Google links taking me to random pages

Posted 11/28/2013 11:23 AM
#96251
User avatar

Landonech Valued member

Date Joined Nov 2016
Total Posts: 13
I go to google.com and search for something. Click the link I want. Sometimes, it's fine, link works and there is no issue. Other times it takes me to random pages, the most common of which is an ATTACK REPORT page. Another example is a link off of youtube that took me to the url www.youtube.tursted.net. <br/> <br/>Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 3:21:33 AM, on 11/28/2013 <br/>Platform: Windows 7 SP1 (WinNT 6.00.3505) <br/>MSIE: Internet Explorer v11.0 (11.00.9600.16428) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Users\Jobie\AppData\Roaming\Search Protection\SearchProtection.exe <br/>C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe <br/>C:\Users\Jobie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe <br/>C:\Users\Jobie\AppData\Roaming\uTorrent\uTorrent.exe <br/>C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe <br/>C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe <br/>C:\Users\Jobie\AppData\Local\DIRECTV Player\NDSPCShowServer.exe <br/>C:\Program Files (x86)\Mozilla Firefox\firefox.exe <br/>C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe <br/>C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe <br/>C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe <br/>C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe <br/>C:\Windows\SysWOW64\DllHost.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll <br/>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) <br/>O2 - BHO: MyWordTool - {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Jobie\AppData\Roaming\MyWordTool\temp.dat <br/>O2 - BHO: PETN - {71D79ECF-FF1E-463E-A8F0-FD9235732E91} - C:\Users\Jobie\AppData\Local\TidyNetwork\petn.dll <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll <br/>O4 - HKLM\..\Run: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart <br/>O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart <br/>O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe <br/>O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin <br/>O4 - HKCU\..\Run: [SearchProtection] "C:\Users\Jobie\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart <br/>O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe <br/>O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Jobie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" <br/>O4 - HKCU\..\Run: [uTorrent] "C:\Users\Jobie\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED <br/>O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - (no file) (HKCU) <br/>O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - (no file) (HKCU) <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics <br/>O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - <br/>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) <br/>O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll <br/>O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) <br/>O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) <br/>O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe <br/>O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe <br/>O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) <br/>O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) <br/> <br/>-- <br/>End of file - 10110 bytes <br/> <br/> <br/>P.S. Two previous issues I may have not wrapped up thread wise because I remedied them myself via combofix. Regardless, I am not on that system anymore.
Posted 11/29/2013 8:31 PM
#96256
User avatar

Advanced member

Download and run ADWcleaner from here: http://www.bleepingcomputer.com/download/adwcleaner/ <br/>Scan > Clean > OK > OK (computer will restart). <br/> <br/>Let us know if that fixes the issue.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/29/2013 11:40 PM
#96260
User avatar

