Google Search Result Redirect

[JRBerg]

Help me please I am at an absolute loss, for some reason, whenever I search using google, and I click the link of a result, I find myself being redirected to a random site using a "jump" tag in the tab listing. If you backtrack to the google search page where the results were listed and click the link again, once again you are redirected. On the third try, it will work the way it's supposed to and direct you to the desired page. However, this is only with the main google search feature, I never receive a redirect with an image search. Help me please!

-Jason

 

[1988monty]

I am not ready to throw in the owel on this yet.

Seems other people have had luck fixing it.

Any other suggestions?

 

[pechenegs]

do a ctr/alt/del and in taskmanager stop these processes if running.

VTAgentReboot.exe

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.


O4 - Global Startup: VTAgentReboot.exe


now find this file and delete it!


VTAgentReboot.exe


Because XP will not always show you hidden files and folders by default,
Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden
files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View
tab and make sure that "Show hidden files and folders" is checked. Also
uncheck "Hide protected operating system files" and "Hide extensions for
known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"



Download AVG Anti-Spyware

http://www.ewido.net/en/

* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the
screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select
"Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"


Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that
later in safe mode.






* Click here to download ATF Cleaner by Atribune and save it to your
desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
* Click Exit on the Main menu to close the program.


* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:





Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs while AVG is scanning
as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on
"Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little
time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all
actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen
and save it to a text file on your system (make sure to remember where you
saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.


Note: this is a stand alone, it doesn't install to start/programmes.

Download Mwav,

http://www.spywareinfo.dk/download/mwav.exe

double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on
mwavscan
to launch the programme.

Use the defaults of:

Memory
startup folders
Registry
system folders
services

Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.

Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.



Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.



Post a new hijack this, the Mwav scan log and the AVg antispware log!




Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[1988monty]

Here is the latest...........

Could not get AVG to run in Safemode, came up with an error "This application has failed to start because engine.dll was not found"

So I went online and downloaded engine.dll and saved it to my desktop (i don't know where else to put it) treid again and then I had the same error but now with tierO.dll not found, did the same thing downloaded that and tried again now it was vstdlib.dll that was not found, downloaded it and tried again, lastly it was steam.dll that was not found, downloaded that and then got the error "Entry point not found- The procedure entry point getsignature count could not be located in the dysnamic library link engine.dll"
Of course to do all of this I had to switch back and forth between safemode and regular mode so I could get on the internet.

I ran kaspersky and this is the info from that:

File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\083C0000\4E3D6E8A.VBN infected by "Exploit.HTML.IframeBof" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\096C0001.VBN infected by "Trojan.Java.ClassLoader.i" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\SKJ\.housecall\Quarantine\90.tmp.bac_a03588 infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\SKJ\.housecall\Quarantine\pk.exe.bac_a03588 infected by "Trojan.Win32.LowZones.an" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\SKJ\.housecall6.6\Quarantine\90.tmp.bac_a03588 infected by "Trojan-Downloader.Win32.WinShow.be" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\SKJ\.housecall6.6\Quarantine\pk.exe.bac_a03588 infected by "Trojan.Win32.LowZones.an" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\SKJ\Desktop\SmitfraudFix\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\SKJ\Desktop\SmitfraudFix.zip tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\SKJ\Desktop\Yiota's School work\Y's limewire\Y's Music\Greek\01 ?? µ?? ?e? a?t??.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\Desktop\Yiota's School work\Y's limewire\Y's Music\Greek\????? ??????-??G? ??G?.mp3 infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\01 Sß?se ???a?? t' ast???a.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\03 G?a s??a?e f?ß?µa?.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\04 Ta µe ??µ?sa?.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\05 ????st? ???µ?.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\06 ?a?aµp????a.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\08 ?a??de?? µe.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\10 St? µpa????? t?? ????.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\11 ??? ???? ?a? ???assa.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\13 ?? s??e???e??.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\14 ??s????? d??µ??.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\15 ?a??d?????a p????? (??e???? & ??e.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\16 ???? ?a???a?????.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\19 ???ßat?.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\SKJ\My Documents\My Music\iTunes\iTunes Music\Compilations\As milisoun ta tragoudia\20 ????µa?.m4a infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.


Sat Jul 07 12:28:56 2007 => ***** Scanning complete. *****

Sat Jul 07 12:28:56 2007 => Total Number of Files Scanned: 141441
Sat Jul 07 12:28:56 2007 => Total Number of Virus(es) Found: 24
Sat Jul 07 12:28:56 2007 => Total Number of Disinfected Files: 0
Sat Jul 07 12:28:56 2007 => Total Number of Files Renamed: 17
Sat Jul 07 12:28:56 2007 => Total Number of Deleted Files: 5
Sat Jul 07 12:28:56 2007 => Total Number of Errors: 78
Sat Jul 07 12:28:56 2007 => Time Elapsed: 02:10:07
Sat Jul 07 12:28:56 2007 => Virus Database Date: 2007/05/13
Sat Jul 07 12:28:56 2007 => Virus Database Count: 318294

Sat Jul 07 12:28:56 2007 => Scan Completed.



Also latest hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 12:42:59 PM, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\SKJ\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://sympatico.msn.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) -

https://portal.quakerone.com/nps/po...gadgets.shortcut.ShortcutGadget/LocalExec.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) -

http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181348601515

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) -

http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) -

http://asp.mathxl.com/books/_Players/MathPlayer.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

I am going to uninstall AVG and re-install it and try again.

Hopefully something starts to work here soon.

Thanks for all the help so far.

 

[pechenegs]

Yes, and try and run it in normla mode if it won't scna in safe mode!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars