How come my browser goes to different sites when I try to go to google.com?

by on July 11, 2010

Q: I believe I have the google/redirect virus and what is happening is that any time I click on a search result I am redirected to other sites. Once I hit the back button I am redirected again to site with the address http://traffic-updates.com/ my avg is not finding any malicious programs. I read online to try trend micro hijack this and then save the logfile. I did this but I don’t want to join any of these sites forums for fear that this was all a elaborate scheme to infect my computer to get me to join their forums. You guys helped me before so I decided to come here. I have the logfile “hijack this” if you need it. Your help is much appreciated.


6 Responses to “How come my browser goes to different sites when I try to go to google.com?”
  1.  

    Try running a Trend Micro on-line scan: http://housecall.trendmicro.com/

    AVG don’t pick up a lot of the spyware/malware stuff, I usually suggest people switch to Microsoft Security Essentials (free). So you might want to try that as well.

     
    •  

      I tried to run the housecall program and the same thing happened as the AVG program. it detected no threats. my browser will go to google but after i run a search, any result i click on is when i get redirected.

       
  2.  

    Try http://www.malwarebytes.org/ that has worked for others with the same problem.

     
  3.  

    Here is a copy of the logfile for trend micro Hijackthis

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 9:15:31 AM, on 7/10/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32svchost.exe
    C:Program FilesAVGAVG9avgchsvx.exe
    C:Program FilesAVGAVG9avgrsx.exe
    C:Program FilesAVGAVG9avgcsrvx.exe
    C:Program FilesLavasoftAd-Awareaawservice.exe
    C:WINDOWSsystem32LEXBCES.EXE
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSsystem32LEXPPS.EXE
    C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    C:Program FilesAVGAVG9avgwdsvc.exe
    C:Program FilesBonjourmDNSResponder.exe
    C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
    C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
    C:Program FilesJavajre6injqs.exe
    C:Program FilesCommon FilesLightScribeLSSrvc.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:WINDOWSsystem32svchost.exe
    C:Program FilesViewpointCommonViewpointService.exe
    C:Program FilesAVGAVG9avgnsx.exe
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32hkcmd.exe
    C:Program FilesAnalog DevicesCoresmax4pnp.exe
    C:Program FilesJavajre6injusched.exe
    C:Program FilesDealio ToolbarSearchSettings.exe
    C:PROGRA~1AVGAVG9avgtray.exe
    C:Program FilesCarboniteCarbonitePreinstaller.exe
    C:Program FilesiTunesiTunesHelper.exe
    C:WINDOWSsystem32ctfmon.exe
    C:WINDOWSSystem32svchost.exe
    C:Program FilesiPodiniPodService.exe
    C:Program FilesZuneZuneSetup.exe
    C:WINDOWSsystem32ZuneBusEnum.exe
    C:Program FilesZuneZuneLauncher.exe
    C:Program FilesNeroNero 7Nero StartSmartNeroStartSmart.exe
    C:Program FilesNeroNero 7Core
    ero.exe
    C:WINDOWSsystem32
    undll32.exe
    C:Program FilesSafariSafari.exe
    C:Program FilesInternet Exploreriexplore.exe
    C:Program FilesInternet Exploreriexplore.exe
    C:Program FilesuTorrentuTorrent.exe
    C:WINDOWSsystem32msiexec.exe
    C:Program FilesTrendMicroHiJackThisHiJackThis.exe
    C:Program FilesInternet Exploreriexplore.exe

