOG FOLLOWSLogfile of random's system information tool 1.05 (written by random/random)Run by [redacted] at 2009-03-09 01:43:15Microsoft Windows XP Professional Service Pack 2System drive C: has 4 GB (3%) free of 110 GBTotal RAM: 2046 MB (48% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:43:20 AM, on 3/9/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32ibmpmsvc.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.ExeC:WINDOWSsystem32TpShocks.exeC:Program FilesAnalog DevicesCoresmax4pnp.exeC:PROGRA~1THINKV~2PrdCtrLPMGR.exeC:WINDOWSSystem32DLADLACTRLW.EXEC:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exeC:Program FilesLenovoSafeGuard PrivateDiskpdservice.exeC:Program FilesLenovoClient Security Solutioncssauth.exeC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exeC:PROGRA~1LenovoPkgMgrHOTKEYTPHKMGR.exeC:Program FilesSynapticsSynTPSynTPLpr.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:Program FilesATI TechnologiesATI.ACECLI.EXEC:... Read more

A:Google Search Results Redirected [ googleads.g.doubleclick.net ]

another attachment

30 more replies
Answer Match 86.52%

Hey. sorry didnt know where to post this

I have a forum - http://z6.invisionfree.com/kop_land/index.php?act=idx

And a few weeks ago, i started to get googleads.g.doubleclick.net down the bottum of my browser when i load a page ONLY on this ONE site. And it takes about 30-45 seconds to load a page. And its really frustrating.

Does anyone who how to get rid of it? or fix it?

Iv done some looking around and apparently its something to do with adwords or something. But i havnt purchased anything for ads or ad removal ever.

My cousin thinks it could be a virus or something.

Cheers

A:googleads.g.doubleclick.net

Both good and bad news here, the good:not a virus, the bad:you cannot get rid of it, the reason:you are probably more than likely seeing this because of some sort of sponsorship and what you see loading is probably needed to load whatever adds are displayed on the page.

On that same note now that I think about it you could use Firefox along with some add blocking addons like adblock and no script.

Hope this helps.

3 more replies
Answer Match 85.68%

1. my google search results keep getting redirected to sites beginning with googleads.g.doubleclick.net

2. I saw a solution that suggested combofix, but it seems dangerous and doesn't work for 64-bit systems

3. my system is a Win 7, 64-bit, 4gb RAM, 1.2GHz AMD x2 dual core processor

So how do I fix this?

THANK YOU!

A:Redirecting to googleads.g.doubleclick.net

1. I saw a similar topic which recommended running TDSS Killer (after changing [file name] .com

2. No threats were found, here is the log it generated:

2010/09/30 19:09:41.0527 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 19:09:41.0542 ================================================================================
2010/09/30 19:09:41.0542 SystemInfo:
2010/09/30 19:09:41.0542
2010/09/30 19:09:41.0542 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/30 19:09:41.0542 Product type: Workstation
2010/09/30 19:09:41.0542 ComputerName: [my pc name]
2010/09/30 19:09:41.0542 UserName: [my user name]
2010/09/30 19:09:41.0542 Windows directory: C:\Windows
2010/09/30 19:09:41.0542 System windows directory: C:\Windows
2010/09/30 19:09:41.0542 Running under WOW64
2010/09/30 19:09:41.0542 Processor architecture: Intel x64
2010/09/30 19:09:41.0542 Number of processors: 2
2010/09/30 19:09:41.0542 Page size: 0x1000
2010/09/30 19:09:41.0542 Boot type: Normal boot
2010/09/30 19:09:41.0542 ================================================================================
2010/09/30 19:09:41.0542 Utility is running under WOW64
2010/09/30 19:09:41.0839 Initialize success
2010/09/30 19:09:46.0597 ================================================================================
2010/09/30 19:09:46.0597 Scan started
2010/09/30 19:09:46.0597 Mode: Manual;
2010/09/30 19:09:46.0597 ================================================================================
2010/09/30 19:... Read more

14 more replies
Answer Match 85.68%

Hi all,
At some websites I have to click twice to go one page back. Clicking on the down arrow in the recent pages shows me there is a presence of "googleads".
I've read that module.exe should be deleted in the system 32 folder. Can't do it, this folder seems not to be present.
Other advise: block the URL in "internet options/privacy/sites". No succes
What else to do?
I still run IE8.

A:Googleads.g.doubleclick.net/page

Seems to be a known situation, worth a read:  http://answers.microsoft.com/en-us/ie/forum/ie8-windows_7/in-internet-explorer-8-i-must-click-back-arrow/cb4f04ca-cf9c-4232-bbb8-cb2e2f28a395?msgId=c5185d25-4d27-4248-a95b-054ebc509c2e .
 
Louis
 

2 more replies
Answer Match 85.68%

I am running a really old computer that i plan on replacing soon, however, i have something happening on my browser that is driving me absolutely nuts. When i use Internet Explorer, quite often when i go to a website, i apparently activate or go to ( googleads.g.doubleclick.net/page. I assume that this is some sort of advertisement tracking.
First, am i correct in my assumption?
Second, is there a way to stop, prevent, kill, or anything else i could do to stop this thind from working? i am so tired of continually hitting the back button and going there. which by the way is noweare but wherever it is i am trying to leave. i have to go into my recent pages and skip before it.
I would like to know how to stop it so that i have a better idea of how to do it when i get a new computer.

Thank you for your time.
 

A:googleads.g.doubleclick.net.page?

16 more replies
Answer Match 84.84%

Hi,

I use so many websites and online forums, and always there are these annoying and partially harrasing GoogleAds and other perversions of DoubleClick.net. I am a man and love women, but often these ads even suggest me to use dating services to find OTHER MEN! I hate DoubleClick.net deeply and in a perverse way coming close to their own perversionized existence.

Not only that, but DoubleClick.net also significantly slows down the loading of all most websites it spams full with its ads: example "Tagged.com": the same website loads within a few seconds on Firefox where I can block DoubleClick.net, but it takes (despite of 15 MBit/sec) still up to 30 seconds on all other browsers to load the same page, and before the DoubleClick ads finally appear, I cannot even scroll the website up or down, nor disable automatic videos, and so on. Also, I believe there's additional data traffic, based on what my Firewall screen seems to indicate, and also very increased memory usage.

But what I want to know here, is how I can block any access to that website (and others which I dislike). I use the following browsers:
- Avant
- Safari
- IE
- Opera
- Firefox (that's the only browser I can successfully block DoubleClick.net)

Therefore, because I am using various browsers, I need a solution that can block those websites on a higher elvel than an individual browser. Inf act, I tried to block DoubleClick.net in Avant, but they still appear - I don't know how DoubleClic... Read more

A:Solved: Prohibiting GoogleAds.DoubleClick.net

13 more replies
Answer Match 84.84%

Hi! I have been lurking for about 4 weeks now. I found bleeping computer through a forum on google about being redirected in google. Sometimes I will be redirected after clicking on a link to a search result, and the link on the bottom left of my screen says googleads.g.doubleclick. I'm not redirect all of the time. I use Firefox, and keep it up to date.

I run McAfee from Cox Security Suite (cox is my internet provider) all the time, and Spybot only as needed. I disabled the teatimer so that I can run it only when I want - lately about once or twice a week. It hasn't turned up anything since I downloaded it several weeks ago. Neither has McAfee. I have checked my hosts repeatedly, and the only one there is my local host. Also, I check my proxy settings often, and again, I am not running through any sort of proxy.

This whole thing started when I downloaded some of the free classic books from Amazon for the Kindle.

Here is a bit about my system. I am running on a 6-month-old 64-bit, quad processor, half terabyte system that my brother built for us. I use Windows 7. My firewall is administered through McAfee instead of through Windows. (The two firewalls don't play nice with each other, so I had to pick one or the other.)

Also, when I ran into trouble with GMER; the only things that were checked were Services, Registry, Files, ADS and C:/. The rest of the links were paled and unclickable. I went ahead and ran it, hoping it would still prov... Read more

A:Googleads.g.doubleclick redirect problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

18 more replies
Answer Match 84.84%

Hello, when browsing in IE, I am redirected to googleads.g.doubleclick.net/page and cannot use the back button on my browser because I have been directed to googleads.g.doubleclick.net an endless number of times. The virus doesn't appear to do any other harm but I'm sure that is just becasue I am unaware of it's other activities. I don't think this is a rare virus but I am unable to remove it with MBAM, MSE, or Spybot. Any help is greatly appreciated. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2Run by Kyle at 14:23:56 on 2013-01-14Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1871 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exeC:&#... Read more

A:Infected with googleads.g.doubleclick.net/page

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

26 more replies
Answer Match 84%

Hi,

I currently have a problem with my search redirecting me to random sites. Every time I click on a search result from Google, the link would relink through googleads.g.doubleclick.net. Sometimes it would end up taking me to the actual search result site, but sometimes it would relink me to a random ad site, such as Searchfindsite.com. This happens with multiple search engines besides Google, such as Yahoo, but it only occurs in Firefox, not Internet Explorer. When I searched online, I found that my problem seemed very similar others', so I ran GooredFix.exe, without any luck. I deleted my cookies, cache, temporary internet files, and Java cache. I also reinstalled Firefox without deleting my settings, but the problem persisted. I'm hoping to fix this hijack without having to delete all of my customizations.

Thanks in advance.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Joanna at 19:19:44.78 on Sun 01/31/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3002.1808 [GMT -5:00]

SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe ... Read more

A:Search Relink/Redirect (googleads.g.doubleclick)

Hello igniterain Welcome to the TSF Virus/Trojan/Spyware Help forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.




After 3 days if a topic is not replied to we assume it has been abandoned and it is closed.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
Double click on ComboFix.exe & follow the prompts.


When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.





Thanks,



thewall

12 more replies
Answer Match 84%

Hey,

I've been having heaps of problem with getting to websites through Google searches. I can get onto the website if I type the link in, but if I Google something, and click on the links from the search it doesn't go to the link... but comes up with this in the links - http://googleads.g.doubleclick.net/url?sa=L&ai=1&bs=c42b&u=http://en.wikipedia.org/

And so I get the error "Firefox can't find the server at googleads.l.doublee-click.net."

I'm using Windows 7 and I tried it on both IE and Firefox, and they don't work.

I hope that what I've said makes sense...

Does anyone know what to do?

Thanks!

Courtney
 

More replies
Answer Match 84%

Recently in the past 2 months my internet explorer has been constantly redirecting me to this page https://googleads.g.doubleclick.net/page (don't click). But I have recently done some research on it and I have become quite worried due to the internet shopping I have done lately. So I was wondering if you guys have any tips on manually or automatically removing this possible threat? (I'm pretty novice at manually removal but not horrible.)

A:Is https://googleads.g.doubleclick.net/page a virus?

Security Check
§  Download Security Check from here or here and save it to your Desktop.
§  Double-click on SecurityCheck.exe
§  Follow the on-screen instructions.
§  A Notepad document should open automatically called checkup.txt.
§  Please post the content of that document.
 
Farbar Service Scanner               
§  Download Farbar Service Scanner.
§  Run it on the computer.
§  Make sure the following options are checked:
o    Internet Services
o    Windows Firewall
o    System Restore
o    Security Center/Action Center
o    Windows Update
o    Windows Defender
o    Other Services
§  Press "Scan".
§  It will create a log (FSS.txt) in the same directory where you run the tool.
§  Please copy and paste the log to your reply.
 
MiniToolBox
§  Download MiniToolBox
§  Run it on the computer.
§  Checkmark following boxes:
§  Report IE Proxy Settings
§  Report FF Proxy Settings
§  List content of Hosts
§  List IP configuratio... Read more

6 more replies
Answer Match 84%

Hi, it looks there is something nasty going on with my computer. I've tried tons of anti-malware programs with no luck. This is a windows 8 machine and combofix is not running. Any help would be appreciated.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by yannis at 23:21:27 on 2013-02-03
Microsoft Windows 8 Pro 6.2.9200.0.1253.30.1033.18.8183.4376 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display&... Read more

A:googleads.g.doubleclick.net/page browser redirect

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

14 more replies
Answer Match 83.16%

Hi, I'm new and have searched your "infected" forum but haven't found a problem quite like mine. I'm using Windows XP, Firefox (upgraded to 3.6.10 today).
When I run a Yahoo or Goggle search and click on one of the links, about half the time I can't connect, get the Firefox message "problem loading page/server not found", or get re-directed to other pages. The key here is that I noticed that "google.ad.sgdoubleclick.net" is added to every one of my intended web pages.

I've run Hitman pro 3.5, and it told me that I might have been infected with TDL3/Alureon (rootkit detected), and about 8 problems were detected (sorry for being vague here). It "deleted" the problems (no more warning about the TDL3/Alureon), except for 2 tracking cookies. I manually deleted those 2 files in my cookies folder and I re-booted the computer (just in case), ran Hitman pro again, and this time the only thing that comes up is the same 2 tracking cookies (listed below)

C:\Documents and settings\Compaq_Owner\cookies\[email protected][1].txt
C:\Documents and settings\Compaq_Owner\cookies\[email protected][2].txt

Hitman pro is still unable to delete them.

I ran Malwarebytes anti-malware 1.46 full scan, and 3 hours later nothing was found. Everything was "0".

After some reading on your forum, I also deleted older versions of Java, and installed the most current one.

I also run Symantec e... Read more

A:"googleads.g.doubleclick.net" added to every search link web address

Those two are just cookies and should be deleted. You will always get cookies when you visit sites unless you set your browsers to not accept any.What version of JAVA is running?Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).Please run the tool here How to remove Google RedirectsWhen it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

3 more replies
Answer Match 70.14%

When I do a search on google, some of the links (sometimes all of them) get redirected to other sites, usually "pleasewaitsearch.com". Luckily, these sites get blocked, but it is quite a hassle, and from prior experience, I'm sure if I have one infection, I have more. I use Avira Antivir, Windows Defender, and Malwarebytes Antimalware, and none of them detect anything. I appreciate any help you can give. Thank you in advance.

Also, I wanted to note, Avira registered dds.scr as a virus (TR/Crypt.XPACK.Gen Trojan.) Not sure if this is normal. I know some legit tools sometimes cause a false-positive, so I ignored it and ran the file anyway. If this is normal, you may want to update the instruction page for preparing to post a log to let people know it may happen. On the off chance its not normal, I wanted you to know the file may be infected.

DDS (Ver_10-11-10.01) - NTFSx86
Run by Scott at 14:39:05.18 on Wed 11/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1532 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost... Read more

A:google search links redirected to pleasewaitsearch.com, etc

Good evening. The AV detection is a false-positive, assuming you downloaded DDS for a legitimate source - it happens occasionally.Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

7 more replies
Answer Match 69.72%

Any search results in Firefox from Bing or Google (I haven't tried other search engines) redirect to pleasewaitsearch.com, then redirect again to another random site.Opera and Internet Explorer seem unaffected.I've scanned with Microsoft Security Essentials, Ad-aware, Spybot, SuperAntispyware, Hitman pro, and Malwarebytes. Some of them found and removed stuff, but didn't fix the redirect problem.Disabling Javascript in Firefox does fix the redirect.I tried to scan with gmer but it didn't work. It said c:\windows\system32\config\system didn't exist. I went there and it showed up in the folder with a size of about 13 megs. I tried opening it in notepad++ which said it didn't exist and asked if I wanted to create it so I did. gmer no longer threw that error when started but when I start a scan it says the file is in use by another process then proceeds to scan and find nothing (the log is empty).Also, all the gmer checkboxes are grayed out except Services, Registry, Files, ADS, and my drives.Thanks for any help you can give me, this thing is driving me nuts.Here's my DDS.txt:DDS (Ver_10-03-17.01) - NTFSX64 Run by Chris at 18:43:30.90 on Tue 08/17/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4373 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-501... Read more

A:Firefox Google/Bing results redirect to pleasewaitsearch.com

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

4 more replies
Answer Match 64.26%

Hello Everyone, I'm new and not that knowledgeable so hope I get it right. My computer is an HP windows 8 and using IE8 and google chrome browsers. Recently I've noticed it slowing down and a few days ago on clicking a link either from emails or search engine, I am not being allowed to view the site, instead getting a blank page with this address ad.doubleclick.net. Have tried various things suggested including malwarebytes, superantispyware, was going to get spyhunter but wasn't sure. Have also tried blocking but to no avail. Have tried a couple of other things suggested including regedit which does show it up but when I go to delete it says I don't have permission to do this despite being the only one who uses this pc and have administrator privileges. Both browsers are affected but more so Chrome.

Any help would be really appreciated. Thanks.
 

More replies
Answer Match 57.12%

Hi,

I am writing to get some help - whenever I search google (or even MSN or Yahoo search engines) the link that I click on is not the link that I arrive at...I can see the computer redirecting me to some site about js.doubleclick.net in the bottom left corner of the window.

I have searched for help with this but it looks like the best thing for me to do is to start a new thread? My apologies if this is incorrect to do.

Anyway, any help is greatly appreciated. I use google all the time so this is quite a nusance, lol!
 

A:Help with google redirecting to js.doubleclick.net

Do I need to post a log? Where would I get this from?
 

1 more replies
Answer Match 57.12%

Hey guys. I have some sort of virus that is redirecting me when I try to click on Google search links. The address I'm being redirected to is jsdoubleclick.net, then to any number of random ad sites. I've run Avira twice and CCleaner twice. I'll attach the logs from the two Avira runs and the HJT log. Please help if you can.

P.S. - This virus also seems to be blocking access to many malware removal programs and associated webpages. I've been able to download Malwarebytes by using a mirror, and after several attempts I was able to install it, but the program crashes before startup.

A:Google Redirect (js.doubleclick)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

2 more replies
Answer Match 57.12%

I just recently started experiencing this. Every time I do a google search and click a search result, it redirects me. The URL shown at the bottom is js.doubleclick.net. Also, when I go to DL malware removal software, the links won't work. Same when I try restore my system to a previous date. Can anyone help me? Agramon had a similar problem which he posted about on March 10th. I attempted to reply to that post but was restricted. Agramon, if you're reading this, how did you fix this problem? I greatly appreciate any help you guys can offer me. Thank you!
 

