Over 1 million tech questions and answers.

hard core hijacker cant even click on search results.Please Help!

Q: hard core hijacker cant even click on search results.Please Help!

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz, Intel64 Family 6 Model 23 Stepping 7
Processor Count: 4
RAM: 8190 Mb
Graphics Card: ATI Radeon HD 5700 Series, 1024 Mb
Hard Drives: C: Total - 595471 MB, Free - 224190 MB;
Motherboard: Gateway, FMCP7AM, , U00P091400964
Antivirus: None (had mcafee until a few mins ago but it would not let me download DDS nor could i turn it off because it was the att version it sucked anyway.)
Logfile of IObit HijackScan v1.0.2.0
Scan saved at 2:37:21, on 2011-3-22
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\SysWOW64\catsrvps32.exe
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\E442.tmp
C:\ProgramData\kbdnecnt32.exe
C:\ProgramData\kbdnecnt32.exe
C:\ProgramData\kbdnecnt32.exe
C:\ProgramData\kbdnecnt32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Amy\AppData\Roaming\SysWin\lsass.exe
C:\Users\Amy\AppData\Roaming\SysWin\lsass.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\IObit\IObit Security 360\a_hijackscan.exe

O2 - BHO: Unknown - {15B61EBF-AB52-4B4E-A590-613E4C0B189e} - C:\Windows\SysWow64\atiglpxx32.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110226181906.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [RTHDBPL] C:\Users\Amy\AppData\Roaming\SysWin\lsass.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_24 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}Java Plug-in 1.6.0_24 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_24 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: AMD External Events Utility (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -
O23 - Service: Diagnostic Policy Service (DPS) - Unknown -
O23 - Service: Windows Media Center Scheduler Service (ehSched32) - Unknown - c:\windows\system32\catsrvps32.exe
O23 - Service: Windows Media Center Service Launcher (ehstart) - Unknown - %windir%\system32\svchost.exe
O23 - Service: Group Policy Client (gpsvc) - Unknown -
O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts Manager (SamSs) - Unknown -
O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe
O23 - Service: Steam Client Service (Steam Client Service) - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -
O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -
O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Amy at 3:39:02.79 on Tue 03/22/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6437 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\SysWOW64\catsrvps32.exe
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\E442.tmp
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\kbdnecnt32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YM3851J\dds[1].pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: {15b61ebf-ab52-4b4e-a590-613e4c0b189e} - C:\Windows\SysWow64\atiglpxx32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [RTHDBPL] C:\Users\Amy\AppData\Roaming\SysWin\lsass.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: C:\ProgramData\atiglpxx32.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1ka3bb0n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {0826ab44-dff6-4379-8246-89a9f7deefb4} - %profile%\extensions\{0826ab44-dff6-4379-8246-89a9f7deefb4}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/17/2011 7:23:23 PM
System Uptime: 3/22/2011 3:35:19 AM (0 hours ago)
.
Motherboard: Gateway | | FMCP7AM
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 218.938 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

Read other answers
RELEVANCY SCORE 200
Preferred Solution: hard core hijacker cant even click on search results.Please Help!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 74.4

This hijacker appeared soon after I installed a program to watch Dish Movies online. I don't know if the issue is related.

On the GMER program a lot of the options were grayed out so I couldn't choose them - - see attached picture.

DDS Log results:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Admin at 17:28:55 on 2012-09-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1374 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService... Read more

A:I got click.get-amazing-results browser hijacker

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 12 answers
RELEVANCY SCORE 72.8

Hey. Just recently i have been having this problem where when i search for something on google, yahoo, etc. and then click on the page i want to go to i get a completly different page. I go to a different site each time and for me to get to the right page i have to click back then click it again. For example, i searched for "circuit city" on google and then clicked the circuit city main webpage off the list of results. However, i go to a compleltly different website called "http://consumerincentivepromotions.com/rd_p?p=96680&c=8774-ccity250gc_emc_d6&a=2400-3sette." They are usually advertising sites too like that. I have a feeling it has something to do with a srchasst folder in my windows folder because i have tried to delete it (knowing that it has to do with some Searchtoolbar spyware) and it keeps coming back right after i delete it. Any ideas? Here is a HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:51:17 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro... Read more

A:Solved: Get wierd results when i click search results

Read other 13 answers
RELEVANCY SCORE 72.8

I would appreciate any advice on how to fix this..My computer caught a virus and screwed up the admin account. I managed to get that bug removed. Since then, I have problems when I click the results from search engines. When I click search results, I get sent to different sites. I typically use Google Chrome but it's happened on Bing as well. For example, I did a google search on "virus removal". The link on the Google page was for "www.symantec.com/security_response/removaltools.jsp" but when I click the link, it goes to "http://answers.nixxie.com/s.php?k=virus%20removal&adid=13190&ts=1001SMA_A14&subid=263328-165793-133-27681&click=1609561864-41d3.11f1.50788005.3b97&ref=http://market-find.com/index.php?search=virus%20removal"Cicking "www.kaspersky.com › Support" takes me to "http://r.looksmart.com/og/pr=Psr;ro=1;rc=4;digest=2318dc8762ee3009c073e486df8a499b;kid=6f71bb91533de8f9bb8d92689e59bf39;t=1350074566;v=8;data=gg1A2cbB_NiFMmKDDBkRvp9xLNM-gHzw1ipDmvpgzJM7kA2vsa63GrjukRD6oalWiDGbgjD4_lX7zIN4HI9nmNM701OzoDmp2aba_b-8rQiuWrRnSR6SldsYzIg9duKKiVELnFMfFbijvsXXHu4z3OBZgeOJjsbbEsL9UNuMEytcIVbfpvA8EA;uh=157x17525143547048890673;la=2438185;lm=3039186;ad=756865385;ag=766460146;kw=1609561864;qt=virus%20removal;vr=17;lt=EM;ip=50.80.167.198;pt=;st=118.25.90.0.0.0.0;os=929.249.9.0.4.230.2.6;sy=keyword;my=smart;geo=894417;vid=0;subid=137419-386-27681;opi=bizz_main;lg=0;sqid=610B9C4C-14AD-11E2-A738-E60E0A2C1E10... Read more

A:When click results from search engine (Google & Bing), get sent to wrong sites (ex http://click.livesearchnow.com/...)

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 24 answers
RELEVANCY SCORE 71.6

My sister-in-law is having a problem with her computer. She can get msn.com and do a search but when clicking on a search result link it opens up a new window with a random advertisment. I tired to check msconfig but it will won't open and with auto restart the computer after cliking OK on the run box. I have installed AVG 8.0 free and Adaware free. Had to download update file from their websites because neither would update through the program. Ran AVG scan in safe mode but still having the same problem. Got a popup for Antivirus 2009 so I tried to download Malwarebytes but it wouldn't run at all. Sorry this is so long but I have been working on it a while. Here is the hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:25:30 PM, on 12/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\ScsiAccess.E... Read more