    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R3 – URLSearchHook: AVG Security Toolbar BHO – {A3BC75A2-1F87-4686-AA43-5347D756017C} – C:Program FilesAVGAVG9ToolbarIEToolbar.dll
    R3 – URLSearchHook: (no name) – *{03402f96-3dc7-4285-bc50-9e81fefafe43} – (no file)
    R3 – URLSearchHook: (no name) – *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} – (no file)
    R3 – URLSearchHook: (no name) – *{EF99BD32-C1FB-11D2-892F-0090271D4F88} – (no file)
    R3 – URLSearchHook: (no name) – *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} – (no file)
    R3 – URLSearchHook: (no name) – {E312764E-7706-43F1-8DAB-FCDD2B1E416D} – C:Program FilesDealio ToolbarSearchSettings.dll
    O2 – BHO: Dealio Toolbar – {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} – C:Program FilesDealio ToolbarDealioToolbarIE.dll
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:Program FilesYahoo!CompanionInstallscpnyt.dll
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:Program FilesAVGAVG9avgssie.dll
    O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program FilesJavajre6inssv.dll
    O2 – BHO: AVG Security Toolbar BHO – {A3BC75A2-1F87-4686-AA43-5347D756017C} – C:Program FilesAVGAVG9ToolbarIEToolbar.dll
    O2 – BHO: Catcher Class – {ADECBED6-0366-4377-A739-E69DFBA04663} – C:Program FilesMoyeaFLV DownloaderMoyeaCth.dll
    O2 – BHO: AIM Toolbar Loader – {b0cda128-b425-4eef-a174-61a11ac5dbf8} – C:Program FilesAIM Toolbaraimtb.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:Program FilesJavajre6injp2ssv.dll
    O2 – BHO: (no name) – {E312764E-7706-43F1-8DAB-FCDD2B1E416D} – C:Program FilesDealio ToolbarSearchSettings.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:Program FilesYahoo!CompanionInstallscpnyt.dll
    O3 – Toolbar: AIM Toolbar – {61539ecd-cc67-4437-a03c-9aaccbd14326} – C:Program FilesAIM Toolbaraimtb.dll
    O3 – Toolbar: Dealio Toolbar – {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} – C:Program FilesDealio ToolbarDealioToolbarIE.dll
    O3 – Toolbar: AVG Security Toolbar – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – C:Program FilesAVGAVG9ToolbarIEToolbar.dll
    O4 – HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
    O4 – HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
    O4 – HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
    O4 – HKLM..Run: [SunJavaUpdateSched] “C:Program FilesJavajre6injusched.exe”
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
    O4 – HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    O4 – HKLM..Run: [SearchSettings] C:Program FilesDealio ToolbarSearchSettings.exe
    O4 – HKLM..Run: [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
    O4 – HKLM..Run: [CarboniteSetupLite] “C:Program FilesCarboniteCarbonitePreinstaller.exe” /preinstalled /showonfirst /reshowat=900
    O4 – HKLM..Run: [MaxMenuMgr] “C:Program FilesSeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe”
    O4 – HKLM..Run: [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime
    O4 – HKLM..Run: [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
    O4 – HKLM..Run: [Zune Launcher] “C:Program FilesZuneZuneLauncher.exe”
    O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    O4 – HKCU..Run: [AdobeUpdater6] “C:Program FilesCommon FilesAdobeUpdater6Adobe_Updater.exe”
    O4 – HKCU..Run: [f3c880a8-a04c-42a4-ac95-12791023e7b7_43] rundll32.exe “C:Documents and SettingsClarkApplication Data3c880a8-a04c-42a4-ac95-12791023e7b7_43.avi”, start
    O4 – HKCU..Run: [Uniblue RegistryBooster 2009] C:Program FilesUniblueRegistryBoosterRegistryBooster.exe /S
    O8 – Extra context menu item: &AIM Toolbar Search – C:Documents and SettingsAll UsersApplication DataAIM ToolbarieToolbar
    esourcesen-USlocalsearch.html
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
    O9 – Extra button: AIM Toolbar – {0b83c99c-1efa-4259-858f-bcb33e007a5b} – C:Program FilesAIM Toolbaraimtb.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
    O16 – DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) – http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231107372820
    O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) – http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1232490937_05916aa74cbb054bb96a4a1a4f7d8473&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:Program FilesAVGAVG9avgpp.dll
    O20 – Winlogon Notify: avgrsstarter – avgrsstx.dll (file missing)
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:WINDOWSsystem32rowseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:WINDOWSsystem32rowseui.dll
    O23 – Service: Lavasoft Ad-Aware Service (aawservice) – Lavasoft – C:Program FilesLavasoftAd-Awareaawservice.exe
    O23 – Service: Apple Mobile Device – Apple Inc. – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    O23 – Service: AVG Free WatchDog (avg9wd) – AVG Technologies CZ, s.r.o. – C:Program FilesAVGAVG9avgwdsvc.exe
    O23 – Service: Bonjour Service – Apple Inc. – C:Program FilesBonjourmDNSResponder.exe
    O23 – Service: Seagate Service (FreeAgentGoNext Service) – Seagate Technology LLC – C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
    O23 – Service: Intuit Update Service (IntuitUpdateService) – Intuit Inc. – C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
    O23 – Service: iPod Service – Apple Inc. – C:Program FilesiPodiniPodService.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:Program FilesJavajre6injqs.exe
    O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:WINDOWSsystem32LEXBCES.EXE
    O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:Program FilesCommon FilesLightScribeLSSrvc.exe
    O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – CACE Technologies – C:Program FilesWinPcap
    pcapd.exe
    O23 – Service: Viewpoint Manager Service – Viewpoint Corporation – C:Program FilesViewpointCommonViewpointService.exe


    End of file – 10983 bytes

     
  4.  

    I Tried running MalWare bytes and it found some trojans and other rootkits(at least it said it did) but i still get redirected when clicking on search results

     
  5.  

    I suggest having Hijack this fix all of the “URLSearchHook” entries that it found.

    I also suggest you uninstall AVG, and install Microsoft Security Essentials, and let it run a full scan. The free version of AVG doesn’t protect against Spyware/malware.