Internet Explorer search results are being redirected

Hi

I am having a problem with Internet Explorer, and in particular: Google.
When I go to Google and type in what I’m searching for, the results display correctly but when I click to view one of the search results link, it redirects to another 'search' page. Sometimes it even goes to EBay search. Luckily, it doesn't happen very often, but is it annoying and I want any Virus or Malware removed from my computer. Attached I have my Logfile from Hijackthis, Malwarebytes' Anti-Malware and SUPERAntiSpyware.

Any help would be greatly appreciated

Thanks!

Logs show you caught some nasties. Try running the ESET On-Line Scanner:
Scanner
See if it picks up anything else

Hi

Thank you for the tip!

This is what was found:
C:\Documents and Settings\YOUR NAME HERE\My Documents\No More MSN Viruses\msupdate32.exe.back
IRC/SdBot trojan
cleaned by deleting - quarantined

But... I still have the problem, is there anything else I can do or try to fix this?

Thanks in advanced!

Can anyone help me with this?

Check out Combofix

What happens if you try using another search engine ?

Since you did not get any help originally and 2 weeks have past, please repeat the 3 scans-with this exception-
You have run a Beta version of HijackThis.Please remove the log and go HERE to download the correct version.

Do not run any other scanning program until I instruct you to do so. Do not run the Eset online scan and do not run Combofix.

Attach the 3 logs to your next reply.

FYI:

This is not consistent with a malware-caused redirect.

Tmagic, stay off of the thread.

"Tmagic, stay off of the thread"....

Booobye, I started helping this member before my surgery. I just thought I would continue because you were not around. I can't view the logs, I only have the use of one hand typing at this point

You did not help this member. Please stay off of the thread.

Hi Bobbye,
Thank you for your reply!
Attached are my recent logs.

Spatzile,
from the looks of the logs, and from the fact that you are still being redirected, Combofix may be needed in your future... to finally correct your problem

Spatzile, I don't see any malware entries on any of the logs- as I mentioned, you description of the problem is not the usual 'redirect'.

So I have a comment and some questions:

I notice you are running the following. Is it possible that any of the components of this could be responsible for sending you to another site?

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

http://office.microsoft.com/en-us/groove/HA101656331033.aspx

When malware causes the redirection, it should be happening on all of the searches. So it isn't possible for you to search effectively- it's not just annoyance.

I'd like you to run the Eset scan again: Please note my emphasis on NOT checking for removal of any items found.

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Attach the log to your next reply.

Since you question a Google Redirect, I'd like you to describe what's happening:
1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
2. Does a different site load?
3. Does any site load?
4. Are the sites the same/different?
5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?

Bobbeye, I was having almost the exact same problem, so I'd like to share what I did that FINALLY fixed it. I'll let you advise this guy on what to do...I am not trying to hijack your thread.

I installed the latest version of Java, and deleted the older versions under Control Panel>Programs and Features.

However, I didn't know I had to delete them from Firefox's Extensions...Tools>Add Ons>Extensions tab

Once I deleted the older versions of Java Console I am left only with v6.0.18, and everything is smooth as silk. It was an immediate fix after Firefox was restarted, and it hasn't returned.

Hope that helps!

Thank you. It's an unusual fix, but worth trying if nothing else works.

Hi Bobbye,

Sorry for the late reply.

Attached I have the log from the Eset scan.

In regards to the Groove System Services being related to the problem - I wouldn't have an idea as I haven't used this application before.

This is what I have just done:
1. I typed 'computer problems' into google.
2. I clicked on the first search result that appeard. The webstite stated below was 'pcsupport.about.com'
3. I opened the link but instead of the intended website i get: 'http://www.reimage.com/index.php?tracking=gk&banner=AUNZ&adgroup=computer1&ads_name=direct&keyword=direct'
4. If i click back and re-click the link it opens to the correct website.

Let's try it with another search -

1. I type in 'latest news' into the google search engine.
2. I open the first link from this website: www.news.com.au
3. When I open it though it come with this website: 'http://www.upliftsearch.com/?keyword=latest%20news&aid=1419&cid=1071&subid=12704' <----- This website i get redirected to quite frequently.

Here is another search I just did:
1. I typed in 'australia day' into google
2. I click on the link for this website: www.australiaday.org.au
3. I get reidrected to: http://www.upliftsearch.com/?keyword=australia day&aid=1419&cid=1071&subid=12704 <-- The same one as last time!


--- Some days it is like today, every search comes redirected but other days none get redirected.---

I hope this is the information you need to fix it

Thank you!

By the way Groove is MS Office's collaboration tool/service.

Which version of IE you are using?

Also do you have Google as being default search engine (added) in IE (if its 7 or above)? If not try adding it again from here.

May be that will help

Hi Archean,

I am using Internet Explorer 8 and I have Google as my default search engine.

Thank you for trying to help!

Welcome; i suggested that because i've seen similar but less chronic issue; however, on that occasion simply removing google search addon from IE and reinstalling it was sufficient to cure it.

Thank you, I'll keep that in mind. First i'll see what Bobbye says though.

Spatzile, you did some nice troubleshooting- thank you!

Are you up for an adventure? If so, give this a try:

Open Internet Options (through Control Panel or Tools in IE)> Security tab> Restricted sites> Sites> type in each of the following, then click on Add:

*.searchnext.com
*.aroundme.com
*.upliftsearch.com
*.xml.upliftad.com
*.my.compete.com

Then click on Apply> OK.
The * acts as a Wild card for anything before the Domain name. I took a trip around the internet starting with your redirected site. In the world of bad sites, none of what I found were of the 'bad' types that some redirects can be.

I'd like to see if restricting the Domains will stop your problem. You seem adventuresome, so let's give it a try! If it doesn't work, we'll

As for Grove, it is either downloaded as a stand alone program or can be added to MS Office. Since it is running a Protocol, if you aren't using it, I suggest either uninstalling or disabling.

And a tip about searching: I know you were purposely checking the redirect, but keep in mind that using such broad terms can cause problems. When I do a Google Search, I occasionally get a RoadRunner search page telling me there are no matches. I don't consider this a redirect and it doesn't happen often.

It's possible that your broad search terms are causing a similar thing with the Australia ISP. See what the Restrictions do. along with more specific search terms.