Google Results Redirect to Spam Sites

Before we get started I'll just go ahead and say that I run Vista Ultimate x64 and use Firefox as my main browser.

Hello, my problem is nearly identical to that which was the topic of this thread. For about a month now whenever I do a Google search, the first result I click on takes me to some junk site such as clickbizsmart or something of the like. I have both a HijackThis log (after renaming my HJT executable to HJT.exe in order to try to circumvent any crafty worms) and a SilentRunners log.

So, without further ado, here are my logs and any help would be greatly appreciated

With the SilentRunners my post is too many characters so I'll put it below.

 

Here is the SilentRunners

 

Welcome to WindowsBBS VUPeng

First, my apologies for the long delay in a response.

Unfortunately, there are very few tools available to us that can properly report on a 64 bit system, but we'll try to muddle through to a resolution to your problem. Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Thanks

Here's the MBAM log (no restart was required)

And here's the new HJT

 

Please clear your temporary internet files and cookies for both IE and Firefox. Close all browser windows and re-open, then see if you're still getting redirects. If so, lets see if we can get a look at the 64 bit system32 folder and proceed with the following.

Click Start>Run and type or paste the following command then hit Enter

%windir%\system32

Find the file cmd.exe
Right Click on the cmd.exe and select Run as Administrator
Highlight and copy the following text, then right click and paste it into the command window

dir /a h /o:g-dn>dirchk.txt
start notepad dirchk.txt
exit
cls

Post the contents of dirchk.txt when it opens. It might be quite large and require splitting into several posts.

 

It seems to have worked. I'll post back here if it happens again but after a few trial searches they all went to the right links. Thanks so much.

 

I was wrong, I still get redirects. After going through the process to get the text file, this was all that was in it

When I try to get the text file again the command prompt says

 

My mistake. Try the following bolded text.

dir * /a h /o:g-dn >dirchk.txt
start notepad dirchk.txt
exit
cls

 

Much better, part 1

 

Part 2

 

Part 3

 

Part 4

 

Part 5

 

Part 6

 

Part 7 (last one)

 

I don't see anything suspect there. If you clear temps and cookies again, does it seem to fix the problem for a while? Lets see if anything gets picked up with an online scan. Please do an online scan with Kaspersky WebScanner

Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log here.

 

Yep, I'm infected with two viruses it seems.

 

My apologies for not getting back to you sooner ....... I've had some difficulties of my own here (partitioning tool catastrophy).

Appears one of the reported infections is a Firefox plug-in.

firebit@firebit

Did you install it? If so, it's likely safe and reported due to it's behavior rather than an actual infection.

The other resides in the C:\Windows\Temp folder. You can safely delete everything in that folder. In fact, you should also run disk cleanup to clean out all temp files.

Still wondering ..... if you clear temps and cookies again, does it seem to fix the problem for a while?

 

The delay is perfectly fine since I myself was out of town most of this week, having only recently arrived back to the problem computer. I uninstalled the plugin since I don't remember putting it there and couldn't figure out what it did. I also cleared the temp folder and ran Disk Cleanup.

I have no hard and fast way to test if the redirects are still occurring as I don't know a search term which always results in one. I can say that since the first page they have been occurring significantly less. Although this also could have to do with the fact that all last week I was using Google considerably less than usual.

 

This topic will remain open, so just post back once you've determined the outcome.