Google Redirect Issue

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
Google Redirect Issue
Avatar
carbonterry2
Member
Forum Posts: 353
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
1
August 8, 2011 - 2:07 pm
sp_Permalink sp_Print

The title pretty much says it all. Upon clicking on a search result I am directed to some other page.
I have run HiJackThis.
Results:

Scan saved at 12:54:19 PM, on 8/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSandboxieSbieSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:WINDOWSSYSTEM32astsrv.exe
C:Program FilesEASEUSTodo BackupbinAgent.exe
C:Program FilesAviraAntiVir Desktopavshadow.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesLinksysWireless-B PCI AdapterNICServ.exe
C:Program FilesMacriumReflectReflectService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesEASEUSTodo BackupbinEuWatch.exe
C:Program FilesEASEUSTodo BackupbinTrayNotify.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesRocketDockRocketDock.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesIconoidiconoid.exe
C:Program FilesWinstepNexus.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesPhilipsVOIP080VOIP080.exe
C:Program FilesLinksysWireless-B PCI AdapterWMP11Cfg.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesCommon FilesJavaJava Updatejucheck.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Program FilesBlueVoda Website BuilderBlueVoda.exe
C:Program FilesColorPic 4.1ColorPic.exe
C:Program FilesCoffeeCup SoftwareDHTMLmenuDHTMLMenu.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSExplorer.EXE
Z:hpzsetup.exe
Z:setuphpzdui01.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink.....nkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink.....nkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink.....nkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink.....nkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.babylon.com/?bab.....ss&q={searchTerms}&mntrId=58ea1e87000000000000000c41b58535&tlver=1.4.19.19&affID=17158
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] C:Program FilesNVIDIA CorporationnViewnwiz.exe /installquiet
O4 - HKLM..Run: [AdobeAAMUpdater-1.0] "C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe"
O4 - HKLM..Run: [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
O4 - HKLM..Run: [AdobeCS5ServiceManager] "C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [EaseUs Watch] "C:Program FilesEASEUSTodo BackupbinEuWatch.exe"
O4 - HKLM..Run: [EaseUs Tray] "C:Program FilesEASEUSTodo BackupbinTrayNotify.exe"
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [RocketDock] "C:Program FilesRocketDockRocketDock.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [Iconoid] "C:Program FilesIconoidiconoid.exe"
O4 - HKCU..Run: [Nexus] C:Program FilesWinstepNexus.exe autostart
O4 - HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:Program FilesYahoo!WidgetsYahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesOffice10OSA.EXE
O4 - Global Startup: VOIP080.lnk = C:Program FilesPhilipsVOIP080VOIP080.exe
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:Program FilesLinksysWireless-B PCI AdapterWMP11Cfg.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:Program FilesSuperfishWindow ShopperSuperfishIEAddon.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso

--
End of file - 9680 bytes

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
2
August 8, 2011 - 3:54 pm
sp_Permalink sp_Print

Which browser are you using?

Have you tried a different browser to see if the problem persists?

Avatar
carbonterry2
Member
Forum Posts: 353
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
3
August 8, 2011 - 5:46 pm
sp_Permalink sp_Print

As far as I can tell FireFox 3.6.18 only. I tested IE8 & Opera also with no redirect.

Avatar
Jim Hillier
Admin
Forum Posts: 2562
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
4
August 8, 2011 - 6:29 pm
sp_Permalink sp_Print

Hey CT - The following entry in the HijackThis logfile should definitely be fixed by HijackThis:

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.babylon.com/?bab.....ss&q={searchTerms}&mntrId=58ea1e87000000000000000c41b58535&tlver=1.4.19.19&affID=17158

Other than that, I can't see anything of any real significance.

What other scans have you run??

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
5
August 8, 2011 - 8:55 pm
sp_Permalink sp_Print

[quote="carbonterry2":2yzjfbez]As far as I can tell FireFox 3.6.18 only. I tested IE8 & Opera also with no redirect.[/quote:2yzjfbez]

In addition to Jim's note -- what addons /extensions do you have installed in Firefox?

These two are also troubling from your report:

O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:Program FilesSuperfishWindow ShopperSuperfishIEAddon.dll
O24 - Desktop Component 0: (no name) - http://www.stripemania.com/ima.....spacer.gif

Window Shopper ([url:2yzjfbez]http://forums.mozillazine.org/viewtopic.php?t=1979591&f=38[/url:2yzjfbez]) looks like it is the culprit -- but I'd check the rest too.

Stripemania looks innocuous, but I don't know anything about it.

Avatar
carbonterry2
Member
Forum Posts: 353
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
6
August 8, 2011 - 11:25 pm
sp_Permalink sp_Print

Thank you!
I deleted the suggested items and I am no longer getting the redirects
Thank you

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 271

Currently Online:
27 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 2378

Moderators: 7

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1802

Posts: 12962

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Carol Bratt, dandl, Jason Shuffield, Jim Canfield, Terry Hollett, Dick Evans, Sergey Grankin

Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!