More replies
Answer Match 56.7%

I thought I had this virus cleaned out by going to a restore point a couple months back. It seems to have come back.Re: GMER scanMy GMER scan only checked Services, Registry, Files and the C: drive. All other things to check were grayed-out. The scan produced nothing.Re: DDS logsDDS produced two log, which both seem identical. I just pasted one of them.TIA, -BarryDDS (Ver_10-11-10.01) - NTFS_AMD64 Run by Barry at 7:17:46.29 on Thu 11/18/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3965.2493 [GMT -7:00]============== Running Processes ===============C:\PROGRA~2\AVG\AVG10\avgchsva.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDev... Read more

A:Google/Doubleclick Redirect Virus

Since this it my first time soliciting help on this BC web site, I'm not sure what to expect for a response time. Guess I should be more patient, but I'm about ready to try something out of desperation. Knowing there's 'something' on your computer is like having cancer and not being able to do anything about it.
BTW, replying to my own post isn't an attempt to get bumped up in the queue. I would have 'edited' this as a comment in my original post, but where's the edit button? Those with God privilege, feel free to paste this into my original post. -B

11 more replies
Answer Match 55.44%

I've tried multiple anti-everything programs from Super Anti-Spyware, Malwarebytes, ComboFix, Spybot S&D, and various online scans that have found nothing, or found something but never fully cleaned my system. For a week or two, Google was being redirected to various ad sites, but after my system was "cleaned" everything was fine. Now today, anything remotely related to Google won't load at all. I've tried to manually remove the TDSS google-redirecting virus, but I have none of the files that supposedly come along with the virus.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Des at 14:42:16 on 2012-02-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.1903 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\nvsvc32.... Read more

A:Infected with a virus that redirects Google, shows Google "not found nginx" also, no Youtube, Google Chrome or Google E...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

38 more replies
Answer Match 55.44%

Hello everyone. I apologize for not being an active user, but I always read the forums whenever a problem arises. However, I'm very confused at this point and was hoping to receive some help. This is a lenghty description, so I apologize in advance. I'll have a "too long, didn't read" at the bottom lol.
 
On my Windows 7 laptop, I use IE9. Now whenever I visit www.gamefaqs.com, (which I've been going to for years, a legit site about gaming) there will be times as I browse through that I all of a sudden have a new window opening attempting to navigate somewhere. However, my anti-virus, Norton Internet Security 2013, apparently blocks it as the windows always show "Navigation Canceled." But I wondered why do these windows come up sometimes, (and it's only on gamefaqs).
 
The URL of the blocked windows begin with "cm.g.doubleclick.net" and gives off more random characters. Curious, I looked it up. So the cm.g.doubleclick.net has a positve review from Norton Safe Web and Webutaion, (which shows rating from Norton, MyWOT, etc.) however reviews from users on Norton Safe Web says it's a spam site which makes sense. However, I came across two things researching this.
 
The first is that "cm.g.doubleclick.net" is a Google thing that they do something with IE9 to where they get ads in and it's a cookie matcher, (hence the cm) to match your browsing and what not. Ok, seems like nothing I can do since it's an IE9 issue? On another laptop which uses XP and IE8 there is no p... Read more

A:Is cm.g.doubleclick.net spyware/adware or a Google cookie matcher or both?

Hey leon, and welcome.
 
There's a 99% chance you have something, because getting a popup to a suspicious link is a staple of many forms of malware.  Chances are, it's a newer form of malware that Norton doesn't have a signature of in its database; hence, why it can't pick it up.
 
A few questions:
Have you tried to clear all cookies and empty the cache?
Do you visit any other sites on a regular basis?
What sorts of things are in the popup?
Do you have a pop-up blocker or an ad blocker?
Here's something for you to do to help some who isn't me knows what they're doing:
 
Download Security Check from here or here and make sure you either save it to the Desktop or a folder you can easily remember.
Double click SecurityCheck.exe, and follow the directions in the black box.
At the end of the scan, a Notepad document named checkup.txt should appear.  Copy and paste all of the contents here as-is (or save the file into a non-temporary folder, such as your Documents folder)
NOTE: If your security application requests permission for DIG.EXE to access the internet, give it permission to do so.
Do not take any other action based on the log, since it does give false positives.  Wait for further assistance.
You should be able to remove Spybot just fine by deleting the folder.  However, if it keeps popping up, ne t'inquiete pas.  Chances are in later steps it will be a thing of the past by proxy of removing this malware.

2 more replies
Answer Match 53.34%

Tried:MBAMSpywareDoctorVipre AntivirusAd-Aware SESpybot S&DHitmanRunning:Windows 7 64 bit4gigs RAMDDS (Ver_10-03-17.01) - NTFSX64 Run by Alex at 20:43:51.77 on Wed 08/04/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.1054 [GMT -7:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exeC:\Windows\system32\conhost.exeC:\Progra... Read more

A:Search Redirect "pleasewaitsearch.com

Hello Alex WebbWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

16 more replies
Answer Match 51.66%

For the last few weeks I have not been able to access classic google on firefox. Setting my homepage to http://www.google.com results in a "404 Not Found" page with "nginx" at the bottom. When I attempted to google the issue (using Google SSL) through firefox, certain links would redirect me to the Google SSL homepage. When using internet explorer 64 bit, I can access google, but I am often redirected to Google in a random language. I have uninstalled firefox and all addons multiple times but it has had no effect. I've downloaded Antimalware bytes, avast, and AVG which resulted in the removal of some viruses, but I can only assume not all. I've been following this guide thusfar http://www.bleepingcomputer.com/forums/topic34773.html . When I installed gmer, I wasn't able to deselect certain options, as most were grayed out, but I still scanned my computer and uploaded the log. 'g.png' that I've uploaded shows what I mean. Any help would be greatly appreciated.

A:Google Redirects to Google SSL, Random Popups, Can't access classic google

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

13 more replies
Answer Match 50.82%

Browser (IE7) will frequently redirect to a page with a message "Sorry we couldn't find "http://www.atdmt.com..." or "http://ad.doubleclick.com" or other various tags (though these are most common).

Web pages will often not load at all or will redirect while reading a webpage without any user action.

Occasionally it will simply say unable to load "actual web page trying to visit". Also oddly - problem seems to occur much more frequently in the morning than evening. This makes me wonder if it is a internet provider issue.

Problem has been occuring over the last 2-3 weeks.

I have followed the 5 Step process to the letter and run DSS after the first four steps. The contents of file main.txt are listed below and extra.txt is attached as a separate file.

Very much appreciated in advance for your help when you get a chance to review this.

Main.txt
---
Deckard's System Scanner v20071014.68
Run by SJL on 2008-01-30 17:09:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
83: 2008-01-30 22:03:16 UTC - RP661 - Deckard's System Scanner Restore Point
82: 2008-01-30 20:21:50 UTC - RP660 - System Checkpoint
81: 2008-01-29 18:59:32 UTC - RP659 - System Checkpoint
80: 2008-01-28 18:34:48 UTC - RP658 - Installed Microsoft Office Live Meeting 2007
79... Read more

More replies
Answer Match 50.4%

Any Google result sends me off to anti-virus software sites (probably fake). In addition when I try an access a security site like TrendMicro or BleepingComputer this also sends me off to these anti-virus (fake) sites. Here is the HiJack 2.0.2 log (hope I'm doing this correctly)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:10:59 PM, on 1/27/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\stsystra.exeC:\Program Files\Del... Read more

A:Google Redirects and Security Site Redirects

Hello, OverSixtyToo to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirrorThis is another mirrorDisable any type of "Script Blockers" or "Script Protection" installed on your system.Double click on your desktop.If prompted by any script blocking tools, please allow any actions taken by DDS.Two reports will open. Please reply with the generated reports:DDS.txt <-- Copy and paste into your next postAttach.txt <-- Attach to your next postWe need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primar... Read more

2 more replies
Answer Match 50.4%

Hi,

Here's the symptoms that I'm seeing need some help.

1)Using Internet Explorer - Enter a URL and instead of going to the site it's redirected
2)Google Search - Clicking on Suggested Links the Browser will redirect
Noted Redirect Sites: happili.com, mevioe.com and flyrry.com and other unwanted sites.
3)No Longer able to connect to windowsupdate.microsoft.com or access the windows update site directly from www.microsoft.com

Ran Malwarebytes with latest definintions comes up clean
Ran Ad-Aware with latest Definintions comes up clean
Running AVG scans reports clean

Note: In the Following Requested Logs you may notice the process Teamviewer I'm Aware that this is a Remote Control Software as Me (The person posting this) is helping a friend who lives to far away to actually work directly from their PC. Wanted to point this out.

Before Running hijackthis, DDS and GMER I disabled the AVG processes so that the Antivirus Engine wouldn't interfer with these scans.

Requested Logs

####### DDS ##########
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jen at 23:58:43.82 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.530 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Internet Antivirus 2011 *Enabled/Updated* {DD66DA46-1A1C-43D7-B787-8D5FA72... Read more

A:Browser Redirects, Google Search Redirects

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

18 more replies
Answer Match 48.72%

I have run Hijackthis and it told me that I had tons of problems and to post to your forum. A number of things don't work but teh three I want to cure are listed in the Title above. Do you want the Hijackthis log? If so, do I just copy and paste?

dwsarge
 

More replies
Answer Match 48.72%

A bunch of things are happening to my computer. My google is in german (everytime i change it it goes back to german), my google results redirect to ad sites, system defender is on my computer, and i a lot of random popups-__- please help!

