system
1
I would appreciate some help.
I have encountered 2 different occurrences of hijacking, http://ad-emea.doubleclick.net when I attempt to open a Google search sponsored link and http://clk.atdmt.com when I attempt to open a link from within a Microsoft site. I have run MalwareBytes but this doesn’t show anything. I have therefore run OLT and I attach the log although there appears to be only one log.
Does this happen in all browsers ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]
:OTL
[2012/10/18 23:11:38 | 000,000,868 | ---- | C] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012/10/18 23:11:38 | 000,000,870 | ---- | C] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
:Files
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download Junkware Removal Tool to your desktop.
[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.
system
3
Thanks very much for your help. I hadn’t thought of trying a different browser until you suggested it. In the event, I tried Chrome and the results were the same as IE.
I ran the fix but on rebooting a message appeared saying Intel Services Manager had hit a problem. I attach a screen shot of this message. Despite this the machine appeared to load OK. I then ran the scan and the subsequent log of this is attached. I also ran JRT and this log is attached. I haven’t yet tested to see whether the hijacking has been cleared. Is it OK to do this now?
Yes please check now for redirects… Has the Intel popup appeared again ?
system
5
I’ve turned the machine on and off a number of times and the Intel message has not appeared again.
Unfortunately, however, both of the redirects still persist.
They are both ad servers running from the links could you post a link or two that exhibit this behaviour
system
7
The first is following a Google search for the Co-op Electrical site. The search page shows a sponsored link for the site but when I click on it the url is changed to
http://ad-emea.doubleclick.net/clk;265732994;91492082;v;u=ds&sv1=3732290373&sv2=2013102293&sv3=227701;%3Fhttp://www.coopelectricalshop.co.uk/?gclid=CLquhIrjqroCFXMRtAode1EAJw&gclsrc=aw.ds
The second is from the page http://www.microsoft.com/en-gb/default.aspx. When I click on the “Introducing Surface 2 and Surface Pro 2” link it gives the url http://clk.atdmt.com/MRT/go/467168558/direct/01/
In both cases, the urls give a blank screen, possibly because the pop up blocker stops it.
The first link takes me to the co-ops main electrical page and the second to Microsoft surface store I think your adblocker is stopping the page fully loading from the site
What adblocker do you use
system
9
I use AdFender. I therefore had a look at it as I was going to close it down and test again. One of the options it gives in the Control Panel is to inspect and delete cookies. Both of these redirectors were there so I deleted them. That seems to have cleared the problem and I can now go straight to the Co-op and Microsoft pages. However, before I made my original post I ran CCleaner to get rid of all cookies in case this was contributing to the problem. Somehow these redirecting ones managed to remain.
Hopefully that is an end to the problem. Let me thank you for all of your time and assistance.
No problem, run OTL and press the cleanup button to remove it