Over 1 million tech questions and answers.

Bing search redirect

Q: Bing search redirect

Hi all, my computer appears to be infected with a redirect virus. When I perform a search on Bing and click a link my browser gets redirected to a site I didn't choose. I'm operating Windows Vista with Microsoft Security Essentials. I ran Malwarebytes and AdAware and neither program found anything. Below is my DDS log and I've attached the Attach and GMER logs as requested. If you need any other info please ask. Thank you!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by office depot at 14:10:43.35 on Tue 04/12/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.668 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\office depot\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\office~1\appdata\roaming\mozilla\firefox\profiles\jrgmowgk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {133455E1-90EB-4B30-8BCD-6585585BE594} - c:\users\office depot\appdata\local\{133455E1-90EB-4B30-8BCD-6585585BE594}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-20 64512]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsld05f94af;MpKsld05f94af;c:\programdata\microsoft\microsoft antimalware\definition updates\{5a87940d-9fe8-41a8-86c9-1b83720a298b}\MpKsld05f94af.sys [2011-4-12 28752]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-25 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-16 1753048]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-16 15232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-12 18:28:52 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{5a87940d-9fe8-41a8-86c9-1b83720a298b}\MpKsld05f94af.sys
2011-04-11 20:24:11 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{5a87940d-9fe8-41a8-86c9-1b83720a298b}\mpengine.dll
2011-04-06 17:15:47 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{da4cec24-5dc6-478d-b59b-f2cac45576af}\gapaengine.dll
2011-04-05 04:04:56 -------- d-----w- c:\users\office~1\appdata\roaming\SUPERAntiSpyware.com
2011-04-05 04:04:56 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-04-05 04:04:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-25 15:23:31 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-23 02:31:45 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 02:31:45 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 02:31:44 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-21 05:11:11 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-21 03:57:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-21 03:57:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-21 03:54:33 -------- d-----w- c:\users\office~1\appdata\local\Sunbelt Software
2011-03-21 02:34:53 -------- dc-h--w- c:\progra~2\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-03-21 02:34:07 -------- d-----w- c:\program files\Lavasoft
.
==================== Find3M ====================
.
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 14:12:34.49 ===============

RELEVANCY SCORE 200
Preferred Solution: Bing search redirect

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Bing search redirect

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________GooredFixPlease download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).NEXT:Rootkit UnHooker (RkU)Please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.Click the Report tab, then click Scan.Check Drivers, Stealth, and uncheck the rest.Click OK.Wait until it's finished and then go to File > Save Report.Save the report to your Desktop.Copy and paste the contents of the report into your next reply.-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".NEXT:Running OTLWe need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedNEXT:Please provide an update on how things are running in your next reply.

Read other 28 answers
RELEVANCY SCORE 70

Within days I have been getting redirects to sales sites when I use Bing on Firefox. Does not occur with Google, nor on IE with Bing or Google, nor on aol with Bing or Google. Only redirects when using Bing on Firefox. I have read some previous posts and have downloaded the couple things it says to start, but did not want to go any further without your approval. Here is the first from RKUnhookerLE which says I'm clear. At anyone's say so I can run the next thing but wanted to make sure I wasn't missing anything. Thank you for your time looking at this for me.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0C4000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF633D000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1470464 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF32B000 C:\... Read more

A:redirect from Firefox using Bing search only

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 8 answers
RELEVANCY SCORE 70

Hi - I have been trying to get rid of this thing myself by looking and copying the steps in various threads and finally decided that it is beyond my capabilities to do myself. I used Malwarebytes Antimalware and AdAware to try to delete it but was unsuccessful. I have Symantec Antivirus on my computer but it did not catch it. In all cases, the various programs did find something to remove and I thought it would take care of it, but it did not.

I may have some other virus as well but I am not sure as the Norton Antivirus no longer reports anything. However, things are still running slow and the machine locks up from time to time.

At any rate, thanks in advance for the help - I am so glad that you folks are out there to help people like me.
Here is my DDS.txt file.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Poki at 19:58:49.51 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.105 [GMT -8:00]
.
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
s... Read more

A:Bing search redirect virus + others ?

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

Read other 14 answers
RELEVANCY SCORE 70

I started encountering redirects from Bing search results. This does not occur very time, but about 50% of the time. Then I've started experiencing various svchost consuming all CPU after about 10 minutes of a reboot causing everything to freeze up. The PC also reboots every so often for no reason. Here is the DDS information:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by John at 20:24:06 on 2013-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5619.3367 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* /SlimCut 2
SP: Windows Defender *Disabled/Updated* /SlimCut 1
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* /SlimCut 0
FW: McAfee Firewall *Enabled* START Hide Column 9
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files ... Read more

A:Bing Search Results Redirect

Hello, and welcome to TSF. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
Please reply within 3 days. If I do not hear back from you in that time fra... Read more

Read other 19 answers
RELEVANCY SCORE 69.2

UPDATE 3/28: Tried a Google and Bing search today, and none of the links appear covered by redirects. Before receiving instruction not to make any changes to my system, I ran another Anti-Malware scan. The results:Memory Modules Infected:c:\Users\Michael\AppData\Local\Temp\ftpgent.dll (Trojan.Agent) -> Delete on reboot.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PkgMtend (Trojan.Agent) -> Value: PkgMtend -> Quarantined and deleted successfully.Files Infected:c:\Users\Michael\AppData\Local\Temp\ftpgent.dll (Trojan.Agent) -> Delete on rebootI am not sure if this will completely erradicate the problem, logs from DDS and GMER (pre-antimalware removal) below:Hello,As of yesterday when I search using Google and Bing I am redirected to various sites when attempting to follow links. The redirect links affect most, but not all of the search results. I am running Windows Vista Home Premium, Firefox version 3.6.16. I have run Malwarebytes Anti-malware, which found three malicious files yesterday, 1 Trojan.Agent and 2 Trojan.Dropper. I deleted these files and restarted. I have also run a full scan using McAfee, which registered and deleted 3 trojans. I am pretty much a novice at most of this stuff, but I can follow directions well. Any help is greatly appreciated.Regards,Mike DDS log:.DDS (Ver_11-03-05.01) - NTFSx86 Run by Michael at 15:4... Read more

A:Search engine redirect (Google, Bing)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 69.2

Hi,
I am getting redirected from Google and Bing seach results page to random unrelated pages.
Avast! is giving a message that there is a rootkit detected on startup at C:\\WINDOWS\system32\drivers\disk.sys but is unable to resolve the issue.
I have access to the XP reinstall disc that came with the computer.
Thank you in advance for your assistance.
Cindy
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Cindy at 20:50:16.54 on Fri 04/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.531 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
... Read more

A:Google and Bing search engine redirect

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a... Read more

Read other 9 answers
RELEVANCY SCORE 69.2

Good morning,
I'm having a problem with a search engine redirect. Most results in google and bing are redirected to an undesireable site. Also, when I open IE and type in an address, a new window opens up with an undesirable redirect. In addition to this, I'm also having the following problems:

-"generic host process for Win32 Services" error message
-"No active mixer devices" error message when I try to adjust audio volume
-generally slow running computer
-restarts frequently needed because software freezes when opening

Below is my dds log as well as an attached zip file with the second dds log and the gmer log. Please let me know what I can do to fix this problem. thanks!!
DDS (Ver_10-12-12.02) - NTFSx86
Run by bdavidson at 10:10:08.95 on Tue 12/28/2010
Internet Explorer: 8.0.6001.18702
============== Running Processes ===============
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\sy... Read more

A:Search Engine Redirect (google, bing, etc.)

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 11 answers
RELEVANCY SCORE 69.2

Hi,

I got a "Internet Security 2010" on Dec 28, 2009. Use AVG, Malwarebytes' Anti-Malware and Ad-Aware (all with the latest update) to clear up the mess. Now, both browser (IE 7 and firefox 3.5) both redirect search results to some bogus web site.

I have run several times using the software mentioned but was not able to find anything.

I've used HijackThis v2.0.2 to produce the following log.

My system Win XP sp3

I've attached the HijackThis log file. Please help!!!!

A:search results redirect (google and bing)

Hi,

Thank you all for posting your suggestions, especially for people working on this site to help others. I saw a post here that ran ComboFix to take care of the browser redirect problem. So, I download it and following the simple instructions. Low and behold, ComboFix was able to detect there was a rootkit running on my computer. After several scan and reboot, my computer is back and no more browser redirect.
I thank you again from the bottom of my heart!!!!

If BleepingComputer.com needs any help, please contact me and I will be more than happy to give my time back to serve the community.

Stephen

Read other 2 answers
RELEVANCY SCORE 69.2

Hello,
After searching on Google or Bing, clicking on a link in the results redirects to sites such as yellowbook.com or get-answers-fast.com. MalwareBytes detected and removed about 50 infected files, but the redirecting is still happening. This occurs on both IE and Firefox. The DDS is pasted below. I have attached ark.txt, and 2 Malwarebytes logs that show what was removed, and a third that shows no infections. Thanks for the help!

