Google Re-direct

July 4, 2009 at 16:11:27
Specs: Windows XP, built\ddr
Please help. I have contracted Google re-direct and can't shake it. I ran Malware bytes, ran Ccleaner, run Avira all the time. Nada, nada, nada, it's driving me crazy. I can't Google, and ther is something fundamentally wrong with that fact.

See More: Google Re-direct

Report •

July 4, 2009 at 16:37:04
Does it happen in all the web browsers? What site does it redirect too?

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 5, 2009 at 13:18:24
Yeah, I only run firefox. I don't even have IE anymore. I got rid of it out of desperation, however it was re-directing me as well.
It is directing me to sites such as Toseeka, Overclick, as well as various Antivirus sites. it routes me through various sites to get me to these, and the site logo by the adress bar always changes to a little green globe.
Also It doesn't redirect me every time i click a link, just most of the time.

Report •

July 5, 2009 at 13:44:33
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) House cleaning. Run full Scan with SuperAntispyware : . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Related Solutions

July 7, 2009 at 09:40:08
Malware didn't find anything new here's the log.
Malwarebytes' Anti-Malware 1.38
Database version: 2386
Windows 5.1.2600 Service Pack 2

7/7/2009 10:41:21 AM
mbam-log-2009-07-07 (10-41-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157697
Time elapsed: 40 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

My S.A.spy log had more to say. I've removed everything listed here, but I am still experiencing redirects. Here is the log.

File threats detected : 40

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@accounts.digsby[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.techguy[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-ushumanesociety.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-viacom.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@lfstmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\[1].txt
C:\Documents and Settings\Owner\Cookies\owner@smartadserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@uclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt

Report •

July 7, 2009 at 09:45:13
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

ExecuteAVUpdateEx( '', 1, '','','');

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called inside. Upload that file to and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Report •

July 7, 2009 at 12:02:34
running dds next

Report •

July 7, 2009 at 12:07:55
Follow these steps in order numbered:

1) Download GMER:
[This version will download a randomly named file (Recommended).]

2) Disconnect from the Internet and close all running programs.

3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.

7) Now click the Scan button. If you see a rootkit warning window, click OK.

8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it Post the download link to the uploaded file in your post.

9) Exit GMER and re-enable all active protection when done.

Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Report •

July 7, 2009 at 12:20:47
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

SearchRootkit(true, true);

2) After reboot execute following script in AVZ:


A file called should be created in C:\. Upload that file to and Private message me download link.

PS: Also post Response Number 8 log.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 7, 2009 at 12:47:20
file name:nr21kj9i

Report •

July 7, 2009 at 12:57:26
Are you still getting redirected?

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 7, 2009 at 13:00:36
I am indeed. I have now noticed however, if I am quick and click the link before the page has completely loaded, then i do not get re-directed; but otherwise yes i am still experiencing the same problem.

Report •

July 7, 2009 at 13:06:19
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #1

1) Ensure all Firefox windows are closed.

2) To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

3) When prompted to run the scan, click Yes.

4) GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 7, 2009 at 13:19:54
GooredFix by jpshortstuff (03.07.09)
Log created at 15:18 on 07/07/2009 (Tristan)
Firefox version 3.5 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:34 04/07/2009]

(Key not found)


Report •

July 7, 2009 at 13:20:53
Still redirecting, sorry.

Report •

July 7, 2009 at 13:44:44
Redo Response Number 5 and generate new set of logs.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Report •

July 7, 2009 at 15:20:36
Download OTL to your Desktop

1) Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted (for Vista, right click the icon and Run as Administrator).

2) When the window appears, underneath Output at the top change it to Standard Output.

3) Click the "Scan All Users" checkbox.

4) In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".

5) Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

i) When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.

ii) Upload both the files to and post download links.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Ask Question