A:Search results Hijacker

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es... Read more

Read other 2 answers
RELEVANCY SCORE 71.6

After I've done a search, the links on the search results page are hijacked and when I use them, I end up somewhere unexpected. For example, using the yahoo search engine, I searched for Volvo. The search results showed "http://volvocars.us" when I scrolled over it, but it actually takes me to <http://c.ppcxml.net/?d=kkkkZGx5YwtjYwH1YwR5Y2qiYaObpQ9xLKEuCKMZnUyOI3uZnzudoyqnrzMWqUAJFHchGHqmqSpkEz5PAJ4lGyEgG2fjZmMvpyblEKSBpmu5o29mATAVG3LlpQM0ZwOfGIEdZTcMZJ1JoxplFmqAEaNkMzpjn214MHgeBGuLD1ygq0uVZzc2ARbyZxWSAQyJpRfmIaMcIIcgnxgVoxb0GSDjDayHEKqRLzghD2WzLKyZEwMnFRcbFHuDqSt5pxAhHKIMoaOSoyOuMyI2JxyEAx8mpRAaDHtlMwZ4HmuDI0ASrTL0DGA4LJkSE01lWGWPrR95MJqwp3A1HaMaWGWTFGScJwMxnHkVElHlEaAYIzyzHzDjFSq2GHufDwNyZxMKAzAdZQEgIRqbJJWhZKSeoaOWE0I1DKSiEJjyZxMTM1yFZUR4BTj0BH1GoRyenQtkWGWTLxcLpHMaAwIdL215WGWPozV4nKSMDxu4DzRmFTuyDKyeGQEhASyLqxZ1rH9mMUc5EH56GGAIZQEeG2EAp0L3FIOfJwpjWGWPZ3LjIzpkpJj5oUMAnQt0GyyGBT9EoJWKo1OTHTuvpaIWAz44IISUEzqgHT8kImHjBTZ3HJSWDypmEQVmnx85EKM3qwVkIyV0E25Go0uuEIDyZxMTISV4oR5gIRExnmuvGHEYpQE2oTWWnGWGIQIepx1YH0ZyZxWcIJWYpKAUpmSvD09MMGV0A0k0LIA3EGElqIWJoauKGHc5nHq0FwSanGAUIKuJEwIepScTZPHlDx11JQDkJTIUBHVkZaMKM1uwBIcGqIV3MyM0BGOYEJMUAUSQZyMDpvHlEzyLIRp5MyAUAGWOFxgKF1IBIH1Co0IIL2WvFyuOqSuTGJpjrxIHqz0kE1IOA3WnEH1wGmyIWGWTJKAAGxk1AzydIvHlEzjkJzcDZyOYMKqdMSIWH21EZTH5n1OMJx85o2InBSAZoGMapyqJqQqaqap4G0gGLzgTDIW1F0uWFzL4MyHjJxIfFwARJQtjFUpyZxWSLHqbAH1XrzqAq3uZI1carKH4M2ShH3EILaEZEvHlDzMhq1xyZ0E8ZmRlZKjlZQO8AQLjZUk2o2k2o3jkZQH3ZGu8BGZlsQZ3BGR5ZwM8ATWwMTLjLGA8AGt1AGIxAQI8ZU... Read more

A:search results hijacker

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your ... Read more

Read other 23 answers
RELEVANCY SCORE 71.6

Hi. I've recently noticed that Google search results are being odd, and sometimes it will redirect to ad-pages, etc...

I've attached a picture of what the search results look like; searching 'facebook' results in no listing for facebook.com coming up! I'm fairly sure there is a search hijacker happening somewhere.

I've done an Avast scan, and found and deleted the file Gaopdxserv.sys, in C:\Windows\system32\drivers. Does this file have anything to do with it? Avast didn't find anything else.

I'm using Windows Vista, and the browser I'm using is Firefox 3; it also occurs with Internet Explorer 7.

HijackThis Log:

Code:
Logfile of HijackThis v1.99.1
Scan saved at 19:05:10, on 25/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Messaging\MessagingApp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Avast\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\BOINC\boinc.exe
C:\Program F... Read more

Read other answers
RELEVANCY SCORE 70.8

Hi, you bleeping experts!

I wiped my hard drive and restored from last year's backup, but still my browsers are being hijacked on search results. We use IExplorer and Firefox. Yahoo and Google and even Bing search results are getting hijacked.

I was such a good dad, trying to keep the machine protected from my 3 kids' online gaming habits but things went downhill. I had Avira Antivir running and I was doing Windows updates but the situation deteriorated where I could no longer get updates for either. Finally I gave up trying to fix the problem using HijackThis and decided to restore and ask for help from you bleeping experts.

I followed your Malware Removal Preparation Guide exactly. Attached are the logs. Looks like I have some rootkits -- that sounds bad! All help patiently appreciated. I promise if I get the machine back up running I won't let them download so many games from god-knows-where.

Thanks!