===========================================================
DDS LOG
===========================================================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Teacher at 10:01:02 on 2011-11-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.1153 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestr... Read more

A:Infected with Google/Bing search redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 12 answers
RELEVANCY SCORE 68.4

Hello,

I keep getting redirected when I search something in Google or Bing. After searching something on either search engine, the search results page will load, but once I click on one of the result links it redirects me to something totally differnt. The websites I'm redirected to vary between various websites - often including something called "Mfeed", "Stopzilla" and a few others. I have tried searcing with both internet explorer and firefox with the same results. I am also unable to log onto Google Talk or Skype. When I try to log onto Google Talk I get an error message that says "Could not authenticate server".

I first noticed this off and on a week or so ago but wasnt sure if I was imagining things, since it only happened rarely. Approximately two days ago I recieved a notice that my outlook was signing onto a server without a valid signature, but I clicked "ok" or something (in hindsight, not the smartest idea). Since then, the search engine redirects have been increased significantly and now 100% of the search engine results are redirected.

Since I noticed the infection, and before I logged onto bleeping computer, I ran Malwarebytes Anti-Malware, which found 8 infections and then said it removed them. I also ran SUPERAntiSpyware which found 1 trojan and 993 adware cookies, all of which were removed by the program.

I hope this information is helpful to anyone. If anyone can help me I would greatly, greatly appreciate it... Read more

A:Google/Bing Search Redirect - seems like a hijack problem

Apologies for the improper post - I am just reading about the proper way to post a request for help. I am a noob - apologies. I will post a proper posting as soon as I can run the proper programming. Thank you.

Read other 1 answers
RELEVANCY SCORE 68.4

I'm just going to throw out as much info as I can think of. I run XP, ran defogger, then dds, but gmer crashes before the scan is complete. It gets to a certain point and crashes. The folder it gets hung up on is:

c:\documents and settings\myname\application data\mozilla\firefox\crash reports\pending (Ironic!)

Mainly this is just affecting searching right now, with a few pop ups, but it's getting worse so I need to get rid of this ASAP!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Dawg at 13:59:28 on 2012-02-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.424 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience&... Read more

A:TDSS and Google/Bing redirect search results

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Replace your hosts file first.Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=Download the program HostsXpert to restore the default hosts file back onto your machine.Unzip the program and execute it.Select "Restore MS Hosts File".Close the application.=*=Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the ... Read more

Read other 11 answers
RELEVANCY SCORE 68.4

cannot conduct any searches on the computer. Will bring up searcg results but everytime I click a result from the search I am redirected to other pages such as http://search.us.b00kmarks.com/search.php?keyword=norton+internet+security+systems and http://www.blinkx.com/ac/cb?adid=02-100-201-300-404-25&affiliate=6363F6E9%2D9BFC%2D4F79%2D9439%2D761078D881A1 redirected pages are always different. dds text below:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by kelly at 20:06:55 on 2011-07-24
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.479 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc... Read more

A:Google, Bing and other search engines redirect constantly

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 7 answers
RELEVANCY SCORE 68

Hi

I am experiencing problems with my Internet Explorer (IE). Whenever I search for a keyword on any search engine (Google/Bing/Yahoo), the main links of the results would redirect to various Ad websites. When I point the mouse over the main link, the status bar of the IE shows a link starting with http://1942.r.google.com... If the link is clicked, another window of IE opens up and redirects to another site. However, if I close that window or press the back key, it will take me to my original window that I initially intended to go to.

I, like any other tech, ran several software in safe mode, such as AVG, Trend Micro Worry Free, Symantec Endpoint Security, Spy-Bot, Ad-Aware, Malware Bytes and more. Even though it cleaned many viruses/spy-wares, it could not fix the redirecting issue. I even checked and removed suspicious registry entries from the system. However, I was unable to get rid of the redirection.

I am including log files that were requested. Please help get rid of this redirection issue. Any help will be greatly appreciated.

Thank You!

========================= DDS.txt =====================================
DDS (Ver_10-12-12.02) - NTFSx86
Run by raf at 21:53:40.07 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1284 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Security Agent *Disa... Read more

A:search engine redirect virus (Google/Bing/Yahoo)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 68

Hi

I am experiencing problems with my Internet Explorer (IE). Whenever I search for a keyword on any search engine (Google/Bing/Yahoo), the main links of the results would redirect to various Ad websites. When I point the mouse over the main link, the status bar of the IE shows a link starting with http://1942.r.google.com... If the link is clicked, another window of IE opens up and redirects to another site. However, if I close that window or press the back key, it will take me to my original window that I initially intended to go to.

I, like any other tech, ran several software in safe mode, such as AVG, Trend Micro Worry Free, Symantec Endpoint Security, Spy-Bot, Ad-Aware, Malware Bytes and more. Even though it cleaned many viruses/spy-wares, it could not fix the redirecting issue. I even checked and removed suspicious registry entries from the system. However, I was unable to get rid of the redirection.

I am including log files that were requested. Please help get rid of this redirection issue. Any help will be greatly appreciated.

Thank You!

========================= DDS.txt =====================================
DDS (Ver_10-12-12.02) - NTFSx86
Run by raf at 21:53:40.07 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1284 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Security... Read more

A:search engine redirect virus (Google/Bing/Yahoo) on IE

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They ... Read more

Read other 10 answers
RELEVANCY SCORE 68

Hello,

Today while browsing my AGV notified me that it caught a threat and moved it to the virus vault. Soon after I began having redirects in my Bing search results. I was redirected to Scour the first time and then a couple of other sites during later attempts. I did not get the name of those sites because I hit the back button as quickly as I could. I attempted removal instructions found on the net to no avail. I used rkill, tdsskiller, and scanned with Malewarebytes and AGV. Both found nothing and I'm still getting redirects.

Thank you for the help!

Here is my log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mr. Holbrook at 20:25:38 on 2012-09-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.291 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012&... Read more

A:Infected with Scour Redirect and other Redirects in Bing Search Results

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 18 answers
RELEVANCY SCORE 68

I don't remember the exact day it started, but for the past week or so, I have had issues when I try to click on a search result link from any search engine: Google, Bing, etc. Like so many others in different forums/posts I have read over the past few days, if I cut and paste the shortcut into the address bar and hit Enter, it takes me to the appropriate site. But if I just click on the link, I am redirected to anything from porn to shopping to completely random sites. (There is a green globe before the web address for every site I am redirected to, if that helps at all.) That seems to be the only issue I have currently, although a few days back my firewall turned off on its own. Since then, I have downloaded and run Ad-Aware and Malwarebytes' Anti-Malware software, as well as the (paid version of) Spyware Sweeper and (free version of) AVG Anti-Virus that I already had running on my system (Windows XP). At first, a trojan was found (Trojan.Backdoor.ProgDav) and after two tries, seemingly removed. I also had a Win32/Cryptor virus found and removed and two other viruses I can't recall. I have run full scans using everything I have over the past day (in both safe and regular mode) and nothing has been found. But the redirecting links problem still persists and I am worried that there are worse things happening to my computer behind the scenes that I can't detect with the naked eye. Any help would be appreciated; if I can't figure this out soon, I&#... Read more

A:Search Engine (Google, Bing, etc.) Link Redirect Problems

hello JHWK54ME and to Bleepingcomputer.if I can't figure this out soon, I'm going to have to take my laptop in to a professionalmethinks we're going to put these guys out of business one day Yup. . . you've got a nasty on your machine. We can get rid of it. . . but first, a warning.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you d... Read more

Read other 38 answers
RELEVANCY SCORE 68

Recently have been unable to search on any of the search engines. When doing a search on google or other sites I am redirected when trying to click on a site of interest. Attempted to use antivirus and anitmalware without luck.

Appreciate boopme and his assistance
Attached is the information requested

Thanks for the help

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nicholas at 19:26:12.43 on Mon 03/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.80 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\... Read more

A:Infected with google/bing/yahoo etc redirect virus and un able to search

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 16 answers
RELEVANCY SCORE 67.2

I have had a search engine redirect virus for some time. Inititally I thought it was the "google redirect" virus, so I started playing with other search engines (Bing, Yahoo) from both Firefox and IE, but I get redirected on all search hits through those engines too. I disabled PrevX software, Spybot software, and AVG software, ran Malwarebyte's Anti-malware which identified 5 things to remove - most it couldn't remove until reboot - but the reboot did not remove them. I ran Hijack This, which directed me to here and to the DDS tool.

Thanks in advance - Sara.

The DDS log is as follows:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Sara at 11:07:36.18 on Sat 06/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1446 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx Edge *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
J:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\McAfee\Common... Read more

A:Redirect virus from variety of search engines (e.g., google, bing, yahoo)

I also should mention two things:

1 - that I have run "Find" on GooredFix.exe and here is the log it creates:

GooredFix v1.92 by jpshortstuff
Log created at 13:42 on 27/06/2009 running Option #1 (Sara)
Firefox version 3.0.11 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="J:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="J:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="J:\Program Files\AVG\AVG8\Toolbar\Firefox\[email protected]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="J:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="J:\Program Files\AVG\AVG8\Firefox"
And 2, I have run CCCleaner, and here is that log (though I did not have it clear the Firefox cache as I was busy composing this post at the same time):

CLEANING COMPLETE - (4.849 secs)
------------------------------------------... Read more

Read other 7 answers
RELEVANCY SCORE 67.2

On @11/1 i would get redirected to sites that have nothing to do with the search engine result i clicked on. I would need to rerun the search and click on it again to get to it. BACK does not work on the site i'm redirected to, it just sends me to the main page that i'm redirected to.Happens with bot IE and Firefox.I have dwm.exe running from my temp directory and i can't delete it, even in safe mode. Also looks like shell.exe and svchost.exe are running from a wrong directory. Note: I downloaded GMER but the buttons that the instructions say to check are grayed out & uncheckable. Services, Registry & Files & c:/ & ADS are the only ones i'm allowed to check. I did not run it.Here are my logs as per http://www.bleepingcomputer.com/forums/topic34773.html .DDS.txt:DDS (Ver_10-11-03.01) - NTFS_AMD64 Run by John at 4:49:51.15 on Thu 11/04/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1630 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows&#... Read more

A:Browser redirect in Search Engine results (Yahoo, Bing, Google)

Moderator - please close this thread.
I followed boopme's 1st post in the below thread and i'm good now.
http://www.bleepingcomputer.com/forums/topic358309.html

THANK YOU!

Read other 2 answers
RELEVANCY SCORE 66.4

Please help! I have been infected by something that redirects me do random sites after I have done a searchs on Google, Yahoo or Bing. The latest redirects have taken me to the following website hxxp://server2.mediajmp.com/surveys/don-index.html?sub=yahoo.comor hxxp://server2.mediajmp.com/surveys/don-index.html?sub=google.comBoth of these links have an audio file asking me to participate in a 30 second survey. I have run Byspot Search & Destroy, PC Tools Spyware Doctor. Adaware & Malwaresbytes Anti Malware and still can not rid this thing. Other sites worth noting which are part of the redirect there are 9 click.php files here are some of the URL'shxxp://64.111.208.43/click.php?re=1&cc=eNoVUs3OqjAUfCATbQuUduECUPlERAFBYHNDC4j8qKCCEB7-amYyyUxOchYz10kkFE0I4GlfKB-r2H4mMAdQ_OkvBxRCRABCVMJTeIbSVjdyXn-q1F4uJ8gTIGaMEiDwOOYZSBCDCUScpISSmP-DNOM4FgSQUkw4FzOJUSQnNMNMRoyyCaJJmFLrXnlW9b6Mir0wGmLUGrevD7-yhfJuKbaSO2LDe-e-jfr6eOwwbt24dcfnuD96_Wc1k9vv20p5FabpGsRD2H0koPKNzs5eoguHRTc8mjxVr59z4dB1mWe3esXtNKt0t6tIK-zOg8w3z-RlVUBk6_Wi1AYr90vzSA6CT1Zdu7iPqNmWffHurdQYj3-qLcB920inRluczuqmf2yybnSawNEeRSll1Ws3vNP4-Iy4FP3lQxU4GCq9mvsZ9e-BWjfrEgkzwxc7sFadYIisp25oPDx_Bh_qoLeiY9kf6pNXBhqbxfygaKi-xeSa6UPirzwxuuyk0NuBgofrw-4un3TlOr5uTXgYxtCTN7PNFcscRqV5qQ-tebLExZ4IWvq4pezQlK5K3MdMSYYn8y7LiZI5QtJcIF9OYIKEzEUwl9Ec_-yEpkRIBLOGHbtZIAqMVxgYbRQ4PdM3ReRKBUOg-17-8O00RhCbZ-cdBepg1lbHfntBIMFJmooES4jiFCBKMlliTGIA41RG_wGSB9Po&cu=54d123a8433ce1b67595029df86bafdf&co=bc2be11daa9a7ffd8567da1141096460&... Read more

A:Search Engine Result Redirect Google, Yahoo & Bing http://r9237242.cn/

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

DDS.txt Log is below and Attach.txt is attached with this topic.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jigi at 18:43:11 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.1313 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32... Read more

A:I use Bing search and search links redirected to http://dailyprize-winners.com

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

Read other 9 answers
RELEVANCY SCORE 56.4

I have a phantom item that says "search with bing" on my right click menu in IE11, which I can't remove.  It doesn't appear in the list of search providers in IE options, only the right click menu.

A:Unable to remove "Search with Bing" from Internet Explorer 11 right click search

I think the Bing bar comes as part of win 7 install on a lot of computers so you should find it in add remove programs
and be able to uninstall it from their.

Read other 28 answers
RELEVANCY SCORE 56.4

You know where it says www.techspot.com. Yes it has taken it over. There is no bing addon, extension or remove program. I followed a few guides I found googling and they only work until I restart FF. My old search engine was Google in the address bar.
 

A:Bing has taken over as my default search address bar in Firefox, search provider

In the address bar where it says your search program. Drop down the menu there. You should be able to switch it back to Google
 

Read other 24 answers
RELEVANCY SCORE 56.4

The problem is any search website comes up with page can't be found: Google.com, Bing.com, Yahoo.com comes up but when I try a search it does nothing. I have no issues going to any other website, just search websites.

I have a laptop running Windows 7 Home Premium 64 bit with AVG Anti-Virus Free Edition 2011 and no third party firewall.

AVG scan is clean. Malwarebytes scan is clean. Ccleaner has been run. I have reset IE 8 settings to default. I have flushed the DNS. I have run HiJackThis and don't see any problems. I have checked the host file and there are no strange entries.

I need to know what to try next. Any help or direction would be appreciated.

Thank you.

A:Can't Access Search sites: Google, Bing, Yahoo Search

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Kindest Regards,SweetTech.

Read other 3 answers
RELEVANCY SCORE 55.6

Those who use Bing and Google to do searches might find this interesting.

http://nakedsecurity.sophos.com/2012/10/05/bing-image-blackhat-seo-poisoning/

---------------------------------------------------------
 

A:infecting Your Computer - Bing Search Vs. Google Search

Good read, Frank
 

Read other 1 answers
RELEVANCY SCORE 54.8

I have done this several times, but I no longer see Google Search listed at Internet Explorer Gallery

How else can I do it?

A:Replacing Bing search with Google search

One way---

https://tools.google.com/dlpage/tool...en&brand=GGHP&

Read other 14 answers
RELEVANCY SCORE 52

Suddenly the Bing bar refuses to search. Clicking on Search fails to
activate.

A:Bing search bar

IE>Tools>Internet Options>Advanced>Reset. Also did you update IE or your OS recently?

Read other 1 answers
RELEVANCY SCORE 52

I had a bing toolbar that my son somehow downloaded to my computer. I removed it and also scanned with ad-aware and found and removed a trojan virus. I was entering something into my address bar and misspelled and it came up to a bing search page. I don't have bing as a default search engine. I checked the registry with regedit and found the bing search entry and deleted it but it sill goes to this page. It does it in firefox and IE. How can I get this deleted permanently?
 

A:bing search

Read other 16 answers
RELEVANCY SCORE 52

When I try to search anything on "BING" all I get is a blank BING search screen. Nothing at all happens. BING Maps will not work either. Any ideas why I cant't get the BING search engine or Bing Maps to work. I use windows XP and I have Norton for virus protection.

A:Bing Search

Welcome aboard What browser?Did you try different browser?

Read other 3 answers
RELEVANCY SCORE 52

I just installed Win 8 and was just wondering what happened to the search bar in Bing Desktop which appeared either on top or the centre of your screen in Windows 7?

A:Bing DT Search Bar

Believe or not, the Bing Bar is not compatible with Win 8.

John

Read other 1 answers
RELEVANCY SCORE 51.6

Hi,this is my first post. Thanks for helping me.I've XP home sp2. Since a day or two, when I do search in google or bing, and click on any of the links in results, it is redirecting me to some ad sites. Upon research, as expected, it seems to be virus and posted on forums here also. I scanned using microsoft essentials, and Malware bytes, and cleaned some virus found. Rebooted, and still I am experiencing above issue.Appreciate your help.Update: I browsed the forum, and used KSP rootkiller application posted. It found rootkit snowman.sys under system32\drivers as shown,and removed it. I think I am back in business, as the links are working correctly. Thanks!!!

A:Google/Bing redirect

Hello.

Glad to hear you got your problem resolved. Is everything still working correctly?

~Blade

Read other 1 answers
RELEVANCY SCORE 51.6

Yesterday, I was doing some surfing when suddenly to my surprise I started getting what seemed like legitimate windows security alerts. Almost immediately I knew something wasn't quite right... I've yet to hear of a virus clever enough to slip past my virus scan and still manage to infect every file on my computer. When it tried to force me to buy software, I knew for a fact I had a big problem on my hands. It was the Internet Security virus.

Hoping for a quick fix I borrowed a friend's computer and found a guide to remove it which recommended I enter into safe mode, and use a very specific antimalware program to remove it. As it turns out, the program would only display the infected files... And demanded that I purchase the software to remove. In my opinion, it was not much better than the virus I was removing; but I should've done my homework before downloading. To avoid the "is this the one that works?" problem I've had many times before, I simply manually deleted the files.

Unfortunately, this left me with a search redirect problem, and so far no antimalware I'm familiar with has been able to help me with it. After much searching related to the problem, I ran into you guys who seem to have the whole problem under control. (how is it I didn't just find you first?)

I'm thinking the primary source of my problem is that the malware that caused the redirects in the first place is gone, but the altered settings remain to ha... Read more

A:Google/Bing Redirect?

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Ma... Read more

Read other 18 answers
RELEVANCY SCORE 51.6

Within the last week I started having an issue when doing searches with Bing or Google where clicking on a link from any search result would be redirected to various unrelated websites. I have tried several thing before finding this forum. (Sorry if this is vague and a probably incomplete description of what I have done. I have been trying to resolve this on my own for about three days)

Ran quick and full scan using McAfee - No issue were found
Downloaded and ran TDSsKiller - Not sure if there is log file and unfortunatley I do not recall the results.
Downloaded and ran CCleaner - Numerouse files and registry entries removed.
Uninstalled and reinstalled and uninstalled IE 9.
Installed Malwarebytes: Ran Flash Scan, Quck Scan and Full Scan -
The following is a partial log from the Flash Scan. Quick and full scan returned no issues.
Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
(Trojan.Fraudpack) -> Quarantined and deleted successfully.
(Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Detected: 6
(Malware.Trace) -> Data: 1CAF0B75D18D3B0 -> Quarantined and deleted successfully.
(Trojan.Downloader) -> Data: C:\Users\Ray\AppData\Local\Temp\dscx675j.exe -> Quarantined and deleted successfully.
(Trojan.Downloader) -> Data: C:\Users\Ray\AppData\Local\Temp\system.exe -> ... Read more

A:Bing / Google Redirect

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 14 answers
RELEVANCY SCORE 51.6

Hi folks,my son fell for the fake antivirus virus. i have followed the removal instructions and the virus itself is gone but i cant get rid of the google redirect i have run host-pern and reset the host file but not doing anything if it helps the redirect is to a bnpileaws site and then to whatever i will attache the gmer log.DDSDDS (Ver_11-03-05.01) - NTFSx86 Run by katymick at 17:31:00.69 on Sat 02/04/2011Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.61.1033.18.3071.1724 [GMT 10:00].AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Window... Read more

A:google/bing redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 10 answers
RELEVANCY SCORE 51.6

I have a redirecting virus on a Vista home edition 32 bit. Last week Security Shield popped up. I went through ?remove security shield 2012 or securityshield (uninstall Guide) from Virus, spyware, & malware removal guides, and it stopped the security shield pop-up but still redirecting. Looked at the hosts file and it looks good (according to what I have seen on the web). Infection prevents down loading (even in safe mode after running rkill) so I use a usb storage device to load programs.
What should I do now?
To be honest I am no tech wizard and hope someone can patiently walk me through this.

A:Redirect Bing and Google

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 51.6

I'm having the same problem as many others on this forum. Having my browser redirected both at home computer and work computer. Here is hijackthis from the work computer. I've tried AVG9, Maleware, Hitman 3.5, combofix and have had no success. Thanks for any help.
 

Read other answers
RELEVANCY SCORE 51.6

For some reason MS Bing is on a tab on my MS explorier Browser. How does
a preson get rid of MS Bing Search Engine. I use google and I don't plan
on using Bing as a search engine.

Thank you,
 

A:Getting Rid of MS Bing search engine?

Next to Bing search box, click the Down arrow, then select Find More Search Providers. You will then get to a web page where you can select Google as your default search engine.
 

Read other 3 answers
RELEVANCY SCORE 51.6

I may or may not have an issue, as I have only moderate knowledge of the workings of my computer, and would ask if anyone would be willing to give me a once over. I have tried to reset my Firefox's default search engine to Google twice now and it refuses to stick. I had this problem once before with a Privitize VPN forced search, so I took a look around in my about:config and found something that disturbed me; I have a few instances of Babylon.com search popping up in places I don't understand, and as I know that that is linked with Privitize VPN I'm a little worried, not to mention the fact that I am being forced to search with Bing though my address bar.
 
I hope this made sense, but if not, still help please?
 
Thankyou

A:Forced Bing Search

Welcome, we'll take a look as it appears you are infected.
 

Download Security Check by screen317 from here.Save]http://screen317.spywareinfoforum.org/SecurityCheck.exe"]here[/url].Save[/url] it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.[/list]

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


Please download Malwarebytes Anti-Malware and save it to your desktop.
Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Double-click on the renamed file to install, then follow these instructionsfor doing a Quick Scan in normal mode.
Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: ... Read more

Read other 6 answers
RELEVANCY SCORE 51.6

The Truth About Microsoft's Market Research....

