Google Search redirects me to unrelated sites

July 24, 2011 at 11:19:03
Specs: Windows 7, AMD V120 / 2 Gigs
The past few days, my Google searches have been randomly redirecting me to completely unrelated sites. I have taken the following steps already:

-Uninstalled Google Chrome + Mozilla Firefox, run CCCleaner / removed other leftover items, and reinstalled. Problem persists.
-Scanned with Nod32, nothing.
-Run Kaspersky VRT [Safe Mode, Deep Scan / Deep Rootkit], found 2 infections and removed. Problem still persists.
-Nothing out of the ordinary on HJT.

Help? -_-


See More: Google Search redirects me to unrelated sites

July 24, 2011 at 13:38:12

Do you have the results of the KVRT?

It would be helpful if you posted them.

Then, try the following:

Please download TDSSKiller

Save it to the Desktop.

Be sure to temporarily disable all AntiVirus/AntiSpyware software, while these steps are being completed, to keep these programs from interfering with the repairs.
This can normally be done by right clicking the software's Taskbar icon, or accessing each software through Start - Programs.
Some tips if needed:

Now, right-click the file, and select: Run As Administrator
Click the 'Start Scan' button.

Do not use the computer during the scan

If the scan completes with nothing found, click Close to exit.

When the scan finishes it displays a Scan results screen stating whether or not an infection was found on your computer.

To remove the infection, click on the Continue button.
If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button.

Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

Reboot to finish the cleaning process.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller. is created and saved to the root directory (usually Local Disk C:).

>>Please provide the contents of TDSSKiller in your reply.<<

Now, download iExplore.exe, which is a renamed copy of RKill:

[If the file does not download, paste the following, >without the brackets<, in the address bar of your browser:

Save the file to the Desktop

Right-click and select: Run as Administrator

Ignore any messages, and allow the file to run until the command window closes.
If you have problems running RKill, download any of the other renamed versions of RKill from its download page.

Without a reboot, download Malwarebytes’ Anti-Malware (black button with green and white icon) :

Save to the Desktop

Right-click mbam-setup.exe and select: Run as Administrator

Follow the prompts to install the program.

Run Malwarfebytes’ AntiMalware and update the program.

Once updated, select Perform Full Scan and click the 'Scan' button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the 'Remove Selected' button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.

>>Please post the >Malwarebytes log< in your reply.<<

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 24, 2011 at 16:41:10
Good "and" bad news, I suppose. Everything is coming up clean [Safe Mode w/ Networking], but the redirect is still happening.

Anything else I might be able to try that I haven't done yet?

Report •

July 24, 2011 at 17:09:14

Let's see if this one nails 'whatever' is causing the redirections...

Please download ComboFix:

Save ComboFix.exe to your Desktop!!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of CF.

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:

Now, right-click on ComboFix.exe and select: Run as Administrator
Follow the prompts.

Make sure you skip the Recovery Console part since you are running Vista or Windows 7.

Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Since this report can also be quite large, please go to the Uploading website:

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the RU report, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link', and provide it in your reply.


1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Retired - Doin' Dis, Dat, and slapping malware.

Report •
Related Solutions

Ask Question