MiltonDad (Mike)

- notes:
Windows XP firewall enabled
Avira still running. Was able to get updates after restore. Haven't upgraded to the latest version yet though.
CD emulation software disabled. (Defogger)
Mozyhome not running. (It installed as part of my restore process.)
DDS run (see below log)
GMER run (see below log)

-----------------------------------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 7:32:58.41 on Mon 12/20/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professio... Read more

A:Good dad has bad search results hijacker

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 70.8

When I click on most search results I've entered through the websearch window (default engine - Google) in my browsers (IE8.0.6 / Firefox 3.0.11) I'm re-directed to random sites. Most of these sites seem to be advertising portals or service sites. If I cut and paste the actual search result url into my browser it goes where it's supposed to. Help! I started the cleaning process featured in Major Geeks and got to the part where I'm supposed to run Combofix and got a little squeamish. Can someone please help me? Running XP Ver 5.1 SP3. Thanx

A:IE8 and Firefox search results hijacker

Hi ptyed, and to BleepingComputer!Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.ATF-CLEANER------------------Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.SUPERANTISPYWARE-----------------------------Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. ... Read more

Read other 1 answers
RELEVANCY SCORE 70

Hello there!

Thanks for reading this.

Here's what happens when I try to perform basic internet searches:

I open a browser.

I put in a search term (something familiar, with known results).

My first search yields normal results.

Subsequent searches, using either different or the same terms, will turn up what appears to be the normal results, but they are not. The title and text of the url's are correct, but the actual addresses are things like: monstermarketplace.com, shopica.com, antivirus.com, etc. This only occurs on the first page of results. The second page has proper url's to match the titles and descriptions. I can even perform that first search, get proper results, refresh that search, and watch the url's all change to those stupid addresses, while the titles and text remain the same. As stated, subsequent searches of any terms, new or old, will then produce the Stupid Page.

This happens with both Explorer and Firefox.

It happens with Google and Yahoo. It happens whether I use toolbar windows, or go to the search engine home pages directly, same results. If I switch between search engines without closing and opening the browser, I get the Stupid Page on the first try with the newly opened search engine.

Both my SpyBot and Norton IS 2009 were and are up-to-date. Scans with both revealed nothing out of the ordinary. I have since loaded Ad-Aware, Windows Defender and MalwareBytes, used them, and gotten nothing out of the ordinary there, either.

I performed a... Read more

A:DNS Hijacker? Search engine results being redirected.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 21 answers
RELEVANCY SCORE 70

When clicking on results from google search I get redirected to other sites, eg. (wisdomtips.com, shoppingsteps.com, savecompare.com) or to error page.

I am lokking for help to get rid of this proplem.

I have Stopzilla. It does a scan and find a virus called Hijacker, then I go through the removal prosess but when compter restarts it comes back.

I don't have access to a Windows Install disc, or a Boot CD


Attach.zip is attached.

Here is the DDS.txt


DDS (Ver_09-10-26.01) - FAT32x86
Run by Neil at 11:41:33.85 on 03/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.109 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files... Read more

A:Hijacker Virus (search results redirect)

Hi skylir,


Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------

Please re-run DDS and post the resulting logs

Thanks

Read other 14 answers
RELEVANCY SCORE 70

Hello, here is a brief description of some of the symptoms I'm having and steps I have taken before I post the log files ...

I started noticing that in Firefox (my preferred browser) ever few google search results that I would click did not take me to the destination but redirected to another page. At the bottom of the browser if I hovered over the search result it would show the URL like googleads.g.doubleclick.net/url=?blah_blah_blah.....

I ran a few antivirus and antimalware programs. First I ran malwarebytes. That detected I think 2 or 4 files and quarantined them. Then I updated my ad-aware which I hadn't done in a while, the new version was some jacked up version that ran sooo slow on my browser. I ended up uninstalling it. But that did spot several more bugs when I ran it.

After this I was still having the browser search engine redirect hijacks, but I also noticed that firefox was starting to run really bad, would crash, and was using a heap of memory and would freeze the computer while it was running, to the point I had to constantly close it by 'end process' from the task manager. After this is when I completely uninstalled Ad-Aware (just in case, as before I had only disabled it from startup). It doesn't seem to be having issues with freezing anymore so hopefully that resolved that, but this morning I was browsing on Chrome and I noticed that one of my google search results again got redirected.

