Google keeps redirecting to other websites

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
For about 3 weeks now, everytime I open google and click on a site, about
50% of the time I get redirected to some form of advertisement site.  The
sites are always different.  This is happening on two of my machines.  One's
got XP Pro, the other's got Vista Home.  I'm using Enternet Explorer on
both.  I've got Kaspersky 7, but it's not picking up anything.  I've dumped
my cookies and have even installed and used a program called "fixwareout",
but still have the problem.

Here's a copy of my Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 6:24:56 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
G:\Hijack This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://signonsandiego.com /
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper -
- C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
- C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IEWatchObj Class - -
C:\WINDOWS\system32\IETie.dll
O2 - BHO: Google Toolbar Notifier BHO -
- C:\Program
Files\Google\GoogleToolbarNotifier.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program
Files\HP\\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive
Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Kaspersky] C:\Documents and Settings\All Users\Dati
applicazioni\Kaspersky Lab\KAV Personal Pro.0\Save Kaspersky.bat
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence
Eliminator\ee.exe /m
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME
2\HOMERunner.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program
Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
- C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics -
- C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite -
- C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
- C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132130850109
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - -
C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: xejabwjw - -
C:\Documents and Settings\All Users\Application Data\xejabwjw.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program
Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development
a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - Unknown owner - C:\Program
Files\ewido\security suite\ewidoguard.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




Re: Google keeps redirecting to other websites

For the XP box:
Have HJT fix the following line by placing a check in the box next to the
line and clicking on the fix checked button on the bottom.
O21 - SSODL: xejabwjw - -
C:\Documents and Settings\All Users\Application Data\xejabwjw.dll

Next navigate to this location and delete the file xejabwjw.dll
C:\Documents and Settings\All Users\Application Data\xejabwjw.dll

Next download and run my Remove-it software, choose yes for all options when
prompted. Download it here http://pcbutts1.com/downloads/tools/tools.htm

You also may want to re-install your antivirus software as it appears to be
disabled.

For the Vista box:
Use my free FixIE Tool. Download it here
http://pcbutts1.com/downloads/tools/tools.htm



--
Ignore posts made by the person called Leythos, he is a stalker who's been
obsessed with me for years ever since I spurned his advances towards me.




Quoted text here. Click to load it


Re: Google keeps redirecting to other websites


| For about 3 weeks now, everytime I open google and click on a site, about
| 50% of the time I get redirected to some form of advertisement site.  The
| sites are always different.  This is happening on two of my machines.  One's
| got XP Pro, the other's got Vista Home.  I'm using Enternet Explorer on
| both.  I've got Kaspersky 7, but it's not picking up anything.  I've dumped
| my cookies and have even installed and used a program called "fixwareout",
| but still have the problem.

| Here's a copy of my Hijack This:

Please do NOT post HJT logs or in other Usenent News Groups.  If you had
bothered to ASK
first you would have been told that that posting HJT logs are not allowed here
and you
would have been provided with a list of Expert Forums which do accept and
analyze HJT
logs.



1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe;  Format --> uncheck; "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of
the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's
System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security /
http://forums.security-central.us/forumdisplay.php?f=13




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Google keeps redirecting to other websites

If I would have "bothered to ask"???  Nice attitude Dave.  Who made you king
of this site?


Quoted text here. Click to load it



Re: Google keeps redirecting to other websites

Spartacus wrote:

Quoted text here. Click to load it

Posting HJT logs to Usenet pollutes the searching for the bits of
malware in your log. In fact, so many of you n00bs have posted logs, it
has become nearly impossible to use google group searches for anything
worthwhile any more.

Quoted text here. Click to load it

Site?   <lol>  This is not a site. It's Usenet.

Stop top-posting.

--
   -bts
   -Friends don't let friends drive Windows

Re: Google keeps redirecting to other websites

That's pure unadulterated Bullsh*t BTS asshole. Google searches have never
been "clogged" up by HJT logs coming from these NG, never has and never
will. That stupid excuse was made up by people, like the idiot David Lipman,
who are not smart enough to analyze the logs so they made up an excuse not
to have read them. HJT logs are text just like every post in this NG and the
"are" allowed. David the idiot knows that because he tried to file a
complain about it a few years ago, my ISP told him to kiss their ass. Google
searches brings up forum posts and what difference does it make anyway. Now
fuckoff.


--
Ignore posts made by the person called Leythos, he is a stalker who's been
obsessed with me for years ever since I spurned his advances towards me.




Quoted text here. Click to load it


Re: Google keeps redirecting to other websites

says...
Quoted text here. Click to load it

More BS from the master of lies and incompetence.

Google provides search functions, if you enter something there is a good
chance that one of the Usenet mirrors will be picked in the google
results, it's very common. Any competent IT person knows this and that's
why they don't encourage posting of HJ Logs to Usenet.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Google keeps redirecting to other websites

PCButtface, masquerading as "The Real Truth MVP" wrote:

Quoted text here. Click to load it

You are the only one in these groups who wants to see HJT logs. Everyone
else says post them to a proper forum where expert help is available.

Quoted text here. Click to load it

Anyone can paste the log into HJT's web page, as you do.
http://hijackthis.de /

--
   -bts
   -Friends don't let friends drive Windows

Re: Google keeps redirecting to other websites


| Spartacus wrote:

Quoted text here. Click to load it

| Posting HJT logs to Usenet pollutes the searching for the bits of
| malware in your log. In fact, so many of you n00bs have posted logs, it
| has become nearly impossible to use google group searches for anything
| worthwhile any more.