DDS.txt
DDS (Ver_09-10-26.01) - NTFSx86
Run by Rainier at 22:14:54.51 on Sat 11/14/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.358 [GMT -8:00]

AV: System Defender *On-access scanning enabled* (Updated) {E35FD632-393B-4606-8E81-700B1355BD57}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: System Defender *enabled* {A5249CBB-A25F-4263-A814-62DFDB1C02B5}

============== Running Processes ===============

C:\Windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Windows\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\DropBox\DropBox\DropBox.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.ex... Read more

A:Google Redirects, Google is in german, random popups, system defender

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 47.88%

Getting Redirects from Google and Google Video as well as miscellaneous other sites, in the former case to some variation of a 404 page, and in the latter to a blank page that never fully loads.DDS (Ver_10-03-17.01) - NTFSx86 Run by professorchaos at 13:57:21.95 on Mon 08/09/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3581.2208 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Windows\System32\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\rundll32.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\McAfee\VirusScan Enterprise\engineserver.exeC:\Program... Read more

A:Getting Redirects from Google and Google Video as well as miscellaneous other sites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

14 more replies
Answer Match 47.88%

Hi, tried to solve this on my own for several days with not much success.

Running Windows XP SP3.

The problem started with Google Chrome, it stopped working one evening. The browser is stuck on an infinite loading loop but works when the "--no-sandbox" argument is added to the command line. Internet explorer worked fine. I did some googling on the problem and apparently it's either some anti-virus or a virus.

Switched to Opera browser. Got infected with ave.exe "xp total security". Ran Super Anti-Spyware/Malware Bytes/AVG 9 to remove. Seemed to be removed but I'm still getting google search redirects in Opera.

Downloaded and ran TDSSKiller. In safe mode, it detects nothing. In standard mode it detects a problem with Atapi.sys. The message is something like.

"Problems in memory 1/0/0
"Problems in files 1/0/1"

However, after every reboot, it's the same message.

Downloaded Gmer today and tried to run, in standard mode Gmer would crash with a BSOD, the BSOD flashed quickly so I'm unable to see what the exception was. Currently I'm running Gmer in safe mode.

Could use some help.

Thanks.

More replies
Answer Match 47.88%

I had the Advanced Virus Remover virus and I got rid of it through Malwarebytes, but now I am stuck with all of my google searches being redirected, many google services, like gmail, are unable to be accessed, and I am getting random pop-ups from directdr.com that show up at any time while browsing the internet. Help would be greatly appreciated.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 20:33:16.04 on Fri 12/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.130 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceSe... Read more

A:Google Search Redirects, Pop-ups and Google Services Blocked

I fixed the problem myself through the use of your site's HiJackThis guide and Combofix. The google redirects and google services being blocked was cause by the multiple hosts, and the rest was taken care of by Combofix. You can lock this now.

2 more replies
Answer Match 47.46%

Hovering over Google links will show link to googleads.doubleclick (or elsewhere) sometimes. Not always. When that is happening Google Instant is also disabled and the main google search windows will not prompt with completions. Also, sometimes prevents Google background image from loading. Ran mbm and Hitman Pro. I assume should use combofix?

Thx - Aaron

A:Googleads redirect

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller

17 more replies
Answer Match 47.04%

I had been using google.com/ncr to get the english version of google, but now it no longer works. Clicking &quot;google in english&quot; in the bottom right does not work either. I can't google if it is in german, japanese or whatever -_-. Any suggestions? Thanks in advance
 

A:google.com/ncr no longer redirects to google.com in english

Just found out that https://www.google.com/webhp?hl=en&tab=mw and https://www.google.com/webhp?hl=en&hl=en&tab=gw give me google in emglish and the same search results.
Google.com is forced to local language and gives different search results.
Local google gives me yet another search result. Can you tell me if the first two are the actual equivalent to google.com/ncr?

 

1 more replies
Answer Match 47.04%

Hi, one of the great volunteers here helped to clean my wife's laptop when she was getting her Google search results redirected some time ago, and the forum comes highly recommended from her so thank you for the previous help we've had!

I have similar problems on my desktop PC now where periodically my Google search results are going astray (mostly to a .302 Found page or other generic "search results" page). I am also getting popup windows in Firefox (which Adblock Plus doesn't seem to notice) which either go to Google.com by the time I navigate to them, or have the status bar saying they're waiting for response from Google Analytics. I haven't had the time to do all the prep work before today but previously I tried running Spybot Search and Destroy but it wouldn't open at all. I followed internet advice on that one to find a randomly named duplicate .exe and was able to run Spybot eventually but it didn't pull up anything much.

I don't know if it's important or related, but I also ran a HijackThis scan before coming here and loaded the logfile through their website to scout for problems. There were 4 entries they listed as "Nasty" which all had an unknown IP address as part of the entry. Unfortunately, I did not get a chance to save this log file before my computer crashed, and these lines have been removed so I am unable to advise what the IP address was.

I have DDS and GMer logs here, again I don't know if... Read more

A:Google redirects and google analytics popups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

24 more replies
Answer Match 47.04%

Hello,

Whenever I search for things using Google, I sometimes end up getting redirected to random websites which have nothing to do with what I have searched. Update: It just happened with IE, so it's not just Chrome as it first appeared.

For example, I searched for some help about a problem I was having with Ableton Live (turned out to be PEBKAC, so it's unrelated) and I ended up getting "madwebplus(dot)com/search(dot)php" and "insideps2games(dot)com/search(dot)php" and when I tried to get here I got "badcredit-creditcards(dot)net/result(dot)php?Keywords=tech+support+guy&r=db8752b12af8e4f24b3549ad566de91dc8f1b5f7e6e246a4632487d1571c7e4cd5fdd271755d148d1ba39491f099a988&Submit=Go"

It's only started happening today, and as far as I can remember I didn't download anything before it started happening. All I have downloaded is Zonealarm, Spybot S&D and HijackThis and they were downloaded after to try to fix the problem.

Spybot Search and Destroy found nothing, and AVG Free found 2 things and fixed them, but the redirects are still happening.

Here's what AVG found, just in case it's relevant.
"C:\WINDOWS\system32\svchost.exe (2460)";"Trojan horse Generic16.AGNN";"Reboot is required to finish the action" (I did reboot)
"C:\WINDOWS\system32\jyku.fjo";"Trojan horse Generic16.AGNN";"Moved to Virus Vault"

Other threads with similar problems have told ... Read more

A:Google Chrome Google Search Redirects

Hey. The stickes say it's okay to bump if you've waited at least 24 hours and to be patient, so I have been. I'm being as patient as an avid internet user with dodgy internet can be
 

3 more replies
Answer Match 47.04%

The search links show up in the search results, but when I click on the links, each is redirected to a site that is related to the subject matter, but not the correct site. Also, when entering a URL in the address bar in Google, that address is also redirected to www.go.google.com

Below is the log you instructed me to obtain.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:05 PM, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\In... Read more

A:Google search engine redirects to www.go.google.com

Please bump up

8 more replies
Answer Match 47.04%

Hello itsc I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", th... Read more

A:googleads redirection in IE (windows 8)

Hello48 Hour bumpIt has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo

3 more replies
Answer Match 47.04%

Hello,

My computer has been infected with the googleads.g.doubleclick.net redirect virus for about a month now. I tried a few step-by-step removal tutorials I've found on the web as well as Spybot, Norton, TDSS Killer and Malware Bytes, but the problem still persists. I am using the latest version of Mozilla, and I use Yahoo as my search engine. I've heard this virus can be dangerous, not to mention that it is very annoying to be re-directed to adware on 25% of my searches, so I would greatly appreciate any help you can provide in removing it! Attached below are my logs. Thanks! -Kevin

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_07
Run by graymatter80 at 21:49:46 on 2012-11-02
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4094.1628 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k Loca... Read more

A:Problem with googleads re-direct

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

18 more replies
Answer Match 46.2%

Hello,
 
I am having a problem with googleads.i.doublee-click.net high jacking my internet explorer...it isn't bothering chrome. I saw another post solving this problem but since it was customized to him I wasn't sure I should do it.
Thanks!!
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by PalominoMama at 13:15:33 on 2013-05-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.3545 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C... Read more

A:googleads.i.doublee-click.net windows 7

Good evening. Pay a visit to the ESET Online Scanner. Click the ESET Online Scanner button and a new window will open - you may need to maximise it. Click the Run ESET Online Scanner button in the new window.
If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
When you see the Computer Scan Settings window, you will need to make the following changes:

UNCHECK Remove found threats - this is important. Check Scan archives Click on Advanced settings Check Scan for potentially unsafe applications Once ready, click Start to begin - not a surprise really! The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted. The above will take a little time, so now is a good time to fire up the kettle and open the biccies. Once the scan has completed you will be shown the results - assuming that the scanner has found anything. Click List of found threats and then Export to text file... and save the log somewhere convenient. You can then close out the scanner - don't bother uninstalling it as ... Read more

12 more replies
Answer Match 46.2%

Hi -
This has been drfiving me nuts.  I have already run malwarebytes, spybot, rkill, cccleaner,kaspersky scanner, and ... I did run combofix before seeing the notice not to.  
Appreciate any help..
 