Landonech Valued member

Date Joined Nov 2016
Total Posts: 13
I just ran the AdwCleaner, scanned, cleaned, and restarted. Thank you for the prompt response. This is the report on startup: <br/> <br/># AdwCleaner v3.013 - Report created 29/11/2013 at 15:20:41 <br/># Updated 24/11/2013 by Xplode <br/># Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) <br/># Username : Jobie - HAL-9000 <br/># Running from : C:\Users\Jobie\Downloads\AdwCleaner.exe <br/># Option : Clean <br/> <br/>***** [ Services ] ***** <br/> <br/> <br/>***** [ Files / Folders ] ***** <br/> <br/>Folder Deleted : C:\ProgramData\Babylon <br/>Folder Deleted : C:\Program Files (x86)\1ClickDownload <br/>Folder Deleted : C:\Program Files (x86)\Conduit <br/>Folder Deleted : C:\Program Files (x86)\DealPly <br/>Folder Deleted : C:\Program Files (x86)\goforfiles <br/>Folder Deleted : C:\Program Files (x86)\Gophoto.it <br/>Folder Deleted : C:\Users\Jobie\AppData\Local\Bundled software uninstaller <br/>Folder Deleted : C:\Users\Jobie\AppData\Local\Conduit <br/>Folder Deleted : C:\Users\Jobie\AppData\Local\TidyNetwork <br/>Folder Deleted : C:\Users\Jobie\AppData\Local\Temp\TempDir <br/>Folder Deleted : C:\Users\Jobie\AppData\LocalLow\Conduit <br/>Folder Deleted : C:\Users\Jobie\AppData\Roaming\goforfiles <br/>Folder Deleted : C:\Users\Jobie\AppData\Roaming\Search Protection <br/>Folder Deleted : C:\Users\Jobie\AppData\Roaming\Mozilla\Firefox\Profiles\e165bewp.default\ConduitCommon <br/>Folder Deleted : C:\Users\Jobie\AppData\Roaming\Mozilla\Firefox\Profiles\e165bewp.default\StumbleUpon <br/>Folder Deleted : C:\Users\Jobie\AppData\Roaming\Mozilla\Firefox\Profiles\e165bewp.default\Extensions\tidynetwork@tidynetwork <br/>File Deleted : C:\END <br/>File Deleted : C:\Users\Jobie\AppData\Roaming\Mozilla\Firefox\Profiles\e165bewp.default\invalidprefs.js <br/>File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml <br/>File Deleted : C:\Users\Jobie\AppData\Roaming\Mozilla\Firefox\Profiles\e165bewp.default\user.js <br/>File Deleted : C:\Windows\Tasks\Dealply.job <br/>File Deleted : C:\Windows\System32\Tasks\Dealply <br/> <br/>***** [ Shortcuts ] ***** <br/> <br/> <br/>***** [ Registry ] ***** <br/> <br/>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh <br/>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp <br/>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje <br/>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk <br/>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL <br/>Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32 <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe <br/>Key Deleted : HKCU\Software\5b538dd0e534eb10 <br/>Key Deleted : HKLM\SOFTWARE\5b538dd0e534eb10 <br/>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} <br/>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} <br/>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} <br/>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} <br/>Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <br/>Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} <br/>Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} <br/>Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593} <br/>Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693} <br/>Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <br/>Key Deleted : HKCU\Software\BI <br/>Key Deleted : HKCU\Software\IM <br/>Key Deleted : HKCU\Software\wecarereminder <br/>Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} <br/>Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider <br/>Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} <br/>Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} <br/>Key Deleted : HKLM\Software\AVG Secure Search <br/>Key Deleted : HKLM\Software\Babylon <br/>Key Deleted : HKLM\Software\Conduit <br/>Key Deleted : HKLM\Software\DataMngr <br/>Key Deleted : HKLM\Software\Updater By Sweetpacks <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller <br/>Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks <br/> <br/>***** [ Browsers ] ***** <br/> <br/>-\\ Internet Explorer v11.0.9600.16428 <br/> <br/> <br/>-\\ Mozilla Firefox v25.0.1 (en-US) <br/> <br/>[ File : C:\Users\Jobie\AppData\Roaming\Mozilla\Firefox\Profiles\e165bewp.default\prefs.js ] <br/> <br/>Line Deleted : user_pref("extensions.BabylonToolbar.admin", false); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.id", "0ec9a87a000000000000904ce53b63de"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15658"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=0ec9a87a000000000000904ce53b63de&q="); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); <br/>Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:12:34"); <br/>Line Deleted : user_pref("extensions.claro.admin", false); <br/>Line Deleted : user_pref("extensions.claro.aflt", "babsst"); <br/>Line Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); <br/>Line Deleted : user_pref("extensions.claro.dfltLng", "en"); <br/>Line Deleted : user_pref("extensions.claro.excTlbr", false); <br/>Line Deleted : user_pref("extensions.claro.id", "0ec9a87a000000000000904ce53b63de"); <br/>Line Deleted : user_pref("extensions.claro.instlDay", "15658"); <br/>Line Deleted : user_pref("extensions.claro.instlRef", "sst"); <br/>Line Deleted : user_pref("extensions.claro.prdct", "claro"); <br/>Line Deleted : user_pref("extensions.claro.prtnrId", "claro"); <br/>Line Deleted : user_pref("extensions.claro.tlbrId", "claro"); <br/>Line Deleted : user_pref("extensions.claro.tlbrSrchUrl", ""); <br/>Line Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10"); <br/>Line Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10"); <br/>Line Deleted : user_pref("extensions.claro_i.smplGrp", "none"); <br/>Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:28:42"); <br/> <br/>-\\ Google Chrome v <br/> <br/>[ File : C:\Users\Jobie\AppData\Local\Google\Chrome\User Data\Default\preferences ] <br/> <br/> <br/>************************* <br/> <br/>AdwCleaner[R0].txt - [10979 octets] - [29/11/2013 15:16:52] <br/>AdwCleaner[S0].txt - [10702 octets] - [29/11/2013 15:20:41] <br/> <br/>########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10763 octets] ########## <br/> <br/>//End of Report <br/> <br/>It seems to be working; but after startup I opened Mozilla, went to Google, entered some random search terms and some of the links still take me to ATTACK REPORT or UPDATE PLUGINS pages (among others, but again, these are the most common.) I then closed and restarted Mozilla and tried the whole process again and to my surprise I was able to follow every link on the first page to its promised destination. So, it seems to me that something is still amiss. Let me know if you need more information from me for further fixing. <br/> <br/>~L
Posted 11/30/2013 7:44 AM
#96261
User avatar

Advanced member

Try to reset Mozilla https://support.mozilla.org/ro/kb/reset-preferences-fix-problems <br/> <br/>Also, make sure to run a full virus scan. I do not see you having an active antivirus program in the logs, but I do see AVG 2012, so if it's still working, run a scan with it. <br/> <br/>Oh, and STAY AWAY FROM TOOLBARS, please!
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 9, 2016, 6:28 PM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,969 registered members. Please welcome our newest member, Heisenberg.
There are currently no users on-line.