google redirected links

[gregnewjersey]

Ok I am at the end of my rope and admitting that I need help from people who know much more than I do.

When I do a google search and click on one of the links, a new window opens and it takes me somewhere that I don't want to go. Some of the websites it takes me to are epoclick, google analytics, or some advertisement.

I have tried spybot, mbam, and hijack this. none of them have been able to clean out this bug. I will be enormously appreciative to anyone who would be willing to help me with this. Below is the hijack this log.

What do you need me to do?

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 7:19:05 PM, on 10/20/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Boot mode: Normal

Running processes:

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WTablet\TabUserW.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\greg iacullo\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKCU\..\Run: [Google Update] "C:\Users\greg iacullo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--

End of file - 6166 bytes

[Haider]

Hello gregnewjersey:

Please read and follow this pinned item Please DO NOT POST LOGS HERE

[gregnewjersey]

Hello gregnewjersey:

Please read and follow this pinned item Please DO NOT POST LOGS HERE

ok. thanks for sharing the rules with me. I'm on it.

[Firefox]

Hello and

This could be that your DNS settings are hijacked.

Please provide following details, so that someone may be able to assist you:

• 1. OS version including 32/64-bit
  2. Installed Security Product(s) including Firewall
  3. MBAM version (current 1.46) (Free or Pro Version)
  4. Definition version (current 5075)
  5. Do you use a router to connect to Internet
  

[gregnewjersey]

Hello and

This could be that your DNS settings are hijacked.

Please provide following details, so that someone may be able to assist you:

• 1. OS version including 32/64-bit
  2. Installed Security Product(s) including Firewall
  3. MBAM version (current 1.46) (Free or Pro Version)
  4. Definition version (current 5075)
  5. Do you use a router to connect to Internet
  

OK. I have

1. windows vista

2. wireless network secured with wpa tkip (is that what you asked for?)

3. mbam 1.46 free

4. database version 4052

5. have a cable modem and wireless router

[Firefox]

#2 means what antivirus software or firewall software do you use.....

Your malwarebytes is quite out of date, have you tried updating it?

If you can not update it it could be becasue your router is hijacked. While resetting it, it may be a good idea to plug your computer directly to the router so that you can reconfigure it using a CAT5 wire. I recommend you reset your router back to factory settings by holding down the reset button for at least 10 seconds. After that you will have to change the password and reconfigure your wireless settings.

If the above steps do not work, then you will have to seek help from the experts in the HJT section.

Let me know how it goes.....

[gregnewjersey]

#2 means what antivirus software or firewall software do you use.....

Your malwarebytes is quite out of date, have you tried updating it?

If you can not update it it could be becasue your router is hijacked. While resetting it, it may be a good idea to plug your computer directly to the router so that you can reconfigure it using a CAT5 wire. I recommend you reset your router back to factory settings by holding down the reset button for at least 10 seconds. After that you will have to change the password and reconfigure your wireless settings.

If the above steps do not work, then you will have to seek help from the experts in the HJT section.

Let me know how it goes.....

Ok, I'll try resetting router. I've never done it before but it doesn't sound too hard. And no, I was unable to update malwarebytes because of an error message that kept popping up.

Maybe the problem is the router because the other 2 pcs in my house are suffering from this same problem. I'll let you know

[Firefox]

if that is the case then more than likely it is the router.....

PS: Please use the "ADDREPLY" button instead of other ones when you start replying.

[gregnewjersey]

I reset the router earlier. So far their have been no redirects but I am still testing things out.

If this solves the problem, then I thank you very much FireFox. You have done a good thing for me and my family.

If the problem persists, I'll be back, but thank you anyway.

[noknojon]

Hi -

You are always welcome to list your problem and someone will try to help you -

Thanks for visiting -

[Firefox]

Well I hope that has fixed your issue..... if not come back and we can try other things....

BTW.... You are quite welcome.....

[John A]

Also suggest putting a strong admin password in your router.

I reset the router earlier. [snip]

[noknojon]

Hi John A -

Are your problems better now ??

[John A]

Hi Noknojon

No problems now thanks. The help from this forum is appreciated!

Hi John A -

Are your problems better now ??

[John A]

.... I should add that the Skype IP blocks became less frequent over a few days then stopped.

[noknojon]

Good result - Glad we could be of some help -

Catch you Later -