This forum requires Javascript to be enabled for posting content
Please consider registering
guest
Log In Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Topic RSS
Google Redirect Issue
carbonterry2
Member
Members
August 8, 2011 - 2:07 pm
Member Since: February 17, 2010
Forum Posts: 356
Offline

The title pretty much says it all. Upon clicking on a search result I am directed to some other page.
I have run HiJackThis.
Results:

Scan saved at 12:54:19 PM, on 8/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSandboxieSbieSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:WINDOWSSYSTEM32astsrv.exe
C:Program FilesEASEUSTodo BackupbinAgent.exe
C:Program FilesAviraAntiVir Desktopavshadow.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesLinksysWireless-B PCI AdapterNICServ.exe
C:Program FilesMacriumReflectReflectService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesEASEUSTodo BackupbinEuWatch.exe
C:Program FilesEASEUSTodo BackupbinTrayNotify.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesRocketDockRocketDock.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesIconoidiconoid.exe
C:Program FilesWinstepNexus.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesPhilipsVOIP080VOIP080.exe
C:Program FilesLinksysWireless-B PCI AdapterWMP11Cfg.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesCommon FilesJavaJava Updatejucheck.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Program FilesBlueVoda Website BuilderBlueVoda.exe
C:Program FilesColorPic 4.1ColorPic.exe
C:Program FilesCoffeeCup SoftwareDHTMLmenuDHTMLMenu.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSExplorer.EXE
Z:hpzsetup.exe
Z:setuphpzdui01.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink.....nkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink.....nkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink.....nkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink.....nkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.babylon.com/?bab.....ss&q={searchTerms}&mntrId=58ea1e87000000000000000c41b58535&tlver=1.4.19.19&affID=17158
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] C:Program FilesNVIDIA CorporationnViewnwiz.exe /installquiet
O4 - HKLM..Run: [AdobeAAMUpdater-1.0] "C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe"
O4 - HKLM..Run: [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
O4 - HKLM..Run: [AdobeCS5ServiceManager] "C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [EaseUs Watch] "C:Program FilesEASEUSTodo BackupbinEuWatch.exe"
O4 - HKLM..Run: [EaseUs Tray] "C:Program FilesEASEUSTodo BackupbinTrayNotify.exe"
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [RocketDock] "C:Program FilesRocketDockRocketDock.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [Iconoid] "C:Program FilesIconoidiconoid.exe"
O4 - HKCU..Run: [Nexus] C:Program FilesWinstepNexus.exe autostart
O4 - HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:Program FilesYahoo!WidgetsYahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesOffice10OSA.EXE
O4 - Global Startup: VOIP080.lnk = C:Program FilesPhilipsVOIP080VOIP080.exe
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:Program FilesLinksysWireless-B PCI AdapterWMP11Cfg.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:Program FilesSuperfishWindow ShopperSuperfishIEAddon.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso

--
End of file - 9680 bytes

Chad Johnson
Mod
Members
August 8, 2011 - 3:54 pm
Member Since: August 11, 2011
Forum Posts: 867
Offline

Which browser are you using?

Have you tried a different browser to see if the problem persists?

carbonterry2
Member
Members
August 8, 2011 - 5:46 pm
Member Since: February 17, 2010
Forum Posts: 356
Offline

As far as I can tell FireFox 3.6.18 only. I tested IE8 & Opera also with no redirect.

Jim Hillier
Admin
August 8, 2011 - 6:29 pm
Member Since: August 9, 2011
Forum Posts: 2707
Offline

Hey CT - The following entry in the HijackThis logfile should definitely be fixed by HijackThis:

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.babylon.com/?bab.....ss&q={searchTerms}&mntrId=58ea1e87000000000000000c41b58535&tlver=1.4.19.19&affID=17158

Other than that, I can't see anything of any real significance.

What other scans have you run??

Chad Johnson
Mod
Members
August 8, 2011 - 8:55 pm
Member Since: August 11, 2011
Forum Posts: 867
Offline

[quote="carbonterry2":2yzjfbez]As far as I can tell FireFox 3.6.18 only. I tested IE8 & Opera also with no redirect.[/quote:2yzjfbez]

In addition to Jim's note -- what addons /extensions do you have installed in Firefox?

These two are also troubling from your report:

O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:Program FilesSuperfishWindow ShopperSuperfishIEAddon.dll
O24 - Desktop Component 0: (no name) - http://www.stripemania.com/ima.....spacer.gif

Window Shopper ([url:2yzjfbez]http://forums.mozillazine.org/viewtopic.php?t=1979591&f=38[/url:2yzjfbez]) looks like it is the culprit -- but I'd check the rest too.

Stripemania looks innocuous, but I don't know anything about it.

carbonterry2
Member
Members
August 8, 2011 - 11:25 pm
Member Since: February 17, 2010
Forum Posts: 356
Offline

Thank you!
I deleted the suggested items and I am no longer getting the redirects
Thank you

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online:
Guest(s) 45
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 673
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3218
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1951
Posts: 13555
Newest Members:
Noahmat, cdgxx, ricc88, R1OLEWINE, bernicereva
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2707, Richard Pedersen: 209, David Hartsock: 1117
Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!