So at this point, this morning, I ... Read more

A:Browser Hijacker Redirects Search Results

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 28 answers
RELEVANCY SCORE 68.8

Hello, on the 12th I was searching for a program and I came across a website called "SpringFields."
I downloaded an iso file which contained a "downloader" that gave me the infection. I immediately closed it but it had already infected me.
I've tried removing it using things such as MalwareBytes, HitmanPro, RougeKiller, RKill and some others with no success. I've tried resetting browser settings on all of my web browsers but the hijacker works globally (throughout all browsers, Chrome is my main). I've also removed add-ons with no luck.
 
I also kept getting a BSOD while using MalwareBytes (BAD_POOL_HEADER).
 
Thank you so much for your time.
 
FRST.txt: http://pastebin.com/QsycVEGs
Addition.txt: http://pastebin.com/2jNRB2QZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by Ceanko (administrator) on DESKTOP-9FT2BD9 (14-08-2016 19:27:05)
Running from C:\Users\Ceanko\Desktop\bleeping
Loaded Profiles: Ceanko (Available Profiles: Ceanko & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Language: Slovenian (Slovenia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation... Read more

Read other answers
RELEVANCY SCORE 66.8

When I do an internet search on google or yahoo I get different results than what the result I clicked on says it is. Usually I get taken to some other search engine with the same results as what I just searched for on google or yahoo. Is this a virus? I've done system restore and run AVG and Spybot but nothing shows up.

A:When I click on search results I get something different than the link

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below a... Read more

Read other 22 answers
RELEVANCY SCORE 66.8

Having a problem with being redirected from search results. Has occurred in Yahoo and Bing. Have run MBAM full scan and a SuperSpyware scan and the problem is still occurring. Have McAfee running as main AV on system. Any suggestions from here?

A:Redirected when click search results

Please try these steps. I also recommended redownloading Malwarebytes... Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean. RKill by GrinlerLink #1Link #2Link #3Link #4Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.Download Link #1.Save it to your Desktop.Double click the RKill desktop icon.
If you are using Vista please right click and run as Admin!A black screen will briefly flash indicating a successful run.If this does not occur please delete that application and download Link #2.Continue process until the tool runs.If the tool does not run from any of the links tell me about it. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, fo... Read more

Read other 6 answers
RELEVANCY SCORE 66

Every time I use google and click on one of the search result links, I am redirected to one of several web sites advertising fake security programs. I don't know if this is important but earlier this week I was infected with a virus where fake security alerts would pop up on my computer telling me to download protection system. I finally got the pop ups to stop. Can anyone help me fix the google problem?

A:Google redirects me when I click on search results

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

Read other 5 answers
RELEVANCY SCORE 66

About a week ago I somehow downloaded a real bad bug - malware? virus? Who knows; but unfortunately I've been having a very hard time removing it. All I can remember about when the problem started was that a Java logo appeared in the middle of my screen, which promptly disappeared. Now, when I do a google search and click on a link to a search result, I am redirected to a variety of nonsense pages (I'm using firefox as my browser). Such pages include (for example):

hxxp://www.bestmarkstore.com/us/rf/searche.php?q=oscar+nominations+2011&refid=64436+97569
hxxp://shopcompareus.com/ac/search.php?phrase=Oscar%20Nominations%202011&uid=536e4bdab77e644af6d47735f4589eab&kuid=ca4366e6f13e65e4b3941b89d7e5017b&src=ads&partner=mx1-35394
hxxp://mx1.35394.expand-search-goals.com/jump1/?affiliate=mx1&subid=35394&terms=oscar%20nominations%202011&sid=Z283044314%40EzX2EzM2UDNz8VN3UjMfJjMfNDNy8FO2QDO1gDO5ITM&a=zk5&mr=1&rc=0
hxxp://www.informationgetter.com/search-results.aspx?keywords=Oscar+Nominations+2011&q=Oscar+Nominations+2011
hxxp://itcg.21426.expand-search-goals.com/jump1/?affiliate=itcg&subid=21426&terms=oscar%20nominations%202011&sid=Z006044288%40%40QMfZTN3UTOzMzXyEDMy81Nz8VO08VM5MDO1gDO5ITM&a=vgpt&mr=1&rc=0

Additionally, random popups are appearing in new tabs from time to time.

