Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible reason (but no fix yet) for the Google redirect problem??


  • Please log in to reply
2 replies to this topic

#1 mistephenso

mistephenso

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 25 February 2010 - 12:27 PM

Hi All,

I am having similar problems to many other people, with random redirects from links in Google when do any searches.

While hunting around and trying to work out what was wrong, I found the following log file on my laptop - C:\debug.txt. It seems to have reconfigured my DNS settings to point to a DNS server in Ukraine!?
The file contains the following:

**********************************************
7988 MainPoint()
7988 ExeMain()
7988 C:\Users\MISTEP~1\AppData\Local\Temp\Xpp.exe
7988 C:\Windows\system32\spool\PRTPROCS\W32X86 84
7988 C:\Windows\system32\spool\PRTPROCS\W32X86\000075e8.tmp
7988 copy+fixup ok
1744 MainPoint()
1744 DllMain()
1744 DNSSERVERS: 93.188.164.114,93.188.166.25
1744 domain used: keynots.com
1744 6.0X4CEBF36D249150EE975321E84ACD9CBA;1;0 to http://keynots.com/k.php
1744 InternetPost
1744 InternetRequestCreate ok
1744 InternetPost end 0 12007
1744 driver getted
1744 C:\Windows\TEMP\00002c6e.sys
1744 a=00000004 status=c0000157
1744 driver loaded
1744 InitDriver()
1744 !!!patched affid: 1 MZ 1267021953
1744 !!!patched affid: 1
1744 ConfigureDriver() 4CEBF36D249150EE975321E84ACD9CBA \\?\globalroot\Device\Ide\iaStor0\umqcmpew\z00clicker.dll 67885416
1744 ConfigureDriver() 4CEBF36D249150EE975321E84ACD9CBA \\?\globalroot\Device\Ide\iaStor0\umqcmpew\config.ini
1744 date: 67885416
1744 domain used: keynots.com
1744 6.0X4CEBF36D249150EE975321E84ACD9CBA;1;1 to http://keynots.com/k.php
1744 InternetPost
1744 InternetRequestCreate ok
1744 InternetPost end 0 12007
1744 tumbao
1744 MainPoint()
7988 printer added
*******************************************

I certainly haven't changed my DNS settings and, even if I was going to, it wouldn't be to anywhere in Ukraine?! This is what ip2location.com says about the IP address:

93.188.164.114 UA UKRAINE - - PROMNET LTD

The problem still remains, even after resetting my DNS settings. So I'm not sure whether this is a red herring or not?? There is also likely to be other parts of the puzzle still on my computer - unfortunately, I cannot find any of the other files on my computer so things are probably hidden somewhere?

If anyone sees the same symptoms and has any idea where to go from here, it would be much appreciated. None of my Anti-Virus stuff picks up on any problems....

Many thanks,
M

Edited by Orange Blossom, 25 February 2010 - 05:12 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 lazatx

lazatx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 26 February 2010 - 12:04 AM

M,
I am seeing almost the exact same thing on my system. This is what my debug.txt looks like:

4156 MainPoint()
4156 ExeMain()
4156 C:\DOCUME~1\Jen\LOCALS~1\Temp\Atv.exe
4156 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ 84
4156 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\000014fa.tmp
4156 copy+fixup ok
1556 MainPoint()
1556 DllMain()
1556 DNSSERVERS: 93.188.163.218,93.188.166.92
1556 domain used: keynots.com
1556 5.1X4D08E33D6B635F23320A17434A26D3B1;1;0 to http://keynots.com/k.php
1556 InternetPost
1556 InternetRequestCreate ok


Still searching for more clues....

#3 lazatx

lazatx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 26 February 2010 - 06:32 PM

To follow up on this...I downloaded Hitman Pro 3.5 and it picked up a problem with my Windows\system32\drivers\atapi.sys file. It seems to have cleaned it and I (so far) am getting no more Google link redirections. However, I have blue screened twice since. I'm waiting on the next one to write down all the info.

lazatx




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users