My Google links keep getting directed

By Calinks
Mar 22, 2009
Topic Status:
Not open for further replies.
  1. I've ran a bunch of programs but nothing seems to fix this. Here are my logs. My google links still get re-directed. This seems to be a common problem with a lot of people as of late. Thanks for the help!
  2. touch

    touch Newcomer, in training Posts: 978

    Hello Calinks

    That´s odd, both malwarebyte and superantispyware log´s looks clean, and nothing suspicious in hijackthis log.

    I´ll therefore suggest we dig deeper ->

    Please download http://oldtimer.geekstogo.com/OTViewIt.exe
    by OldTimer to your desktop.

    Double click on the OTViewIt.exe icon on your desktop.
    Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.

    Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.

    OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized


    Copy and Paste the logs into your next reply.
  3. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    Thank you for the help. Here are the results, I couldn't copy and past them because they were too long so I added them as attachments.

    Attached Files:

  4. touch

    touch Newcomer, in training Posts: 978

    My bad about the copy and paste line, sorry.


    Download The Avenger by Swandog46 from http://swandog46.geekstogo.com/avenger2/download.php.
    Unzip/extract it to a folder on your desktop.
    Double click on avenger.exe to run The Avenger.
    ·Click OK.
    ·Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
    ·Copy all of the text in the below Quotebox to the clibpboard by highlighting it and then pressing Ctrl+C.



    In the avenger window, click the Paste Script from Clipboard icon, button.
    Click the Execute button.

    You will be asked Are you sure you want to execute the current script?.
    Click Yes.

    You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
    Click Yes.

    Your PC will now be rebooted.

    ·Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
    If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.


    ·After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

    Please attach Avenger log. And tell if you still are getting redirected ?
  5. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    Ok I did this. I clicked around for about 10 links and things looked good but then I got redirected. I clicked about 8 more and it happened again so it is still happening but it seems to do so less frequently.

    Attached Files:

  6. touch

    touch Newcomer, in training Posts: 978

    Ok. We´ll dig deeper then.

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any


    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    When finished, it will produce a logfile located at C:\combofix.txt.

    Attach the contents of that log in your next reply.
  7. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    Alrighty. I ran combo and here is the log. Thanks.
  8. touch

    touch Newcomer, in training Posts: 978

    . Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report, as attached file.
  9. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    I'm trying to drag and drop the pad into the combo fix icon but it wont go in. It just starts up the combo fix program. My icon does not look the same as the one in the gif however. Mine has like a lions head on it or something, kind of like the thunder cats. It's not a circle with a big X in the middle.
  10. touch

    touch Newcomer, in training Posts: 978

    Ok. Then I suggest you have avenger to remove them -



    As decscribed here:
    4 Days Ago 03:56 AM
  11. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    Ok when you say Avenger are you refering to this program?

    http://swandog46.geekstogo.com/avenger.zip

    If so I have pasted the text in there but it says that I am missing a proper command? Not sure whats going on. Thanks for the help.
  12. touch

    touch Newcomer, in training Posts: 978

    My bad. I should have provided you a proper instruction ->

    Download The Avenger by Swandog46 from http://swandog46.geekstogo.com/avenger2/download.php.
    Unzip/extract it to a folder on your desktop.
    Double click on avenger.exe to run The Avenger.
    Click OK.

    (if you still have avenger exe on your desktop, there is no need to download avenger again)

    Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
    Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    ·

    In the avenger window, click the Paste Script from Clipboard icon, button.
    Click the Execute button.
    You will be asked Are you sure you want to execute the current script?.
    Click Yes.

    You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
    Click Yes.
    Your PC will now be rebooted.

    Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
    ·If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.

    After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

    Please attach Avenger log.
  13. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    No problem on the lack of instructions, I'm sure with all the post you have to review and everything sometimes things will be forgotten. I appreciate all the help.

    Here is my log.
     
  14. touch

    touch Newcomer, in training Posts: 978

    You´re right, thank you for understanding :)

    I´ll hope, after avenger have removed the files, you don´t are getting redirected more ?
  15. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    I have clicked around for about 5 minutes and although it doesn't seem to be nearly as bad I have been redirected a few times. A could of time I went to a blank page that said Google unidentified or something like that.
  16. touch

    touch Newcomer, in training Posts: 978

    That´s odd :rolleyes:

    Rightclick on hijackthis, and rename it hjt exe.

    Please attach fresh hijackthis log.
  17. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    Yea, it's strange though because it does seem better but shouldn't the problem be all or nothing? Maybe there is more than one virus or program doing this? Who knows. Anyway here is the new log.
  18. touch

    touch Newcomer, in training Posts: 978

    It looks clean. Please update SUPERAntiSpyware, and run a complete systemscan

    Then ->

    Download http://eric.71.mespages.googlepages.com/LopSD.exe
    by Eric_71 and save it to your desktop.
    Lop S&D will only run on Windows XP and Windows Vista

    Double-click LopSD.exe

    Choose the language by typing of the corresponding letter and press Enter
    Click OK at the informative window
    Type 2 to choose Option 2 (Fix + Hosts), then press Enter
    Wait until the end of the scan have finished

    A report will be generated, attach the contents of it in your next reply, along with Superantispyware log.
  19. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    Done and done, here are the results.

    Attached Files:

  20. touch

    touch Newcomer, in training Posts: 978

    "I'm sorry, but we do not support piracy. Due to the fact that your LopSd logfile clearly shows you have at least one known crack/keygen, we will not help you.

    This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

    Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

    When you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer, and download new infections .
  21. Calinks

    Calinks Newcomer, in training Topic Starter Posts: 28

    I see. So perhaps if I find these files and delete them this problem may be resolved? I hope so. Thank you for everything you had done and thank you for helping me as much as you could. I'm very grateful, you guys do a great service!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.