 
Here is my hijackthis log -
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:16:53 PM, on 3/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\tinySpell\tinyspell.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search... Read more

A:Chrome - googleads and redirected searches

Here is my combofix log
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:16:53 PM, on 3/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\tinySpell\tinyspell.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http... Read more

19 more replies
Answer Match 45.36%

Same problem as others have described.
I use Windows 7, Chrome 8.0 and I had installed Kasperski One. A few days ago I noticed that Google search results had no longer the URL advisor arrows next to them. I tried to reinstall Kasperski from a back-up CD but it took me to a site redirect.kasperski.com. I have run defogger and DDS. Here are the logs.Thanks a lot. AGM
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by FCF at 6:50:13 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6055.4955 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\... Read more

A:Google redirects to google/webhp

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

22 more replies
Answer Match 45.36%

I recently switched from Comcast to Time Warner ISP. Since then when I access google.com, I am automatically redirected to google.co.uk. Everything is UK related in the search results. This also happens with ask.com, and Lycos but not Yahoo search or Windows Live Search. I checked Google help and it told me to change address to google.com/webhp. I did this. No redirect this time but results are STILL UK related. Anybody have a similar experience? Here's what I wrote them but I suspect it will go into a black hole somewhere.

"I live in Texas, USA. I recently switched to Time Warner Cable. When I type in google.com I am always redirected to google.co.uk. I have done everything you suggest on your help page (change to google.com/webhp. I still get search results and sponsored links from UK). So I am taking your advice and sending you the information you requested:

IP address: 76.184.157.214
Gateway: 76.184.144.1
Location: Garland Texas, USA
Redirection: google.co.uk

Incidently this happens also with all browsers, also Ask.com and Lycos search engines. Not with Windows Live Search or Yahoo.
Help... I am on the brink of cancelling my Time Warner Cable over this!!
Thanks,
V. Ingram"

Thanks. Any help would be appreciated. I live by the Google search engine.
 

A:Google search redirects to Google.co.uk

11 more replies
Answer Match 45.36%

Help...
I have something causing google redirects.
searches bring up results5.google.com
driving me crazy.
I also can't update malwarebytes anti malware.
normally smart with this kind of stuff, but this has me beat!

Thanks!
 

A:google redirects results5.google.com

16 more replies
Answer Match 45.36%

Hi, a few days ago I clicked on a link in google. My computer became very slow, so I restarted it. After that, select links in google would redirect me to google.com/webhp. Also, IE (version 6) would open without prompt and take me to google.com/webhp. I switched over to my laptop and looked for solutions. I used Superantispyware and it found the backdoor trojan tidserv. It took care of the virus, and it doesn't show up in scans anymore. The problem still remains however. Google still redirects to google.com/webhp (not all the time) and IE will open every half hour or so without prompt. I'm a novice when it comes to this stuff, so I came here after reading the dangers of trying to get rid of viruses without experience.

A:Google redirects to Google.com/webhp

Check for rootkits.GMER-------Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

5 more replies
Answer Match 45.36%

It seems like I cannot get rid of this thing. I was wondering what the chances are that the wireless network im connecting to has malware/virus in the router. I heard that sometimes that happens and might cause the pop ups on my machine. Ran Spybot (scan/immunize) Malware Bytes (Thorough) Rkill, TDSKiller, Eset Scanner, Im even micromanaging cookies through firefox (which btw sucks) haha. Still getting the redirects on google searchs, and even on other sites. Help please.

A:Google redirects, Google Analytics

Hello.I was wondering what the chances are that the wireless network im connecting to has malware/virus in the router.Are other computers on your network also experiencing issues?~Blade

2 more replies
Answer Match 45.36%

Hi!
I have some trouble connecting to Google right now. First of all, after I opened Google Chrome, normally a new tab will open, as well as the Google logo with the search box. But this time, it's Google Belgium. Whenever I search something, then it will search on Google Belgium. I encounter this not while searching in Google saying "Cookies help us deliver our services. By using our services, you agree to our use of cookies.
Learn more" and a "Got it" button. After a single search, I cannot perform any search anymore! It will just display the "No Connection" page. If I want to do a Google search, then I should reinstall Google Chrome (I think resetting chrome will work, but I haven't tried it yet). What can I do to fix this? I tried rebooting my router but it doesn't fix the problem. And I hope system restore is not the only option I have. I may lose much data if I did a system restore.
Thanks in advance!

PS: I also used other devices. I tried to perform a Google Search using my mobile and again, it searched in google.be

A:Google redirects to Google Belgium

are they both on the same network ,provided the same DNS servers?

3 more replies
Answer Match 43.26%

I am getting pop ups whenever I open Internet Explorer also when I do a search on google and click on a result it takes me to a site that is related to my search but it is not the same site the link was supposed to take me to. I have tried a few things before I found this site. I downloaded hijackthis and posted my log at hijackthis.de and had hijackthis fix the problems that hijackthis.de said were nasty. Needless to say I still have the problem I just hope I did not make it worse. I tried to follow the 5 steps but I could not complete steps 2 and 4. Thank you for any help. One site that frequently pops up is fubar . com.

Deckard's System Scanner v20071014.68
Run by Randy Tyson on 2008-06-30 22:57:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-01 03:57:44 UTC - RP1017 - Deckard's System Scanner Restore Point
2: 2008-07-01 03:36:26 UTC - RP1016 - Removed MyWay Search Assistant
1: 2008-07-01 03:02:54 UTC - RP1015 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Randy Tyson.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ---... Read more

A:pop ups and google redirects

Hello and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------


Quote:




C:\Documents and Settings\Randy Tyson\Local Settings\Temporary Internet Files\Content.IE5\UR5Y77UW\dss[1].exe




Please note that tools are best Run from the Desktop. Easier to find and perform specialized functions which may be required.

Save to the Desktop and then... Read more

14 more replies
Answer Match 43.26%

Whenever i try to search for anything, google often redirects me when I click on the links to something random.
Other times it will open a new tab on FF and the url reads google.com/webphp. How can I get rid of this?

A:google redirects and pop ups?

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.Download Link 1Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, ... Read more

5 more replies
Answer Match 43.26%

I ran malbyte's as well as other programs but nothing works. Please help me.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:23 PM, on 9/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\vashu\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DigitalPersona\Bin\dpagent.exe
C:\Users\vashu\Desktop\ProcessExplorer\procexp.exe
C:\Users\vashu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vashu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vashu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vashu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vashu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vashu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Use... Read more

A:Google redirects and I tried everything

Hello knivesthe and welcome,

HijackThis is not enough to battle today's malware. To further assist in the removal of this malware, we require a more comprehensive set of logs.

Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

7 more replies
Answer Match 43.26%

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-16 15:27:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\fxddapow.sys
---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\[email protected] 17585

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\AW2DP4UP\ui.mevio.com\widgets\mwm\MevioBPFX.swf\USER-LIFE-TIME.sxx 139 bytes
File C:\Documents and Settings\User\Cookies\C0VDJXVI.txt 778 bytes
File C:\Documents and Settings\User\Cookies\DESRQPD3.txt 110 bytes
File C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4G9Q1TUY\caCAPGO2CN 0 bytes
File C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Q1J5V3EI\dnserror[1] 5947 bytes... Read more

A:google redirects

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

2 more replies
Answer Match 43.26%

Hi, having some problems with search results redirecting to other web sites. It all started on 2/12 after letting my father use the computer. Not sure what he did but when I got on later that day I found new processes running in the background (Bfx.exe) that I had never seen before and ran Malwarebytes / Spybot S&D to check them out. Sure enough they were infections and was removed. After noticing the redirecting I did some testing with the redirects and found that it doesn't always redirect me but when I search for example: AVG, Symantec, or Avast or other antivirus programs it redirects me to other web sites such as: webroot.com, oghgrnnoeati.com, eloqua.com. The redirects happen with both IE and Firefox and so far only have redirected if I use Google or Ask.com. Using Bing or Yahoo I havn't had redirects using them. I did some digging and found a suspicious file that was created during the time my father was on the PC and couldn't find any information on it. It's located in C:/Windows/Sytem32 called "wiasf8.dll" I did attempt to delete it but its marked Read-only and Hidden and even when changing those attributes it displays the message Access is Denied even tried in a command prompt with same message.

As per the "Preparation Guide" I attempted to run GMER but when I did so it locked the system up and became unresponsive, Task manager and such wouldn't come up and after waiting some time I restarted the PC. Here's the MBAM l... Read more

A:Google / Ask.com Redirects

HelloMy name is Baabiouz and I'll help you get your Pc clean.Step #1You are missing one important program on that computer: An antivirus.This is somewhat suicidal in today's digital world.You need to install an antivirus program as soon as you can and run a complete scan of the computer: Antivir Avast Free AVG Free Bitdefender FreeInstall it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.Step #2Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recov... Read more

15 more replies
Answer Match 43.26%

So this morning i was infected with the win7 anti virus 2012 software and used the instructions on this website hxxp://www.wiki-security.com/wiki/Parasite/Win7AntiVirus2012/ to manually remove the parasite from my computer. I was able to successfully remove the software by following the instructions on the website but afterwards i noticed i was getting redirects when doing google searches and sometimes I cant make searches more than once and i have to revisit google to search again. The redirects don't happen to often but they do happen.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Yuri at 9:41:54 on 2011-08-01
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.895.98 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost... Read more

A:((((Google Redirects))))

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.[list]
alternate download link 2Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked ... Read more

11 more replies
Answer Match 43.26%

Phantom, correct me if i'm wrong, but when you state "3rd party" I assume you mean anything other than:

Norton (to remove Norton)
Other-XYZ (to remove Other XYZ)

OR:
Windows Add/Remove (such as to remove Java)

So you're saying that Windows' Add/Remove tool is not 3rd party?