China is clearly the biggest marketing opportunity in the world, with a growing economy and billions of potential customers. Most Chinese speak Mandarin, sort of a universal language that connects all their ethnicities and language groups. They also like Fortune Cookies, don't we all? That's why I was quite surprised, when I opened my latest fortune cookie, and turned it over for the Mandarin lesson:

They must know what they're doing.......right???

A:Bing! Search Engine

You know that just means like...'sickness' in Chinese right?

Read other 2 answers
RELEVANCY SCORE 51.6

I had Bing Search option in a small box on the IE 9 Browser, but this box has now turned into a New Tab box and I cannot find an option to return the Bing Search option, what am I missing?

A:Lost Bing Search - IE9

The address bar is the search box. Click the little down pointing arrow in it.

Read other 2 answers
RELEVANCY SCORE 51.6

Can someone plese give me a guaranteed process for removing the BING SEARCH BAR?
I am running Windows 7 Professional x64 using IE8

Thank you

A:BING Search Bar removal

Two programs that work for me.
Revo
Ccleaner
Use them wisely. Any removal program if use wrong can remove the wrong thing.
If by chance you still have problems, get back to us.

Read other 6 answers
RELEVANCY SCORE 50.8

Host is a WinXP SP3 laptop. User was searching Bing when he was redirected to a site with the domain name czec.cc. The site initiated some sort of bogus file scan claiming to have detected numerous trojans followed by an enticemnt to initiate some removal process.

I followed the steps for removal of the XP Total Security malware but was unable to update Malwarebytes (error 12007, 0) following installation. Despite the definitions being out of date, I ran the scan which turned up nothing.
DDR.txt follows. Attach.txt and Ark.txt attached. DeFogger used as instructed.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by jcheff at 12:05:19.09 on Tue 05/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1434 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common File... Read more

A:Bing Redirect to Rogue Site

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 50.8

Hello all,
I'm a bit ashamed to resort to posting here - usually I can handle all this myself but this one has me flummoxed. I've read through the 'Preparation guide' so apologies if I get this wrong. I have Trend AV running (nice job Trend!), I've also run TDDSKiller, RogueKiller & GMER to no avail. ComboFix seems to come up with an error - Cannot access specified device, path or file - and thats running as administrator. Ho hum.

Symptoms: Clicking on Google search results will redirect to strange websites - usually blocked by Trend. Also does this in Bing. Across all browsers. Firefox has recently stopped launching, kept immediately crashing but worked on other account. Have since uninstalled.

Many thanks for looking - Pete

DDS.TXT:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by Pete at 21:55:32 on 2013-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.1479 [GMT 0:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program ... Read more

A:Google (& Bing?) redirect virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 3 answers
RELEVANCY SCORE 50.8

I think something is severely infected, I am unable to run any scans (including Malware Bytes, Super AntiSpyware, RootRepeal file scan, even the dds.scr)

RootRepeal Scan: ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/06 23:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDF0E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B69000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hjgruiwuujvouh.sys
Image Path: C:\WINDOWS\system32\drivers\hjgruiwuujvouh.sys
Address: 0xEE197000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: PCI_PNP3994
Image Path: \Driver\PCI_PNP3994
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF6DC4000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spby.sys
Image Path: spby.sys
Address: 0xF740F000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Sta... Read more

A:Rootkit? Google/Bing redirect, Can

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Download and run a batch file (peek.bat): Download peek.bat from the download link below and save it to your Desktop.Download peek.bat Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.==========Please post the following logs in your next reply:* Win32kDiag.txt* Log.txt

Read other 3 answers
RELEVANCY SCORE 50.8

Hi:
Yesterday my web browser started redirecting all of my Google / Bing searches to a variety of different phony sites every time I clicked on a site in Google. I suspect a Malware problem. I've tried virus scan and Spy doctor but they haven't helped.

When I look at Task Manager processes I see pnkbstra and pnkbstrb but when I turn them off nothing changes.

If you can help me with this I'll be forever grateful.

Thanks,
John Lawson

A:Google/Bing/Yahoo Redirect

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and ... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

The issue I am experiencing sounds extremely familiar to this thread (http://www.bleepingcomputer.com/forums/topic451230.html). However I read the instructions and created my own topic just in case it was a different source that is causing the same symptoms.

Thank you in advance for taking the time to look at my issue!

----------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Will at 23:03:49 on 2012-04-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6134.4127 [GMT -5:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\sp... Read more

A:Redirect Virus when using Google or Bing

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 19 answers