Computer Help Forums

Computer Help Forum > Computers > System Security & Infection Support > Google results redirected

Reply
Thread Tools Display Modes

Google results redirected

 
 
THQ Enthusiast

Join Date: Dec 2003
Location: Ontario, Canada
Posts: 959
Thanked: 0


 
      Jun 21st, 11, 3:19 PM
Hey everyone,

It has been a while, but I'm back. I have a spyware issue, when I run a search with google, any link in the results is redirected to a spam/ad. If I click the google link repeatedly it will eventually go to the correct link.

Im running Windows Vista, browsing with Google Chrome. The same problem also happens in IE 7.

I've run an ad-aware scan. After that it seemed to work better, but in a day or so the issue was back.

I put my HijackThis log below. Any suggestions on removal there, or any others would be great!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:41 AM, on 6/21/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Users\Philip\Local Settings\Apps\F.lux\flux.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Philip\AppData\Local\Google\Update\1.3.21 .57\GoogleCrashHandler.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Philip\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Philip\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Philip\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Philip\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Philip\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Philip\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Philip\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Philip\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMw BMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBL ADMAWAA"&"inst=NwA3AC0ANAA1ADcAMgA1ADAAMQA3ADEALQB GAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArA DIA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [Google Update] "C:\Users\Philip\AppData\Local\Google\Update\Googl eUpdate.exe" /c
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\Philip\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ted.lnk = C:\Program Files\Torrent Episode Downloader\ted.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

--
 

 
There is no dark side of the moon, really. Matter of fact, it's all dark.
Reply With Quote
 
 
 
 
Resident Filmaker

Join Date: Nov 2003
Location: North Wales, Britain
Posts: 2,532
Thanked: 6

Nickweb's Avatar

 
      Jun 21st, 11, 8:46 PM
I had this a while ago, you need to get it treated ASAP, if you don't it leaves the door open to being infected with XP/Vista Security 2011.

Boot into safe mode and download and install AVAST! antivirus, MalwareBytes and SpyBot - Search and Destroy. Let them all update, then do FULL system scans (This might well take a long time, but worth it).

Thats how I cleared my system. Dont try a System Restore as it wont help the situation. Hope this helps.
 

 

Heh apparently I did merge 2 threads in my head. I win. - Cryptoboats
Films by Nick | Stuff by Nick | My YouTube
Reply With Quote
 
 
 
 
MAME 0.64 :)

Join Date: Jun 2003
Location: Manchester
Posts: 1,022
Thanked: 0

S Walch's Avatar

 
      Jun 22nd, 11, 11:31 AM
Usually when something is redirecting you to different websites to what you've been clicking on, we call this a Root-kit, which basically "re-routes" your links to, obviously, the wrong websites with ads on them.

I've found that the best programme to get rid of root-kits is TDSSkiller by Kaspersky:

http://support.kaspersky.com/viruses...?qid=208280684

There are a few others though:

http://majorgeeks.com/Sophos_Anti-Rootkit_d5238.html
http://www.softpedia.com/get/Antivir...-Rootkit.shtml
http://download.cnet.com/Panda-Anti-...-10717196.html
http://www.gmer.net/
http://www.avira.com/en/support-down...tirootkit-tool
 
Reply With Quote
 
THQ Newbie

Join Date: Jul 2012
Posts: 6
Thanked: 0


 
      Jul 26th, 12, 3:06 PM
Go to options -> tools and see if your browser preferences have been changed. Make sure that there is not a toolbar you have not installed. then run a genuine AV and remove the virus
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OT Really weird search results on Google Groups UseNet archive John Doe PC Hardware 0 Nov 22nd, 11 5:00 AM
OT Excluding Google in search results? John Doe PC Hardware 23 Nov 12th, 11 4:51 PM
Google starts letting search users block domains in results Don McKenzie Computing 0 Mar 10th, 11 10:09 PM
[SOLVED] Google search results hijacked. Rob Computing 13 Feb 26th, 09 7:43 PM
Re: Google Adds Ability to Edit, Filter and Sort Google Docs Spreadsheets Larry iPhone 0 Feb 15th, 09 6:22 AM