BTW, I just now noticed those tutorial links you gave - thanks! But I'm wondering what people do if there are any programs on their machine that are not listed in Revo? Like, I sometimes have programs on my system that don't appear on the All-Programs menu.

Another thing:
It so happens that, prior to my posting this thread, I had used Add/Remove to Remove Norton in order to Install AVG.

Could that be the reason I'm not able to access Google or gmail or Chrome now?
..actually, probably it's related to the malware which compelled me to get AVG.
 

A:Google redirects!!

6 more replies
Answer Match 43.26%

Hello,I have been experiencing redirects on links for google searches for some time. I have scanned with various tools (Malwarebytes, Adaware, SUPERAntispyware, SpyBot S&D, Kasperksy Anti-Virus), but the problem persists. Please help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 19:41:03.89 on Tue 07/13/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1331 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Logitech\GamePanel Software\LgDevAgt.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exeC:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\nHancer\nHancer.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Belkin\Nostromo\nost_LM.exeC:\Program Files\Logite... Read more

A:Google redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 43.26%

Hello. I've been experiencing Google redirects off and on for the last few days. Have scanned with my antivirus (McAfee), Malwarebytes, and Spybot Search and Destroy, each multiple times. All of the scans have either had no effect at all, or only seemed to stop the redirects for a day or two before they started again. Most of the scans find nothing - occasionally one has found Trojan.Happili.

I have both Internet Explorer and Google Chrome installed. Initially I only saw the redirects in Explorer, but now I see them in Chrome as well. Since I don't use Chrome that much, and the problem has always been random and intermittant, I don't know if that's an actual change or I just didn't use Chrome long enough previously to see the problem. The infection does not try to block any scans or other software that I have noticed.

DDS log is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by John at 12:07:05 on 2012-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5883 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated*
var pid = parseInt(2707884);
if ( pid > ipb.topic.topPid ){
ipb.topic.topPid = pid;
}

// Show multiquote for JS browsers
if ( $('multiq_2707884') )
{
$('multiq_2707884').show();
}

if( $('toggle_post_2707884') )
{
$('toggle_post_2707884').show();
}

// Add perm data
ipb.topic.deletePerms[2707884] = { 'canDelete' : 0, 'canSoftDelete' : 0 };

2
SP: W... Read more

A:Google Redirects

Hi,Please do the following:For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit vers... Read more

16 more replies
Answer Match 43.26%

ok lets try again, GMER crashed my computer twice...Hi,First I want to say I LOVE bleeping computer, what you do I really great and I'm very greatful. Normally I just use the tutorials but this time I'm stuck.This all started in the last 2 days.First I had the 'security suite' virus but used a tutorial to remove it and that worked, at the end is said run tdds in case of google redirects which I did, it found 3 problems and after they were removed the problems started.Now whenever I use a search engine I'm redirected to other websites, If I copy the link it works fine. This problem only surfaces the second time I load up my browser. If I log off and on again it works, close the browser and re open it starts. As I type google is NOT redirecting, if I closed the browser and re opened it would. I can repeat the logs with the problem enabled if it helps.I also have the 'Antimalware Doctor' showing up in my programmes list but it doesnt appear to be doing muchI've tried using malwarebytes, ad aware etc.Heres the DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by ALI2 at 22:02:23.17 on 17/08/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.286 [GMT 1:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32&... Read more

A:google redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more eas... Read more

16 more replies
Answer Match 43.26%

Hello - My name is Chris and for the last 6 hours, I've been trying to fix a problem where any searches through google get redirected to random search sites. I'm not sure what malware I've downloaded, but I can't get rid of it. Thank you for looking! Here are the logs:DDS (Ver_10-03-17.01) - NTFSx86 Run by Chris at 0:43:45.14 on Sat 08/21/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1978.1048 [GMT -4:00]AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\... Read more

A:Google redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

20 more replies
Answer Match 43.26%

The checkup from Security Check by screen317 Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java™ 6 Update 20 Java 7 Update 9 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` And the DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2Run by KaceyRose at 23:00:08 on 2012-11-28Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2342 [GMT -5:00].SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\... Read more

A:Google redirects me

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

3 more replies
Answer Match 43.26%

Hello,Hope that now it`s the right forum.My computer was heavily infected with trojans and spywares. i had blue desktop saying that i have spyware infection and warning popups as if system mesages. Then even my iexplorer went down and original antivirus mcafee disabled and my profile was loading about 30 minutes, and task manager disabled. I run cureit, ad-aware, mcafee scans. Cureit remooved some 20 trojans and my iexplorer was up and my profile loaded faster and mcafee was ok now. Then some spyware was remooved by Ad-aware, but still system warning popups were present, then i scan with previx and see that i have some C:\WINDOWS\system32\rxjddnvj.exe and wcntfysvc.exe are very agressive so I remooved them with killbox. Now i warning popups were gone and desktop was normal I hope that no more action is required.The only problem I have left is search engines redirect to some porn TOP-10 sites some other popups. My log is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:59:01, on 14.2.2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exe... Read more

A:Google Redirects

Yesterday i had another attack. I scaned with cureIt and found some trojans again but the best thing is that now my internet connection is disabled and I cannot install or run ad-aware. Computer as if is in safe mode.

2 more replies
Answer Match 43.26%

Hi all, I have been doing battle for a week now with various viruses on my computer and am slowly going insane! The main problem is that I am being redirected from google search results to other, seemingly random sites.

I have scanned and repaired my C drive with AVG, Malwarebytes, Superantispyware, ErrorFix and have even cleaned my registry a couple of times with Eusing registry cleaner. On top of that I have used another virus and another spyware programme but chucked those after use so can't remember their names.

Bottom line, all these programmes have found viruses (all kinds, a.o. Trojans) and removed them. But I am still beng bleeping redirected!! AAARRGH.

Ayone out there who can help? It would be greatly appreciated.

Thanks,

Gwen

A:Google Redirects

Hello and welcome. Please do not run the registry cleaner any more.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file exten... Read more

5 more replies
Answer Match 43.26%

Hi all, My searches in Google have been redirecting to different areas (Scour.com, StopZilla, etc....) for a couple of days now. Nothing I've run has gotten it to stop (Malwarebytes, SuperAntiSpyware, Avira--all updated). I've read the preliminary section, and followed your instructions. GMER showed nothing at all when I ran it. Here are the other 2. Thanks for any help you can give.VickiForgot to add that I have to click 3+ times to get the google search to stop redirecting and go to the right sight. At first it was only 1 time, then a couple, now sometimes it's 3 or more. VickiEDIT: Posts merged ~BPSorry for the bump here, but I thought you should know the problem of redirects seems to have been solved. After researching all day, I found and deleted XUL cache from my add-ons. Google seems to be back to normal. I'll wait though to hear what you all have to say after looking at my logs. Keeping my fingers crossed that this simple fix has really worked! EDIT: Posts merged ~BP

A:Google Redirects

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Answer Match 43.26%

Upon trying to run DDS the screen comes up blank then goes away with no report, Tried root repeal it was running and went away, now when I click on the icon it tells me I don't have authority to run it. deleted both and reloaded from memory stick no go. So far I am running into dead ends with the things I have tried. I have gone and disabled scripts but still no luck. This is on a laptop running windows Vista Home edition
here is a log I was able to run
Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\AppPatch\Custom\Custom

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP251D.tmp\ZAP251D.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP251D.tmp\ZAP251D.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2633.tmp\ZAP2633.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2633.tmp\ZAP2633.tmp... Read more

A:Google redirects AVG won't run

Here is the MBR log still unable to run rootrepeal and malware and superantivirus tired in safemode as wellStealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.netdevice: opened successfullyuser: MBR read successfullykernel: MBR read successfullyuser & kernel MBR OK

3 more replies
Answer Match 43.26%

Help. My kids laptop got the scour redirect virus (pretty sure).
I ran combofix which cleared up SOME of the problems with pop up ads and other related/unwanted side-effects, but I still have the remaining issue of google searches getting redirected.

Can you folks help me?

Pete

A:Google redirects - ugh - me too

Additional info: I am running Windows 7 and the problem happens with both IE and Firefox.

2 more replies
Answer Match 43.26%

hi guys im really struggling trying to get rid of this virus i have tried tdsskiller but it does not seem to load up on my computer i did have the smart hdd virus but i managed to get rid of this eventually with a detailed guide from this site very much appriciated btw so can you please point me in the right direction to get rid of this annoying google redirecting virus pleasekind regardsscotHi,i´m new in the forum as well and actual I registered to try to find some solution for your same problem.My history was like this but I think the virus been able to install in my computer via a fake virus report from a fake windows defender that i click to quarantine, after that the SMART HDD Virus started running wile I was using Opera, (Opera was already registering troubles via a google redirecting, but never nothing before like a virus or a infected file or nothing). Everything crash, and the SMARTHDD started letting me know that i had a lot of problems in the Hard Drive, all fake. I rebooted straight away, checked my hard drive via Linux, everything was okay, come back to windows, install several Malware removers, found several infected files and erase them or quarantine them. After that only the Opera Browser kept infected or modified, when I arrived to the same point you are now, I gave up and try to recover the computer with the recovery partition to try to get it with the factory settings, BUT, the F4 key to access to the recover partition is not working, and there is no w... Read more

A:Google Redirects

Hello,

I have posted on an internal forum for unbootable computers. Someone will be helping you soon.

