Google results redirected

Discussion in 'System Security & Infection Support' started by Phil, Jun 21, 2011.

  1. Phil

    Phil VIP Member

    Joined:
    Dec 20, 2003
    Messages:
    959
    Location:
    Ontario, Canada
    Hey everyone,

    It has been a while, but I'm back. I have a spyware issue, when I run a search with google, any link in the results is redirected to a spam/ad. If I click the google link repeatedly it will eventually go to the correct link.

    Im running Windows Vista, browsing with Google Chrome. The same problem also happens in IE 7.

    I've run an ad-aware scan. After that it seemed to work better, but in a day or so the issue was back.

    I put my HijackThis log below. Any suggestions on removal there, or any others would be great!


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:06:41 AM, on 6/21/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DisplayFusion\DisplayFusion.exe
    C:\Users\Philip\Local Settings\Apps\F.lux\flux.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Users\Philip\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Users\Philip\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Philip\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Philip\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Philip\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Philip\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\Philip\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Philip\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Philip\Downloads\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAA1ADcAMgA1ADAAMQA3ADEALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADIA"&"prod=90"&"ver=9.0.894
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Philip\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [F.lux] "C:\Users\Philip\Local Settings\Apps\F.lux\flux.exe" /noshow
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: ted.lnk = C:\Program Files\Torrent Episode Downloader\ted.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

    --
     
    Phil, Jun 21, 2011
    #1
    1. Advertisements

  2. Phil

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Location:
    North Wales, Britain
    I had this a while ago, you need to get it treated ASAP, if you don't it leaves the door open to being infected with XP/Vista Security 2011.

    Boot into safe mode and download and install AVAST! antivirus, MalwareBytes and SpyBot - Search and Destroy. Let them all update, then do FULL system scans (This might well take a long time, but worth it).

    Thats how I cleared my system. Dont try a System Restore as it wont help the situation. Hope this helps.
     
    Nickweb, Jun 21, 2011
    #2
    1. Advertisements

  3. Phil

    S Walch MAME 0.64 :) VIP Member

    Joined:
    Jun 2, 2003
    Messages:
    1,026
    Location:
    Manchester
    Usually when something is redirecting you to different websites to what you've been clicking on, we call this a Root-kit, which basically "re-routes" your links to, obviously, the wrong websites with ads on them.

    I've found that the best programme to get rid of root-kits is TDSSkiller by Kaspersky:

    http://support.kaspersky.com/viruses/solutions?qid=208280684

    There are a few others though:

    http://majorgeeks.com/Sophos_Anti-Rootkit_d5238.html
    http://www.softpedia.com/get/Antivirus/AVG-Anti-Rootkit.shtml
    http://download.cnet.com/Panda-Anti-Rootkit/3000-8022_4-10717196.html
    http://www.gmer.net/
    http://www.avira.com/en/support-download-avira-antirootkit-tool
     
    S Walch, Jun 22, 2011
    #3
  4. Phil

    tantalio

    Joined:
    Jul 25, 2012
    Messages:
    6
    Go to options -> tools and see if your browser preferences have been changed. Make sure that there is not a toolbar you have not installed. then run a genuine AV and remove the virus
     
    tantalio, Jul 26, 2012
    #4
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob

    Google search results hijacked.

    Rob, Feb 24, 2009, in forum: Computing
    Replies:
    13
    Views:
    520
    Rod Speed
    Feb 26, 2009
  2. Don McKenzie
    Replies:
    0
    Views:
    311
    Don McKenzie
    Mar 10, 2011
  3. John Doe

    OT Excluding Google in search results?

    John Doe, Nov 7, 2011, in forum: PC Hardware
    Replies:
    23
    Views:
    782
    Joerg
    Nov 12, 2011
  4. John Doe
    Replies:
    0
    Views:
    261
    John Doe
    Nov 22, 2011
  5. Liam O'Connor
    Replies:
    0
    Views:
    151
    Liam O'Connor
    Jun 14, 2014
Loading...

Share This Page