Google Redircts AGAIN

Hi

I had this same problem not even 12 months ago and for some reason it back AGAIN. It is driving me insane. Below are the links from the last threads.

http://forums.majorgeeks.com/showthread.php?t=246478


http://forums.majorgeeks.com/showthread.php?t=247010


I will attach the new logs that I did in Vista and Win 7 Malware Removal/Cleaning Procedure.

 

Hey

Yeah IE

 

I am downloading IE9 now, hopefully this fixes it.

In my last thread, I should everything that I was told to do, whatever the google redirect was, did go away but came back whenever I restarted the computer. Eventually it went away and I left it, but now its back. I havent download any huge file games in a while as I was hesitatant from the google redirect last time.

 

oh and I changed virus protector from that silly titanium one to now Norton 360

 

Ok im still getting redirects

 

still redirects

 

Yes still with you, sorry stopped using the computer as the redirects are driving me insane.

Whenever I try googling something anything, and then follow a link within google, I will then be redirected to another completely different site. This will happen every time and redirects me 3 times before going to the actually site im after. Sometimes it redirects me to unsafe sites that my norton will stop thank god.

 

Ive uploaded the logs but I never got the extra.txt from OTL only the OTL.txt

 

ok thanks, is there something really wrong with my comp?

 

I tried exactly what you asked with by passing the router and reset router, both still had redirects. Is it bad using a DNS server?

 

logs attached below

 

This log is both incomplete and is from an old version of TDSSKiller.
As previously advised, please download and run the latest version here. - v2.7.28.0

 

Ok new log, hopefully this is completed.

Also still getting redirects

 

The log you keep attaching is from running an old version of TDSSKiller.
In order for us to be thorough we need you to complete a scan using the latest version of TDSSKiller.

It is also supposed to be run with the parameters requested here: TDSSkiller - How to run

 

Ok ill try again, but I am clicking on the link provided and running scan through that so not sure why its using the wrong version.

 

When clicking on the link provided for the new version of TDS Killer, once downloaded, it will go straight to "choose program to open" then wont work???

 

I'm not sure I understand the question. Please rephrase it.

 

When I click on the TDSKiller link that you have provided, it downloads but once downloaded and I try to run the program, it opens up with a dialog box asking to pick a program to open TDSKiller, if I cancel the box then it saves on my desktop as a blank file

 

the only version I can get to work on my computer is 2.7.31.0

 

Please scan with this one then. Refer back to TDSSkiller - How to run if you need help

 

Ok I have attached the log

 

This log looks clean. Please PM me the link you are being redirected to.

 

I received the links, thank you.

Please follow these instructions:

http://img805.imageshack.us/img805/9659/rktigzy.gif Please download RogueKiller to your desktop.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
When it is finished, there will be a log on your desktop called: RKreport[1].txt
Attach RKreport[1].txt to your next message. (How to attach)

__

http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  /md5start
  acpi.sys
  Wdf01000.sys
  /md5stop
  %windir%\system32\drivers\*.sys /lockedfiles
  %windir%\*.* /mp
  %windir%\*.* /rp
  %windir%\*.* /sl
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

logs below

 

I think I found the culprit but let me know how the system runs after you run this fix.

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:processes[/COLOR]
killallprocesses
[COLOR="DarkRed"]:otl[/COLOR]
IE - HKU\S-1-5-21-2631899679-1180466060-1752027397-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=AU&ver=5
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com.au/cabs/QOLCheck.ocx (QOLCheck Control)
[2012/04/08 10:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012/04/08 10:30:11 | 001,667,264 | ---- | C] (W3i, LLC) -- C:\Program Files (x86)\FreeFileViewer2011Setup.exe
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:090FB735
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C6EBC69
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DF01DCBC
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C82210DD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:274516E7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A4BF246C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6B86037F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:89C2A42C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:D2A5A561
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:98DFF516
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:3A6BC948
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:A11AE118
[COLOR="DarkRed"]:commands[/COLOR]
[resethosts]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

 

Wow yay finally the google redirects are gone, but my computer is running slower and same with the internet, would that just be because it needs a general clean out?
I have attached the log below.

Thank you so much for helping, but will it come back again like it has happened before? Is there anything I can do before posting a new thread if it does come back?

THANK YOU :-D

 

I'm glad to hear that.
It could be slow due to other reasons. See: Slow Computer/browser? Check Here First; It May Not Be Malware

You're welcome.
It shouldn't come back but the problem was never taken care of in your previous thread.

Just go through the Fixing Google Redirection/hijacking and other redirection problems thread.

My pleasure

__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe