Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Web Links redirecting to strange URLs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Web Links redirecting to strange URLs

Unread postby dkooz » April 22nd, 2011, 2:37 pm

Hi,

Please help. I'd appreciate any assistance with the issues I've been having as of late. :(

DESCRIPTION:
I've been having most of my URL's redirecting to the wrong sites.
It doesn't matter whether I'm using IE, FF or Chrome... if I go to Google.com and conduct a simple search (i.e. beer), almost any link within the results page that I then click on will spawn a popup window to some random site the first time I click the Google link. If I go back and attempt to click the same link a second time, the expected URL comes up.
This has consistantly been happening now on every computer in my home (2 laptops and 1 desktop) for the past month now and I've run all kinds of virus and anti-malware programs with no success.

SAMPLE REDIRECT URL:
Here's is a sample URL I was able to copy before it redirected me:
hxxp://21677.131.filter.blendernetworks ... oPath.3%29

Here are the DDS and Attach output from running DDS.src

DDS & ATTACH OUTPUTS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dennis at 14:09:40.62 on 22/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.1979.1043 [GMT -4:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: BitDefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Dennis\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
uRun: [Google Update] "c:\users\dennis\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-16 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-16 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-16 656320]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2010-8-20 88144]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-4-16 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-4-16 31184]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-4-16 756680]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-6 1153368]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-3-24 43936]
R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2010-5-13 152528]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-8 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-11-29 535824]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-11-29 1066232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-16 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-16 1150936]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-11-30 307544]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-8 1343400]
.
=============== Created Last 30 ================
.
2011-04-22 18:03:39 -------- d-----w- c:\windows\system32\drivers\etc\old
2011-04-17 04:33:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-04-17 03:33:27 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-17 03:33:27 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-17 03:33:27 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-17 03:33:26 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-17 03:33:25 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-17 03:33:25 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-17 03:33:16 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-17 03:33:07 -------- d-----w- c:\users\dennis\appdata\roaming\PC Tools
2011-04-17 03:33:07 -------- d-----w- c:\program files\PC Tools Security
2011-04-17 03:33:07 -------- d-----w- c:\program files\common files\PC Tools
2011-04-17 03:33:07 -------- d-----w- c:\progra~2\PC Tools
2011-04-17 03:32:40 -------- d-----w- c:\users\dennis\appdata\local\Immunet
2011-04-17 03:32:40 -------- d-----w- c:\progra~2\Immunet
2011-04-17 03:32:24 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-04-17 03:31:59 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-04-17 03:31:45 -------- d-----w- c:\program files\Immunet Protect
2011-04-17 03:02:36 -------- d-----w- c:\program files\Araxis
2011-04-17 02:38:21 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-04-17 02:38:03 -------- d-----w- c:\windows\PCHEALTH
2011-04-17 02:38:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-17 02:37:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-04-17 02:37:04 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-04-17 02:36:43 -------- d-----w- c:\users\dennis\appdata\local\Microsoft Help
2011-04-17 02:32:59 -------- d-----w- c:\program files\Elaborate Bytes
2011-04-17 02:29:11 -------- d-----w- c:\program files\iTunes
2011-04-17 02:29:11 -------- d-----w- c:\program files\iPod
2011-04-16 21:01:30 -------- d-----w- C:\DOWNLOADS
2011-04-15 02:02:58 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 02:02:56 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 02:02:56 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 02:02:55 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 02:02:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 02:02:55 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 02:02:55 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 12:47:12 307784 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-04-10 21:17:19 -------- d-----w- c:\program files\Sophos
2011-04-10 19:58:23 -------- d-----w- c:\users\dennis\appdata\roaming\Malwarebytes
2011-04-10 19:56:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 19:56:11 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-10 19:56:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 19:56:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-10 15:14:11 -------- d-----w- c:\users\dennis\appdata\roaming\BitDefender
2011-04-10 15:14:06 -------- d-----w- c:\program files\BitDefender
2011-04-10 15:10:05 -------- d-----w- c:\users\dennis\appdata\roaming\QuickScan
2011-04-10 15:06:35 -------- d-----w- c:\program files\common files\BitDefender
2011-04-10 15:06:35 -------- d-----w- c:\progra~2\BitDefender
2011-04-10 15:06:32 73091 ----a-w- c:\progra~2\bdinstall.bin
2011-04-10 15:06:32 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-04-10 12:48:51 -------- d-----w- c:\users\dennis\appdata\local\LogMeIn
2011-04-10 12:48:51 -------- d-----w- c:\progra~2\LogMeIn
2011-04-09 08:25:42 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ef1f6f37-97b6-460b-b50a-f6affd7841a4}\mpengine.dll
2011-04-07 02:21:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-07 02:21:38 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-28 19:17:43 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-28 19:17:43 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-28 19:17:43 1074176 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll
2011-03-07 00:52:09 134512 ----a-w- c:\windows\system32\ElbyVCD.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-12 05:30:49 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 14:12:23.92 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 08/01/2011 5:55:13 PM
System Uptime: 22/04/2011 1:39:57 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-USB3
Processor: Intel(R) Core(TM) i5 CPU 670 @ 3.47GHz | Socket 1156 | 3459/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 119 GiB total, 46.353 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 14/04/2011 10:01:23 PM - Windows Update
RP44: 14/04/2011 10:46:47 PM - Windows Update
RP45: 16/04/2011 10:33:12 PM - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP46: 16/04/2011 10:36:30 PM - Installed Microsoft Office Professional Plus 2010
RP47: 16/04/2011 11:02:14 PM - Installed Araxis Merge
RP48: 16/04/2011 11:35:30 PM - Spyware Doctor: Cleaning Threats
RP49: 17/04/2011 12:33:10 AM - Windows Update
RP50: 17/04/2011 7:00:13 PM - Windows Backup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Araxis Merge
BitDefender Antivirus Pro 2011
Bonjour
Definition update for Microsoft Office 2010 (KB982726)
GOM Player
Google Chrome
Google Updater
ImgBurn
Immunet Protect
iTunes
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
NEC Electronics USB 3.0 Host Controller Driver
Picasa 3
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
runtime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Sophos Anti-Rootkit 1.5.4
Spybot - Search & Destroy
Spyware Doctor with AntiVirus 8.0
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VirtualCloneDrive
XBMC
.
==== Event Viewer Messages From Past Week ========
.
17/04/2011 7:03:21 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
16/04/2011 2:27:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
16/04/2011 2:01:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
16/04/2011 2:01:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
16/04/2011 2:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/04/2011 2:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/04/2011 2:01:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/04/2011 2:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/04/2011 2:01:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdfsfltr discache spldr Wanarpv6
16/04/2011 10:29:12 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
16/04/2011 10:28:12 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
16/04/2011 10:28:04 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

Thank you!!!!
dkooz
Last edited by Cypher on April 23rd, 2011, 1:23 pm, edited 1 time in total.
Reason: Disabled malicious URL
dkooz
Active Member
 
Posts: 2
Joined: April 22nd, 2011, 2:18 pm
Advertisement
Register to Remove

Re: Web Links redirecting to strange URLs

Unread postby askey127 » April 24th, 2011, 7:21 am

Hi dkooz,
------------------------------------------------
Before We Start
Please be aware that removing Malware is a potentially hazardous undertaking.
I will take care not to knowingly suggest courses of action that might damage your computer. However, it is impossible for me to foresee all interactions that may happen between your computer software and the tools we'll use to clear you of infection, so I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate taking your computer to a repair shop.
Because of this, I advise you to backup any important personal files and folders before you start.
------------------------------------------------
The Immediate Situation
You have multiple Antivirus programs running, so we are removing all but one.
You also have Spybot Search & Destroy, which needs to be temporarily removed so it won't block our corrections.
Please don't install, remove or scan with anything unless I ask, until we are through cleaning.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Immunet Protect
Sophos Anti-Rootkit 1.5.4
Spybot - Search & Destroy
Spyware Doctor with AntiVirus 8.0

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

So we will be looking for the contents of OTL.txt and Extras.txt from your desktop.
Also please tell me if you are connected to a router, and whether any other machines on the same router are having redirects.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Web Links redirecting to strange URLs

Unread postby askey127 » April 27th, 2011, 7:34 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware