This forum requires Javascript to be enabled for posting content
Log In
Please consider registering
Guest
Search
Advanced Search
Forum Scope


Match



Forum Options



Min search length: 3 characters / Max search length: 84 characters
Search
Register
Register Lost password?
Google Redirect Issue
RSS
carbonterry2
356 Posts
(Offline)
1
August 8, 2011 - 2:07 pm
Print

The title pretty much says it all. Upon clicking on a search result I am directed to some other page.
I have run HiJackThis.
Results:

Scan saved at 12:54:19 PM, on 8/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSandboxieSbieSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:WINDOWSSYSTEM32astsrv.exe
C:Program FilesEASEUSTodo BackupbinAgent.exe
C:Program FilesAviraAntiVir Desktopavshadow.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesLinksysWireless-B PCI AdapterNICServ.exe
C:Program FilesMacriumReflectReflectService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesEASEUSTodo BackupbinEuWatch.exe
C:Program FilesEASEUSTodo BackupbinTrayNotify.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesRocketDockRocketDock.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesIconoidiconoid.exe
C:Program FilesWinstepNexus.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesPhilipsVOIP080VOIP080.exe
C:Program FilesLinksysWireless-B PCI AdapterWMP11Cfg.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesCommon FilesJavaJava Updatejucheck.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Program FilesBlueVoda Website BuilderBlueVoda.exe
C:Program FilesColorPic 4.1ColorPic.exe
C:Program FilesCoffeeCup SoftwareDHTMLmenuDHTMLMenu.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSExplorer.EXE
Z:hpzsetup.exe
Z:setuphpzdui01.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink.....nkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink.....nkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink.....nkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink.....nkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.babylon.com/?bab.....ss&q={searchTerms}&mntrId=58ea1e87000000000000000c41b58535&tlver=1.4.19.19&affID=17158
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] C:Program FilesNVIDIA CorporationnViewnwiz.exe /installquiet
O4 - HKLM..Run: [AdobeAAMUpdater-1.0] "C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe"
O4 - HKLM..Run: [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
O4 - HKLM..Run: [AdobeCS5ServiceManager] "C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [EaseUs Watch] "C:Program FilesEASEUSTodo BackupbinEuWatch.exe"
O4 - HKLM..Run: [EaseUs Tray] "C:Program FilesEASEUSTodo BackupbinTrayNotify.exe"
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [RocketDock] "C:Program FilesRocketDockRocketDock.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [Iconoid] "C:Program FilesIconoidiconoid.exe"
O4 - HKCU..Run: [Nexus] C:Program FilesWinstepNexus.exe autostart
O4 - HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:Program FilesYahoo!WidgetsYahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesOffice10OSA.EXE
O4 - Global Startup: VOIP080.lnk = C:Program FilesPhilipsVOIP080VOIP080.exe
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:Program FilesLinksysWireless-B PCI AdapterWMP11Cfg.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:Program FilesSuperfishWindow ShopperSuperfishIEAddon.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso

--
End of file - 9680 bytes

Chad Johnson
867 Posts
(Offline)
2
August 8, 2011 - 3:54 pm
Print

Which browser are you using?

Have you tried a different browser to see if the problem persists?

carbonterry2
356 Posts
(Offline)
3
August 8, 2011 - 5:46 pm
Print

As far as I can tell FireFox 3.6.18 only. I tested IE8 & Opera also with no redirect.

Jim Hillier
2700 Posts
(Offline)
4
August 8, 2011 - 6:29 pm
Print

Hey CT - The following entry in the HijackThis logfile should definitely be fixed by HijackThis:

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.babylon.com/?bab.....ss&q={searchTerms}&mntrId=58ea1e87000000000000000c41b58535&tlver=1.4.19.19&affID=17158

Other than that, I can't see anything of any real significance.

What other scans have you run??

Chad Johnson
867 Posts
(Offline)
5
August 8, 2011 - 8:55 pm
Print

[quote="carbonterry2":2yzjfbez]As far as I can tell FireFox 3.6.18 only. I tested IE8 & Opera also with no redirect.[/quote:2yzjfbez]

In addition to Jim's note -- what addons /extensions do you have installed in Firefox?

These two are also troubling from your report:

O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:Program FilesSuperfishWindow ShopperSuperfishIEAddon.dll
O24 - Desktop Component 0: (no name) - http://www.stripemania.com/ima.....spacer.gif

Window Shopper ([url:2yzjfbez]http://forums.mozillazine.org/viewtopic.php?t=1979591&f=38[/url:2yzjfbez]) looks like it is the culprit -- but I'd check the rest too.

Stripemania looks innocuous, but I don't know anything about it.

carbonterry2
356 Posts
(Offline)
6
August 8, 2011 - 11:25 pm
Print

Thank you!
I deleted the suggested items and I am no longer getting the redirects
Thank you

Forum Timezone: America/Indiana/Indianapolis
All RSSShow Stats
Administrators:
Jim Hillier
Richard Pedersen
David Hartsock
Moderators:
Carol Bratt
dandl
Jason Shuffield
Jim Canfield
Terry Hollett
Stuart Berg
John Durso
Top Posters:
Chad Johnson: 867
Mindblower: 666
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Newest Members:
blutsband
cyberguy
JudeLandry
benjaminlouis680309
drogers97439
Forum Stats:
Groups: 8
Forums: 20
Topics: 1942
Posts: 13520

 

Member Stats:
Guest Posters: 11
Members: 3179
Moderators: 7
Admins: 3
Most Users Ever Online: 2303
Currently Online:
Guest(s) 23
Currently Browsing this Page:
1 Guest(s)
Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!