1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Active] Google Links Redirected

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by JLP9576, Jan 22, 2010.

  1. JLP9576

    JLP9576 Techie7 New Member

    It looks like I'm having the same problem as many others when clicking on google search links and being redirected to something totally different than what I searched. Please let me know if you need anything else. Also, I purchased the Sheild Deluxe which didn't correct the problem. Thank you. Below is my hijackthis page.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:34:29 PM, on 1/22/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    C:\Program Files (x86)\LimeWire\LimeWire.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    Personalized Start Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.

    html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    Yahoo! UK & Ireland
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Tattoodle

    {1053F84C-FAF6-4ef6-9B05-4389C51B6937}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    Yahoo! UK & Ireland
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.

    html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    Yahoo! UK & Ireland
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    Yahoo! UK & Ireland
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64

    \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files

    (x86)\iWin\tbiWi0.dll
    R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} -

    C:\Program Files (x86)\SGPSA\mtwb3sh.dll (file missing)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {0171DC18-63C9-42CF-9B78-72D3AE8F160d} - C:\Windows\SysWow64

    \drprov32.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

    Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)

    \Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files

    (x86)\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program

    Files (x86)\SGPSA\SearchAssistant.dll (file missing)
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files

    (x86)\iWin Games\iWinGamesHookIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

    C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files (x86)

    \Hotbar\bin\11.0.78.0\HostIE.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

    Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

    C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)

    \iWin\tbiWi0.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -

    C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files

    (x86)\SGPSA\BHO.dll (file missing)
    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)

    \Fast Browser Search\IE\FBStoolbar.dll (file missing)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program

    Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program

    Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files

    (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)

    \iWin\tbiWi0.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files

    (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} -

    C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll (file missing)
    O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files (x86)

    \Hotbar\bin\11.0.78.0\HostIE.dll (file missing)
    O3 - Toolbar: The Shield Deluxe 2010 Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} -

    "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEToolbar.dll" (file

    missing)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program

    Files (x86)\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0

    \Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)

    \Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

    /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

    oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

    /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2

    \Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google

    Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files

    (x86)\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2

    \MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

    Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O13 - Gopher Prefix:
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -

    file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

    http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

    http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

    http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -

    http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) -

    http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -

    file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

    http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\Windows\System32\dnssd32.dll,C:\Windows\System32

    \gpapi32.dll,C:\Windows\System32\dot3gpclnt32.dll,C:\Windows\System32

    \hbaapi32.dll,C:\Windows\System32\dot3ui32.dll,C:\Windows\System32

    \hlink32.dll,C:\Windows\System32\dus11bvpb32.dll,C:\Windows\System32

    \br3sk6hbvwhq92f32.dll,C:\Windows\System32\5kz02qhw32.dll,C:\Windows\System32

    \hfow99cpku32.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -

    C:\Windows\System32\alg.exe (file missing)
    O23 - Service: The Shield Deluxe Arrakis Server (Arrakis3) - BitDefender S.R.L.

    Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\The Shield Deluxe\The Shield

    Deluxe Arrakis Server\bin\arrakis3.exe
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe

    (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)

    \TOSHIBA\ConfigFree\CFProcSRVC.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)

    \TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file

    missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA

    Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1c9bbe07d938ca0) (gupdate1c9bbe07d938ca0) -

    Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)

    \Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files

    (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. -

    C:\Program Files (x86)\Jumpstart\jswpsapi.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file

    missing)
    O23 - Service: The Shield Deluxe Desktop Update Service (LIVESRV) - PCSecurityShield -

    C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

    (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner -

    C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program

    Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner -

    C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital

    Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home

    9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)

    \Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio

    Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files

    (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner -

    C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

    C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity

    Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner -

    C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program

    Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner -

    C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner -

    C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program

    Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner -

    C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program

    Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)

    \Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program

    Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -

    C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program

    Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -

    C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -

    C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: The Shield Deluxe Virus Shield (VSSERV) - PCSecurityShield - C:\Program

    Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown

    owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc)

    - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe

    (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!

    \SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16096 bytes
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, disable "word wrap" in Notepad and repost the log.
    Currently, it's not readable.

    Which browser is getting redirected?