Google keeps redirecting to other websites

Google keeps redirecting to other websites
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Google keeps redirecting to other websites Spartacus 07-12-2008
Posted by Spartacus on July 12, 2008, 9:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
For about 3 weeks now, everytime I open google and click on a site, about
50% of the time I get redirected to some form of advertisement site. The
sites are always different. This is happening on two of my machines. One's
got XP Pro, the other's got Vista Home. I'm using Enternet Explorer on
both. I've got Kaspersky 7, but it's not picking up anything. I've dumped
my cookies and have even installed and used a program called "fixwareout",
but still have the problem.

Here's a copy of my Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 6:24:56 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
G:\Hijack This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://signonsandiego.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper -
- C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
- C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IEWatchObj Class - -
C:\WINDOWS\system32\IETie.dll
O2 - BHO: Google Toolbar Notifier BHO -
- C:\Program
Files\Google\GoogleToolbarNotifier.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program
Files\HP\\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive
Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Kaspersky] C:\Documents and Settings\All Users\Dati
applicazioni\Kaspersky Lab\KAV Personal Pro.0\Save Kaspersky.bat
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence
Eliminator\ee.exe /m
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME
2\HOMERunner.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program
Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
- C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics -
- C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite -
- C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
- C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132130850109
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - -
C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: xejabwjw - -
C:\Documents and Settings\All Users\Application Data\xejabwjw.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program
Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development
a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - Unknown owner - C:\Program
Files\ewido\security suite\ewidoguard.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




Posted by The Real Truth MVP on July 12, 2008, 10:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
For the XP box:
Have HJT fix the following line by placing a check in the box next to the
line and clicking on the fix checked button on the bottom.
O21 - SSODL: xejabwjw - -
C:\Documents and Settings\All Users\Application Data\xejabwjw.dll

Next navigate to this location and delete the file xejabwjw.dll
C:\Documents and Settings\All Users\Application Data\xejabwjw.dll

Next download and run my Remove-it software, choose yes for all options when
prompted. Download it here http://pcbutts1.com/downloads/tools/tools.htm

You also may want to re-install your antivirus software as it appears to be
disabled.

For the Vista box:
Use my free FixIE Tool. Download it here
http://pcbutts1.com/downloads/tools/tools.htm



--
Ignore posts made by the person called Leythos, he is a stalker who's been
obsessed with me for years ever since I spurned his advances towards me.




> For about 3 weeks now, everytime I open google and click on a site, about
> 50% of the time I get redirected to some form of advertisement site. The
> sites are always different. This is happening on two of my machines.
> One's got XP Pro, the other's got Vista Home. I'm using Enternet Explorer
> on both. I've got Kaspersky 7, but it's not picking up anything. I've
> dumped my cookies and have even installed and used a program called
> "fixwareout", but still have the problem.
>
> Here's a copy of my Hijack This:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 6:24:56 PM, on 7/12/2008
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16674)
>


Posted by David H. Lipman on July 13, 2008, 8:33 am
If you were  Registered and logged in, you could reply and use other advanced thread options

| For about 3 weeks now, everytime I open google and click on a site, about
| 50% of the time I get redirected to some form of advertisement site. The
| sites are always different. This is happening on two of my machines. One's
| got XP Pro, the other's got Vista Home. I'm using Enternet Explorer on
| both. I've got Kaspersky 7, but it's not picking up anything. I've dumped
| my cookies and have even installed and used a program called "fixwareout",
| but still have the problem.

| Here's a copy of my Hijack This:

Please do NOT post HJT logs or in other Usenent News Groups. If you had
bothered to ASK
first you would have been told that that posting HJT logs are not allowed here
and you
would have been provided with a list of Expert Forums which do accept and
analyze HJT
logs.



1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of
the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's
System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Spartacus on July 13, 2008, 3:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
If I would have "bothered to ask"??? Nice attitude Dave. Who made you king
of this site?