The pollution of news group searches is just a small part of the "big picture"
as there
are more reasons that are far more important.  I will ellaborate...

1.    HTTP based forums are moderated and controlled and thus eliminate the
troll factor
and misinformation.

2.    HJT logs are only a small part of analysis.  It only provide an insight to
simple
malware.  It won't help where there are infections that are using kernel level
capabilities to hide such as drivers (eg., *.SYS files).  One might remove a
simple BHO
through HJT analysis but the person can still be infected.  Usenet responses to
such
problems would be infffective in these sistuations.  Another exmple would where
legitimate
files are Trojanized or replaced.  For example take QTTask.exe from quicktime.
It may
show up in in a HJT log and thus overlooked.  However there are Trojans that
will replace
the QTTask.exe with the Trojan EXE and the responder would have no way of
knowing that.

3.    Helpers in Expert Forums are trained in a malware university of sorts and
can't
analyze logs until they graduate and the helpers are monitored by more
exprienced
personnel to make sure the right responses and suggestions are provided.

4.    Affected forum posters may be asked to submit samples of malware.  These
samples may
then be dissected and analyzed to provide a more deffinitive response.
Addionally these
samples are provided to the various anti malware companies as well may be used
for
improvements on anti malware utilities provided by expert forums such as with
the
MalwareBytes Anti Malware (MBAM) utility.

5.    Usenet is public and not only do affected individuals read the groups but
so do the
malware authors.  Expert forums may take a discussion of a particular nasty
offline such
that malware authors can't read the responses and modify their malware to thwart
their
removal.  A pefect example would be the Gromozon malware.  In this case the
malware
authors were modifying their malware to be more evasive and effective in
thwarting their
removal.  Those posters who had Gromozon were taken to a private area where the
malware
authors could no longer view removal instructions and thus the efficacy of
expert forums
in helping the affected person to remove the malware was greatly increased.

So there are many *good* reasons why posting of HJT logs is not allowed on
Usenet groups.
The most important is the personal 1-on-1 attention given to the affected poster
to make
sure when the poster leaves the thread they are indeed clean of malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Google keeps redirecting to other websites

Malware University Bwaaaaaaaaaaahaaaaaa! and just where is this university
located?  my stomach hurts, where do you come up with this BS?



--
Ignore posts made by the person called Leythos, he is a stalker who's been
obsessed with me for years ever since I spurned his advances towards me.




Quoted text here. Click to load it


Re: Google keeps redirecting to other websites

The Real Truth MVP explained on 7/13/2008 :
Quoted text here. Click to load it

Oh man I keep forgetting to put you back in the toilet...uh
killfile...there! Ah, that's better.

  Drumstick



Re: Google keeps redirecting to other websites

DrumStick wrote:
Quoted text here. Click to load it

That's 'cause the a-hole keeps changing nams to fool ISPs and posters. Now I
gotta plonk him again too. Sigh.  Plonky donkey.

Bud

Re: Google keeps redirecting to other websites

Bud has brought this to us :
Quoted text here. Click to load it



Yep, not even man (or whatever) enough to take the heat directly...much
personal responsibility....

  Drumstick



Re: Google keeps redirecting to other websites

The Biggest Joke MVP wannabe wrote:
Quoted text here. Click to load it
You wouldn't know the truth if it hit you in the face.
There are many malware removal forums that have a teaching section that
one has to go through before one is allowed to help. I am a member of
one such forum. You have posted,in the past,that you "run" several of
these forums. Don't you know your own rules? You are the biggest joke on
USENET.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Google keeps redirecting to other websites

Look you stupid troll I have been teaching people how to read and interpret
HJT logs for years in my forums and Usenet, there is no such thing as a
malware university period! It's not hard and not dangerous like people
think. You have a lot learn.


--
Ignore posts made by the person called Leythos, he is a stalker who's been
obsessed with me for years ever since I spurned his advances towards me.




Quoted text here. Click to load it


Re: Google keeps redirecting to other websites

The Real Truth MVP wrote:
Quoted text here. Click to load it
if the blind leads the blind, both will fall in to the ditch.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Google keeps redirecting to other websites

MVP wannabe wrote this:
Quoted text here. Click to load it
Here is a link to a "Malware University" that the wannabe MVP says does
not exist. There are more.

http://www.malwareremoval.com/ (1st hit using google)

max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Google keeps redirecting to other websites

PCbutts wrote this:
Quoted text here. Click to load it
Here is a link to a "Malware University" that the wannabe MVP says does
not exist. There are more.

http://www.malwareremoval.com/ (1st hit using google)

max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Google keeps redirecting to other websites




Quoted text here. Click to load it

It's an online University, and several exist.
http://www.castlecops.com/modules.php?&name=Forums&file=viewtopic&t=142010

Another Association ASAP... Members are listed here:
http://www.malwareremoval.com/a-sap.php

Very useful site on malware removal and training, also runs one of the
Universitys for training in malware removal.

A relatively simple google search found those links on the first page, and
they have existed for years.


http://www.malwareremoval.com /


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Google keeps redirecting to other websites

Spartacus wrote:
Quoted text here. Click to load it

DHL posted good advice, and you pick on his (very mild IMO) chiding? You
done fergot the manners yer Pa taught you, sonny.

[...]

--
wolf k.

Site Timeline