Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: google redirects

25 Nov 2010   #11

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86

Quote   Quote: Originally Posted by Bubbayoshi View Post
no idea about the ip address
No idea???? Are you on a networked computer? Is there anything about your computer which is different from my old, poor standalone machine sitting in the corner? If not then why is that entry there?

Heres what you can do. Backup your hosts file to another location, then edit it in notepad so its identical to the one I posted and let that be the hosts file on your hdd. Let us know.

My System SpecsSystem Spec
25 Nov 2010   #12

Windows 7 Home Premium 64bit SP 1

sometimes i connect it to my school's network
My System SpecsSystem Spec
25 Nov 2010   #13

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86

Look I'm not the greatest in this area, but that hosts file looks suspicious to me. It should at least have a localhost entry, so I repeat, back it up somewhere, then edit the file to default, save and see whether you connect properly.

Also that ip address, why is it in the 169 range? Check your own ip address, in command prompt type ipconfig, hit Enter, is it 192... or 169...?
My System SpecsSystem Spec

26 Nov 2010   #14

Windows 7 Home Premium 64bit SP 1

ran ipconfig, said my IPv4 was a 192. bubbayoshi-pc is how my laptop shows up on the school network, now that i think about it
My System SpecsSystem Spec
28 Nov 2010   #15

Windows 7 Professional x64

I've helped 4 people with the Google redirect virus thing .. they were all on XP 32bit, so I don't know it'll work for W7 x32 or x64. I tried everything, and nothing seemed to detect it or fix it .. until I found ComboFix from bleepingcomputer, and it cleared it right up.
My System SpecsSystem Spec
28 Nov 2010   #16

Windows 7 Professional 64bit

I fixed this on a friends computer. You need to download "rkill" and run it in safe mode. Do not restart the computer, while still in safe mode run MBAM.
He had a virus/malware called "Antivirus8", this was on Windows XP however.
My System SpecsSystem Spec
28 Nov 2010   #17

Windows 7 Home Premium 32bit.

Be careful using Combofix

It will reset the host file but this is safer

Can you please download HostsXpert from
Run it. When it opens, click on the Restore Original Hosts button and then exit HostsXpert.
This will reset your host file back to the default one,
My System SpecsSystem Spec
29 Nov 2010   #18

Windows 7 Pro 32bit

A HOSTS file reset may not work.

I have been having the exact same problems as Bubbayoshi for the last four days now.
It all started just after my wife noticed that "whitesmoke translator" crap was installed on our computer in the background. She removed the program successfully and ran virus and spyware scans to be sure she got it all (at that point nothing else was found by the scans). After removing "whitesmoke translator" IE would not open at all when clicking the shortcut or trying to run the program by going to the run command and entering "iexplore.exe".
I installed Google chrome and Firefox, both gave me the same issue, they would not open at all.
I went and manually updated MBAM and Nod32 (I have the paid version of both) so they were on the latest signature database versions and ran both again. I found some scraps of an "anti malware doctor" infection with MBAM and seven infected registry entries from Java with Nod32. I removed all of those and now my web browsers will load properly but every time I use Google to search anything on IE, Chrome, and Firefox I am redirected to "cr0zybaner .com" when I click on any search result.

I dug around for a VERY long time and created a custom block list for PeerBlock containing all of the IPs associated with "cr0zybaner .com" AND its affiliated companies and web sites thinking that if I block traffic all together to those IPS and have it blocked in my HOSTS file I could get around the redirect. That was my problem, I was thinking (and now my head really hurts).

I have tried everything in this thread and most things in other threads and nothing has worked. The last thing I tried was suggested on another forum.
I went to***********/hosts.htm and followed all the instructions there for completely replacing the HOSTS file, I even added the entry " cr0zybaner. com" to the HOSTS file so it would be completely blocked as suggested and all I get is "page cannot be displayed" (which is a step up from being completely redirected to the site) when clicking on a result in Google search.

I ran hijack this and did not see anything out of the ordinary, I recognize everything in the report as being normal for my computer but I will include the report for your review in case I have missed something.
I have had varying degrees of this problem on my network. So far I have a custom build Windows XP Home desktop that I was able to (as far as I can tell) fix the problem completely on, an Acer Aspire One netbook that I ended up reformatting because it was so bad off anyways, an Acer Aspire 5000 laptop that does not seem to have been effected at all, and the main computer (the one that I am currently having the most problems on) a custom build Windows 7 Pro desktop.
Just to recap:
1) I ran MBAM and Nod32 (both completely up to date and the paid versions); no infections found pertaining to this issue.
2) I completely reset IE (which was successful but did not fix the issue).
3) On the “Google Redirect Virus Removal - How to Manually Remove Google Redirect Virus” I followed all the steps again (I had pretty much gone through all that before checking online for a solution to this issue)
4) On the “Google Redirect virus walkthrough” I used the “Windows Malicious Software Removal Tool November 2010” and it came up completely clean.
5) Currently I am running the “A-squared” software recommended on the Google Redirect virus walkthrough(with beta updates on the off chance a beta signature database would at least find the problem so I would know where to go next).
6) Completely replaced the HOSTS file, adding " cr0zybaner. com" to the file as suggested here:

I do not mean to sound so long winded, I am just hoping that if I list absolutely everything I have done that someone will be able to suggest something I have missed or possibly narrow down the list of things that could be done next.
At this point I am tempted to format reload and just be done with this but I am hoping that I can find a good solution to this problem since it seems to be more prevalent as the months go by and I work with computers as a business (at the very least I would be able to provide a proper solution to customers experiencing the same issue).
I greatly appreciate any help or suggestions anyone can offer.
My System SpecsSystem Spec
29 Nov 2010   #19

Windows 7 Pro 32bit

Sorry, forgot to include the Hijack This log in my previous post.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:17:39 PM, on 11/28/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\AASP\1.01.02\aaCenter.exe
C:\Program Files\RealVNC\VNC4\vncclipboard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\WebScout Toolbar\tbcore3.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: WebScout Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\WebScout Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Users\owner\AppData\Local\Temp\E_S159D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
End of file - 7492 bytes
My System SpecsSystem Spec
29 Nov 2010   #20

Windows 7 Home Premium 32bit.

Can you please download and run this TDSSKiller.exe

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

Let us know if it finds anything,
My System SpecsSystem Spec

 google redirects

Thread Tools

Similar help and support threads
Thread Forum
Google redirects to Google Belgium
Hi! I have some trouble connecting to Google right now. First of all, after I opened Google Chrome, normally a new tab will open, as well as the Google logo with the search box. But this time, it's Google Belgium. Whenever I search something, then it will search on Google Belgium. I encounter this...
Network & Sharing
Strange google redirects.
Recently i've noticed that when i open google and enter my search in the bar and press enter, the results show up but the URL of the page is really weird. normally it is when i click on one of the results, they open up normally, but when i...
System Security
Facebook redirects
I get this every now and then, just with Facebook, no other web site. I use Chrome. Just now I tried to go to Facebook and was directed to Stock Market Not sure what this is. I've found that clearing temp data doesn't help. I use: ipconfig /flushdns ipconfig /release ipconfig /renew
Browsers & Mail
WARNING: Redirects from RLSLOG
I'm a active user of and have just been redirected to a site containing the 'Personal Antivirus' fake AV looking malware. Do not browse http://**** unless you have adequate security features installed Here a pic of the page I was redirected to The site then acts as...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:18.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App