>
> | For about 3 weeks now, everytime I open google and click on a site,
> about
> | 50% of the time I get redirected to some form of advertisement site.
> The
> | sites are always different. This is happening on two of my machines.
> One's
> | got XP Pro, the other's got Vista Home. I'm using Enternet Explorer on
> | both. I've got Kaspersky 7, but it's not picking up anything. I've
> dumped
> | my cookies and have even installed and used a program called
> "fixwareout",
> | but still have the problem.
>
> | Here's a copy of my Hijack This:
>
> Please do NOT post HJT logs or in other Usenent News Groups. If you had
> bothered to ASK
> first you would have been told that that posting HJT logs are not allowed
> here and you
> would have been provided with a list of Expert Forums which do accept and
> analyze HJT
> logs.
>
>
>
> 1. Download and execute HiJack This! (HJT)
> http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
>
> 2. Disable Notepad's word wrap:
> In Notepad.exe; Format --> uncheck; "Word wrap"
>
> 3. Download/run Deckard's System Scanner:
> http://www.techsupportforum.com/sectools/Deckard/dss.exe
>
> 4. Save the scan results (Main.txt and Extra.txt)
>
> 5. And then post the contents of Main.txt and Extra.txt in your post in
> one of the below
> expert forums...
>
>
> { Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }
>
> Forums where you can get expert advice for HiJack This! (HJT) and
> Deckard's System Scanner
> Logs.
>
> NOTE: Registration is REQUIRED in any of the below before posting a log
>
> Suggested primary:
> http://www.thespykiller.co.uk/index.php?board=3.0
>
> Suggested secondary:
> http://www.bleepingcomputer.com/forums/forum22.html
> http://castlecops.com/forum67.html
> http://www.malwarebytes.org/forums/index.php?showforum=7
>
> Suggested tertiary:
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
> http://www.atribune.org/forums/index.php?showforum=9
> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
> http://gladiator-antivirus.com/forum/index.php?showforum=170
> http://forum.networktechs.com/forumdisplay.php?f=130
> http://forums.maddoktor2.com/index.php?showforum=17
> http://www.spywarewarrior.com/viewforum.php?f=5
> http://forums.spywareinfo.com/index.php?showforum=18
> http://forums.techguy.org/f54-s.html
> http://forums.tomcoyote.org/index.php?showforum=27
> http://forums.subratam.org/index.php?showforum=7
> http://www.5starsupport.com/ipboard/index.php?showforum=18
> http://aumha.net/viewforum.php?f=30
> http://makephpbb.com/phpbb/viewforum.php?f=2
> http://forums.techguy.org/54-security/
> http://forums.security-central.us/forumdisplay.php?f=13
>
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>



Posted by Beauregard T. Shagnasty on July 13, 2008, 4:45 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Spartacus wrote:

> If I would have "bothered to ask"??? Nice attitude Dave.

Posting HJT logs to Usenet pollutes the searching for the bits of
malware in your log. In fact, so many of you n00bs have posted logs, it
has become nearly impossible to use google group searches for anything
worthwhile any more.

> Who made you king of this site?

Site? <lol> This is not a site. It's Usenet.

Stop top-posting.

--
-bts
-Friends don't let friends drive Windows

Similar ThreadsPosted
Google warns on 'unsafe' websites August 8, 2006, 12:20 am
virus attack via penpal websites March 13, 2007, 2:29 pm
Not google April 23, 2007, 9:50 pm
google warning April 14, 2006, 11:40 pm
new one not referenced in google January 21, 2008, 10:51 am
Google Talk has a trojan in it! February 7, 2006, 3:47 pm
Google Images Hijacker? March 21, 2006, 1:46 am
Google Icon changed - Using IE7 January 14, 2008, 4:44 am
Free Virus Tools Here from Google October 13, 2007, 11:17 am
Virus Prevents me from going to google.com page June 7, 2008, 12:25 am

The site map in XML format XML site map

Contact Us | Privacy Policy