Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Most links redirecting to ads

18 Mar 2011   #1

Windows 7 Pro

So, this problem appeared a few days ago - firstly windows started alerting me that an application I didn't recognise was crashing every 5 minutes. A quick check and it turned out to be a (Pretty poorly coded if you ask me) trojan which kept crashing. MBAM swiftly removed it, however I've noticed that since then links keep redirecting me to ad sites and sometimes a new tab will just show up (Every site they've so far redirected to has either already been in, or I've immediately added the domain to my adblock definitions).

My browser is Firefox (3.6.15) I reinstalled the latest version and the problem remains.

I've checked my extensions for known advertising bots, but no sign of any. The only ones in there are my standard ones I personally installed, like adblock.

So far I've done full system scans with the following tools:

Spybot S&D
Microsoft Malicious software remover

All are fully updated to the latest version, all say my system is 100% clean.

I checked the HjT log myself but couldn't find any entries normally associated with this problem, anyone else care to see what I may have missed?

(As a side note, when I removed the trojan, my system restore history was deleted as an added precaution - which led to my woes yesterday with an infinite loop of bluescreens, caused by the kernel not liking something zonealarm had left behind when it was uninstalled)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:44:05, on 18/03/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe (Before you say anything - I need this to make my second monitor visible. It's too dark without the individual gamma boost this allows me to implement)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Washu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: desktop (1).ini
O10 - Unknown file in Winsock LSP: c:\windows\system32\msible.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A64CC60-EF60-4539-87A6-9125570B5318}: NameServer =,
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files (x86)\Online Armor\OAcat.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files (x86)\Online Armor\oasrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Users\Washu\Desktop\stuffses\00_ayria-flicker-2005-back-fwyh.jpg
O24 - Desktop Component 1: (no name) - C:\Users\Washu\Desktop\stuffses\00_ayria-flicker-2005-front-fwyh.jpg
End of file - 7661 bytes

My System SpecsSystem Spec
18 Mar 2011   #2

El Capitan / Windows 10

I suspect DNS poisoning. Sounds bad but easy to fix. First fix your hosts file %SystemRoot%\system32\drivers\etc\ and then check your Control Panel\Network and Internet\Network Connections looking for numeric IP addresses rather than automatic adresses.
My System SpecsSystem Spec
18 Mar 2011   #3

Windows 7 Pro

Hosts file was one of the first things I checked. Only the clean defaults for ipv4 and ipv6 are there. As for my ip configuration - for the LAN connection it's still set to the manual ip settings I set up for my network, for the internet one it's still on automatic, with my DNS set to Virgin's one (

Sorry, should have mentioned this in my original post. Only remembered to on my way to university. (Currently sitting in the reception on my laptop so any new suggestions will have to wait until I finish digesting this DNA and checking it for the gene I inserted)
My System SpecsSystem Spec

18 Mar 2011   #4

El Capitan / Windows 10

Quote   Quote: Originally Posted by Sunyavadin View Post
Hosts file was one of the first things I checked. Only the clean defaults for ipv4 and ipv6 are there. As for my ip configuration - it's still set to the manual ip and DNS settings I set up for my network.
Manual? Which DNS host are you using? They change policies frequently...

If you are using IE I suggest you to open start and type "in op" for internet options, click advanced tab and reset all.
My System SpecsSystem Spec
18 Mar 2011   #5

Windows 7 Pro

Odd, you didn't see my edit clarifying it even though it was 10 minutes before you posted your reply? (That said, I have auto reload every 5 mins enabled on firefox here and your response only just popped up - might be the fault of the choppy network I have here at Uni) - My LAN settings are all manual ip (, obviously), my net settings have manual DNS, and automatic ip.

As for your second question - No, I only use Microsoft Firefox Download Tool once, when I first install Windows. :P
My System SpecsSystem Spec
18 Mar 2011   #6

Windows 8.1 Pro RTM x64

Set your DNS servers to OpenDNS. There are 4 addresses to choose from, listed below:
My System SpecsSystem Spec
18 Mar 2011   #7

Windows 7 Pro

What? Virgin's DNS might be what's hijacked?
Well, as soon as I get home I'll try those ones out, see if we can rule out that, and let you know what happens.

For now I have an agarose gel to run, so I expect to be done by 2pm.

*Edit* Actually I can rule that out already, since every other system on my network has exactly the same DNS settings. And they are all fine.
My System SpecsSystem Spec
18 Mar 2011   #8

Windows 7 Ultimate X64 SP1

If your using Virgin Media's DNS I would highly recommend changing to OpenDNS anyway. Virgins DNS servers are ridiculously slow. You will see a massive improvement in response times.

Have you tried a different browser? I saw a similar case to this recently where only IE was infected, I installed FF, and that allowed me to track down the problem much quicker.

It will at least tell us whether you have a widespread problem, or whether it's more easily fixed.
My System SpecsSystem Spec
18 Mar 2011   #9

Windows 7 Pro

I've confirmed FF, IE and Chrome are all affected, confirming a more systemic problem.
And yeah, I'll make that DNS switch ASAP.
My System SpecsSystem Spec
18 Mar 2011   #10

Windows 7 Pro

Gah. Now it's doing it every time one of the pages on this forum finishes loading.

Also that opendns crap can go to hell. Slower than my regular DNS (As comppared using DNS Benchmark) and takes me to some stupid opendns search for the website every time I type any incomplete URL in. Not switching to something like that. I switched to firefox with google as my default fallback search back in the day to stop IE giving me that sort of pointless bollocks.

ANYWAY, distractions aside - conclusions so far are:

It's not a hijack of my hosts file.
It's not something any of my anti-malware software can find.
It's not a rogue Firefox extension.
It's something affecting all my browsing as a whole, not individual browsers.
It's not a hijack of my DNS settings.


UPDATE! Okay, beginning to suspect whatever it is is using Java. since it keeps turning itself on. Uninstalling Java temporarily to see if it fixes it.

*Edit 2*

I think I've got it! Another tool has located msible.dll - sounds like my culprit.
My System SpecsSystem Spec

 Most links redirecting to ads

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
links is missing when pasting text with links in any browser or office
Hi, When I'm copying text withe links from the web and trying to paste it, The links is missing. I try to paste it into word or excel, and in all kinds of html editors in all browsers but the links are still missing. only text is shown. Is anybody here knows how to fix it? Tx very much...
Browsers & Mail
Redirecting live mail
Live mail help please My icon says it is live mail. We want to redirect all our incoming mail to our sister park and i don't know how to do it. Could somebody talk me through this please. In a few months I will also have to reverse the process. I have read the forums and can see lots of...
Browsers & Mail
Clicking web links now redirecting me to survey and ad sites!
Last few weeks I've been viewing my normal web news or shopping pages and when I click on a link for more details or a news story, all of a sudden I'm switched to a survey site! This is happening 24/7 to me on every web site I visit. I've been keeping track of the addresses of these switched sites...
Browsers & Mail
Strange Problem IE redirecting links to Firefox
Hi, I am using IE8. Whenever I open some links in Internet explorer, it redirects the links to Firefox. For example, If I type www. vibhavram. com in IE address bar and press Enter, the site gets opened in another window in Firefox. It also opens a blank IE window. Please tell me what was...
Browsers & Mail
Redirecting Folders in 7
I want to move some of my program folders off of my system disk onto a raid 0 disk, for performance's sake. This was easier to do in past Windows OSs, not so much now. Any clues? I am using Windows 7 HP, and the installs do not offer a choice of directory. :cry:
Performance & Maintenance
Redirecting to Directory Sites
I have an issue when browsing in Google. When selecting results, I often get redirected to or a directory site. Norton is running, I have cleared all browsing history but stll this problem persits. It seems there is some sort of malware running that redirects my IE pages which is not...
Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:34.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App