5 more replies
Answer Match 43.26%

i have been having the stupid "i searched something on google clicked a link and it does not go where it should problem"
i have already reset my dns to take the automatic dns from my isp
i have used avg and maleware bytes to clean things up
i'v seen other posts in many forums about this but it seems that it takes a hijack this log and someone who knows more than me to really fix this problem ... im hoping someone can look at my log and help me out.
thanks
lee

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:58 PM, on 2/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jq... Read more

More replies
Answer Match 43.26%

My original problem was that I keep getting a redirect page after a few seconds when waiting for pages to load using IE. Most of the time I was waiting for Ebay pages to load. It will redirect to a Google page and then quit, sometimes with an error message about not being able to load either page, or a Google page opens with the url in the search box.

Any help is appreciated
Jerry


Code:
------------------------------------------------------------------------
These are the result of the DDS Scan:


DDS (Version 1.0) - NTFSx86
Run by Wanda at 20:26:06.90 on Thu 12/04/2008
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3053.1870 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Fil... Read more

A:Google Redirects

Hi. . .

First off - you are running AVG 7 - AVG 8 out for a while -
http://free.avg.com/download?prd=afe

I suggest that you proceed to to our Security Center, HiJackThis Log Help Forum, to have your HJT logs reviewed by a Security Analyst.

Please be sure to follow THESE STEPS carefully before posting your logs in the HJT Log Help Forum. Be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Lastly - DSS not used any longer - please follow the HJT Log Help steps carefully - you will post logs there and not here in Vista Support.

Regards. . .

jcgriff2

.

1 more replies
Answer Match 43.26%

I am having problems with Google searches getting redirected to unwanted websites in IE and Firefox.

I use a HP Pavilion zv6000 laptop with WinXP SP2 and IE 6.

Scans with SpySweeper, Avast!, HouseCall, and Malwarebytes, including Avast's boot sector scan, found several viruses and Trojans which were eradicated by the respective programs. Scans now run clean. However, Google redirects still persist.

There may also be an associated problem with the ATAPI device. When attempting to upgrade to Win XP SP3, the process returns the following error message:

"The file c:\windows\system32\drivers\atapi.sys is open or in use by another application. Close all other applications and then click Retry."

Closing every known application, even disabling the entire Startup file still results in the same message.

Any and all help will be greatly appreciated.

Thanks so much,
Hopestill
 

A:Google Redirects

15 more replies
Answer Match 43.26%

Hello,

Some background: I recently suffered the FBI moneypak virus. That thread is here:
http://www.bleepingcomputer.com/forums/topic470383.html/page__p__2856877__fromsearch__1#entry2856877

Now I get google redirects. The events may be related or unrelated.

Most google search links are blocked by avast. (Malicious URL blocked).

some URLs that appear when I use the back button on my browser (from the blocked page) are:
merchantcircle
myfindhere
nixxie

Thanks for your help.

Win 7 home premium (64 bit), IE9, avast antivirus (soon to be replaced by whatever is suggested by the bleepingcomputer rep who assists me).

A:google redirects?

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

46 more replies
Answer Match 43.26%

Ok, so I am no dummy when it comes to virus/malware/spyware removal, but this has truly got me stumped. I am not sure when. but a little while ago (weeks possibly) I started to get redirects from my google search results. I would click on the link and would be redirected to an ad site or some other bogus site. My first instincts are to do the mainstays in checking for infections: deleted all temp files, caches, private data and whatnot. Then I used Malwareytes Anti-Malware scanner, Combofix and HijackThis and they all found nothing. I have my AVG free edition run a scan every day and it has found nothing as well.After all that, I still get redirects on my google search results. Now, it doesn't happen 100% of the time. I'd say if I click on the link 5 times it would redirect on 3 of them. And it would not redirect to the same site all the time. So here I am, first time posting and asking for help. My HJT log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:38 PM, on 3/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WIND... Read more

A:FF Google Redirects

I may have fixed the issue. Reading some of the other posts, I saw references to 'Goored.exe'. I DL'ed it and ran the scan. it found one possible entry so I ran it to fix. It appears to have worked. i will post with updates.

3 more replies
Answer Match 43.26%

Hello everybody) sorry for my bad english( i from russia)
i found your forum in google and hope that you can help me.

It appears that I'm infected with the Google redirect virus. It redirects searches to:
109.206.160.225
173.214.255.51
206.51.231.116
217.159.171.218
63.209.69.107
64.15.72.104
64.21.9.244
65.97.58.10
66.246.72.42
67.196.0.168
68.232.188.245
8.26.70.252

I ran MalwareBytes, but it did not fix the issue.

Any assistance in removing this would be greatly appreciated.

I have windows7, and also i use a vpn-connection - so you can see it in log.

Information from DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17153 BrowserJavaVersion: 1.6.0_31
Run by od06 at 4:11:36 on 2012-12-16
Microsoft Windows 7 Домашняя расширенная 6.1.7600.0.1251.7.1049.18.4095.2154 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows�... Read more

A:Google Redirects on IE

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

15 more replies
Answer Match 43.26%

i don't know when it started, but google's been getting redirected to cr0zybaner.com more often than it's been going to the intended link. just today it got redirected to hornymatches.com
here's my most recent hijackthis log, if it helps:


Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:46:14 AM, on 11/25/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hobbyist Software\Off-Helper\Off-Helper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\A... Read more

A:google redirects

Hi,

This behavior is normally a result of a malware infection. I would run a full system scan using Malwarebytes and see if anything comes up. You may then need to look at the following tutorial.

Internet Explorer - Reset.html


OS

9 more replies
Answer Match 43.26%

Please help...I have run spybot, malwarebytes, superantipyware with no luck. My search results are constantly getting redirected.

Thanks

A:Help please with google redirects

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

10 more replies
Answer Match 43.26%

DDS Logs and GMER logs. Google redirects me to bogus websites. Continued from the topic with the same Topic name. Tried on Ran MBAM, Super AntiSpyware and TDSS. Got something but still redirects me to some website.Update: Still redirecting even after System restore. ReRun MBam and still doesn't found a thing.EDIT: Posts merged ~Budapest

A:Google redirects. Can't get rid.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Answer Match 43.26%

Please Help!! As the topic states all google links get redirected through some dumb search and never go where I want. here's my Hijack this Log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:27:51 PM, on 5/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\Ati2evxx.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\system32\Ati2evxx.exeF:\WINDOWS\system32\spoolsv.exeF:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeF:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeF:\Program Files\Bonjour\mDNSResponder.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeF:\Program Files\Java\jre6\bin\jqs.exeF:\PROGRA~1\McAfee\MSC\mcmscsvc.exef:\program files\common files\mcafee\mna\mcnasvc.exef:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exef:\PROGRA~1\mcafee.com\agent\mcagent.exeF:... Read more

A:Google Redirects

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

8 more replies
Answer Match 43.26%

Hi and thanks in advance for your help. I am running Windows Vista. I use Firefox to get to the Internet and I have Blue Coat k9 for filtering. I run Malwarebytes and Defender on a regular basis and have recently done an EasyCleaner on my registry. It seems to help for about 24 hours and then goes back to redirecting with nothing being found until days later. I am being redirected to star feeds mixer, monster.com, and yellow pages mostly. Also, on 90% of my attempts at going to a site, K9 pops up and says it is blocked because of suspicion and then when I hit the back button I get there. I have uninstalled and reinstalled K9 as well. Over the last 4 or 5 days now, the computer has been shutting down and saying something about a mini dump (that sounds nasty) and giving me a blue screen. I don't know if that's related. Oh and I have been getting messages from my Internet provider saying there is unually high traffic on my ? I forgot to write it down. IEP maybe? I have a password on my wireless router.

I just got this message from K9 that this site is blocked, but I wasn't trying to go there in the first place.

meta.7search.com/click/click.aspx?x=3daMaeOGMEEe4aRLqJ2F1Q%3...

A:Redirects from Google.

Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Further, it necessitates staff spending time with housecleaning to remove or close those duplicate postings...time which could have been provided to others needing assistance. I have removed any duplicates to avoid confusion.Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.When the program opens, click the Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.Do not use the computer during the scanIf 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.A log file named TDSSKiller_v... Read more

6 more replies
Answer Match 43.26%

Hi and thanks in advance for your help. I am running Windows Vista. I use Firefox to get to the Internet and I have Blue Coat k9 for filtering. I run Malwarebytes and Defender on a regular basis and have recently done an EasyCleaner on my registry. It seems to help for about 24 hours and then goes back to redirecting with nothing being found until days later. I am being redirected to star feeds mixer, monster.com, and yellow pages mostly. Also, on 90% of my attempts at going to a site, K9 pops up and says it is blocked because of suspicion and then when I hit the back button I get there. I have uninstalled and reinstalled K9 as well. Over the last 4 or 5 days now, the computer has been shutting down and saying something about a mini dump (that sounds nasty) and giving me a blue screen. I don't know if that's related. Oh and I have been getting messages from my Internet provider saying there is unually high traffic on my ? I forgot to write it down. IEP maybe? I have a password on my wireless router.

I just got this message from K9 that this site is blocked, but I wasn't trying to go there in the first place.

meta.7search.com/click/click.aspx?x=3daMaeOGMEEe4aRLqJ2F1Q%3...

A:Redirects from Google.

I'm sure one of the helpers here will be able to assist you more than I can but in the meantime I have a few suggestions...First, it never hurts to scan your machine with more than one type of anti-spyware program. That being said however, you NEVER want to have more than one anit-virus program as then can conflict with each other and leave you unprotected. My suggestion would be since you already have malwarebytes installed, and assuming that its the free version, to open it and click the update tab and verify that you have the latest definitions. Also follow this link and run SuperAntiSpyware. This is their portable edition so it doesn't need to be installed. It runs as a self contained package.SuperAntiSpyware Portable ScannerYou also may want to check your machine for any Rootkits that may be present, my suggestion is TDSSKiller from Kaspersky. You can find it at this link...TdssKiller Kaspersky Support PageHope that helps resolve your issue and again I'm sure that the helpers on this site will be able to assist you further. Good Luck.

3 more replies
Answer Match 43.26%

Hello, I have been having a google redirect problem for the past few months and have ran numerous malware removal tools and it did not find the problem. Attached is the dds file that I just ran and hopefully it will provide you with the information needed to find my problem. I appreciate any help and am grateful for services like this. Thank you!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.0.0
Run by Millertime at 10:59:50 on 2011-12-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.296 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe... Read more

A:google redirects-tried everything

Hi,

Please run the following:

Please download aswMBR to your desktop.Double click the aswMBR.exe icon to run it
When asked if you want to download Avast's virus definitions please select Yes.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

1 more replies
Answer Match 43.26%

Hello BC users, recently my google searches have been going haywire. I use Mozilla Firefox and everytime I use the google toolbar or the google website itself it takes several seconds for it to load up my search results. On the other hand, while browsing the internet with direct links and not using google, the speed is fine with no hiccups at all. Then when I click on one of the results from the google search, most of the times it redirects me to a rogue address. So I have to click it multiple times until it finally gets it right. I've ran a full scan on NOD32 and malwarebytes in both normal and safe mode but the problem still persists. Any help would be appreciated.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:15:21 AM, on 5/31/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\MotioninJoy\d... Read more

A:Google Redirects

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

17 more replies
Answer Match 43.26%

Ive tried removing with superantispyware, kaspersky, mbam, spybot..and a few others. I get it to nothing is found, but its still there...I didnt notice i was running low on hard drive space, and no restore points found...Redirects on both Firefox3.6.1.3 & IE7
DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 10:18:49.15 on Mon 02/07/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2815.1905 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Jav... Read more

A:Google Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

20 more replies
Answer Match 43.26%

OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name TNSPECK
System Manufacturer Dell Inc.
System Model Inspiron 1011
System Type X86-based PC
Processor x86 Family 6 Model 28 Stepping 2 GenuineIntel ~1596 Mhz
I have already run Combofix but nothing has changed. I hope that you can help me as this is our newer computer. I have tried many other malware removal programs including Hijack This, TDSSKiller, MalwareBytes, AVG, etc.

Please help

A:Google Redirects

Hello,Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

2 more replies
Answer Match 43.26%

Usually I can fix these kinds of things but this one is either really different or just happening at a time when I don't have enough time and patience to really figure it out - too much going on IRL.Win7 64 bit, Firefox is the only browser I care to confirm google redirects are happening in - also using noscript and WOT for Firefox so the problem isn't much more than a minor annoyance but I would like it fixed. I looked for TDSServ under 'non-plug and play drivers' in the device manager and didn't find it... once upon a time I helped people get rid of this kind of crap over the phone but we were extremely limited in how much help could provide...Gmer found nothing (0kb empty text file) but most of the checkbox options were greyed out so I thought I might ask about that... attached pic to show what's greyed out for me.I uninstalled superantispyware after going through this - gave it a shot at fixing the problem yesterday and it failed so it's gone. I can't use malwarebytes above version 1.44 because all I get is a strange error trying to install or run versions 1.45 and 1.46 - the issue has been reported in their forums but I have no idea if it could be related. Google redirects have been happening for 2 or 3 days and the mbam issue is much older.DDS (Ver_10-03-17.01) - NTFSX64 Run by 00 at 11:06:35.74 on Tue 06/01/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.... Read more

A:google redirects

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

25 more replies
Answer Match 43.26%

Hi,I was having some problems with google redirects; I would search for something, click the link, and FF would take me to a random ad website. After trying MBAM and Search and Destroy, I ran Combofix, then found this site with the words "DO NOT RUN ComboFix unless requested to." Too late, d'oh!Immediately after running combofix, the redirect problem stopped, but when I turned off my laptop (HP Mini 1000), I tried to boot it again and Windows would not boot. This is what happens when I boot:HP screen with HP logo and 2 options--F9 Change boot device order F10 BIOS setup optionsBlack screen with white blinking underscore in top left cornerI have included the DDS scan I ran after running Combofix before I turned off my computer, as well as the original Combofix log. I was unable to run GMER.Your help is greatly, greatly appreciated.Details:HP Mini 1000Windows XPDDS (Ver_10-12-05.01) - NTFSx86 Run by Hannah Carney at 0:39:15.75 on Tue 12/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.498 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\wdm\stacsv.exesvchost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Fi... Read more

A:Google Redirects

Do you still desire help?

9 more replies
Answer Match 43.26%

Hi, whenever I click google links, I always get redirected to other sites like secure.bidvertiser.com and pda.mybidsystem.com. Running Windows Vista Basic 32-bit SP2

A:Google Redirects...

Hello and welcome. I moved this to Am I Infected as certain logs are required in that forum for help.Lets see if we can get this.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If... Read more

1 more replies
Answer Match 43.26%

Hi i am infected with some sort of virus that is giving me google redirects everytime i search. I ran AdwCleaner and RougeKiller; Here are the logs. Thanks in AdvanceAdwCleaner Log# AdwCleaner v2.003 - Logfile created 10/04/2012 at 03:58:22# Updated 23/09/2012 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : PAULA - PAULA-PC# Boot Mode : Normal# Running from : C:\Users\PAULA\Downloads\adwcleaner.exe# Option [Search]***** [Services] ********** [Files / Folders] *****File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xmlFile Found : C:\Users\PAULA\AppData\Local\Temp\Searchqu.iniFile Found : C:\Users\PAULA\AppData\Local\Temp\searchqutoolbar-manifest.xmlFile Found : C:\Users\PAULA\AppData\Local\Temp\SetupDataMngr_Searchqu.exeFile Found : C:\Users\PAULA\AppData\Roaming\Mozilla\Firefox\Profiles\drpg6tpj.default\searchplugins\Search_Results.xmlFolder Found : C:\Program Files (x86)\ConduitFolder Found : C:\Program Files (x86)\IlividFolder Found : C:\Program Files (x86)\IMVU_IncFolder Found : C:\Program Files (x86)\Searchqu ToolbarFolder Found : C:\ProgramData\boost_interprocessFolder Found : C:\Users\FREE\AppData\Roaming\Mozilla\Firefox\Profiles\nbnj6... Read more

A:Google Redirects

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

22 more replies
Answer Match 43.26%

Hey all,I hope this is a post appropriate to this subforum--this is my first time here and I was referred to these forums by the HiJackThis website as a place to go for help with malware issues. My apologies if I have accidentally skipped any steps here or if I am posting in the wrong place.I was hoping someone could help me out. I'm having a problem which my limited research tells me is a fairly common one: when I enter a search in Google and click on the resulting links, instead of being sent to where they are supposed to go my browser (Firefox) is sent to various ad sites and alternate search engines. Every now and then a Google link will actually work, but for the most part I just get these frustrating redirects. The problem just started today. I wish I had some idea what triggered it but I did not visit any websites today that I haven't used before and have no idea how I could have gotten malware on my computer.I have AVG and used it to scan my computer after the problem started. It turned up and fixed a ton of stuff, but the Google redirects still continue. So I installed HiJackThis and had it scan and make a log--and this is the point where I basically need someone with more expertise than I, as I have no idea how to interpret the log or what to do about it.I am including the log below (I hope that's ok when it hasn't actually been requested yet--I am assuming that anyone interested in helping me is going to need it so in the interest of time I&#... Read more

A:Google Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please download DDS by... Read more

16 more replies
Answer Match 43.26%

Hi guys, I was following ST's advice on how to remove the dreaded google redirects malware and found that i couldnt re-post to get help with my problem.

Is anyone out there able to assist.

Ive ran the OTL extras log files as well as the rootkit unhooker file. I have both logs ready to post. I just need a specialist to help me with the tricky bits!

thanks in advance

More replies
Answer Match 43.26%

Continue to get redirected to wrong sites from google searches. I'm using Firefox 4.0.1. Windows firewall is enabled, and I use Avast free (mail, web and script shields only).
Thank you.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Hedges at 21:13:43.09 on Fri 05/13/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2038.870 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\sys... Read more

A:Google redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

4 more replies
Answer Match 43.26%

I wrote earlier that I was having Google redirects. I received an answer and was told to run these tests and post my logs here. I also stated that I had run Combofix even though I should not have and was also told to send this log as well. I have tried several removals such as AVG, Malwarebytes, Kaspersky, tdskiller, etc.
DDS (Ver_10-12-12.02) - NTFSx86
Run by TERESA LEHMAN at 21:39:17.01 on Tue 02/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.364 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG&... Read more

A:Google Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

24 more replies