Here is DDS.txt:
DDS (Ver_10-12-12.02) - NTFSx86
Run by bgoldman at 20:34:11.57 on Sun 02/27/2011
Internet Explorer: 8... Read more

A:Can't click search results in google + popups

Brad,My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.Do not do... Read more

Read other 22 answers
RELEVANCY SCORE 66

Whenever I search on Google or Yahoo I get the results and when I click on one it re-directs me to a completely unrelated site. Please help me fix this.

A:I am redirected on search engine results when i click them

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 66

Hello... I'm running into the same problem as some of the other folks. I had the System Restore virus. I cleaned that out and restored all my hidden files back to the way they were. I'm now stuck with this browser issue. It happens on both Firefox and Internet Explorer. I do a google search for something, then link on one of the search results and it redirects me to a bogus site. If I type in the web address my browser works fine.

I've run Malwarebytes in safe mode and everything checks out okay.

Please help!! I don't know how to remove this. Attached are my DDS and Attached text files. Many Thanks!!!!
 DDS.txt   24.64KB
  0 downloads

A:Browser search results being redirected when I click on them...

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 14 answers
RELEVANCY SCORE 66

whenever i open a folder by double-clicking it (from the desktop for example) it opens up a new windows with blank search results. the only way i can open new folders is through windows explorer. please help!
 

A:double-click opens search results!

try this fix for your problem
http://www.dougknox.com/xp/scripts_desc/xp_folder_open.htm

joan
 

Read other 3 answers
RELEVANCY SCORE 66

I got help elsewhere. Thank you nevertheless This topic can be deleted.

A:google redirects when i click on search results

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Read other 1 answers
RELEVANCY SCORE 65.2

Whenever I search Google for a subject, then click on a link in the search results, my browser is hijacked and redirected to websites such as:
www.thewebtimes.com
www.get-answers-fast.com
www.accurately-locate.com
www.goingonearth.com
etc...
and instead of anything pertinent to my actual search, I am bombarded with advertisements and other nonsense.

Whatever virus or malware or spyware program this is was able to get past my Norton 360 and other anti-virus/spyware/malware programs. I have been unsuccessful in locating or removing the problem, with any of them.

I really need help with this, please! I am sure that there are people much more proficient in identifying and solving this problem than myself, so I would be grateful for any assistance that you can give me.

Please let me know what additional information (if any) you need, in order to assist me.

Thanks so much.

Maggie

A:Please Help - PC Hijacked!!! Redirected when I click on search results in Google.

Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.
For instructions with screenshots, please refer to this Guide.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make ... Read more

Read other 1 answers
RELEVANCY SCORE 65.2

Hi,

I was really tired the other day, had a popup on screen to insatall flash player! I clicked yes, and this didgy looking installer ran, Oh dear. Since then randomly if I do a google search, then click the link (in IE8) i get a new window with bizsearch in the address bar, then a orange arrow graphic on screen in the new window, then the page link from google, or a random link. If i close the new window, and click again sometimes it goes straight to the real page, other times it redirects!

Anyways here is my HJT log: Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:42, on 29/05/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\System32\wsqmcons.exe
C:\Program F... Read more

Read other answers
RELEVANCY SCORE 65.2

Hi, this looks like quite a common problem at the moment. When I click on Google search results the browser redirects to another site. I can click the back button, which then takes me to the original link I clicked on, so I guess it is getting redirected after partially loading the real site. I can't get DDS.scr to run on my PC, so I have run HJT from Trendmicro (log file pasted below). I hope that's enough to start with. Thanks to anyone who can help me!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:15:18, on 09/03/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC: ... Read more

A:Browser is redirected when I click on Google search results

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 65.2

The problems stared a few weeks ago with the back button not working. The drop down showed "http://www.google.ca/url?xxxxxxxxxxx" where "x" is a lengthy continuance of an address related to the search.
After getting a notice to update IE9 this problem cleared and a new one started.

I now get "Please click here if you are not redirected within a few seconds" appearing in the upper left when web searching with Google using Internet Explorer or Slimbrowser, which piggybacks IE.
Google Image search also results in a blank page with "Please click here if you are not redirected within a few seconds" appearing in the upper left. Clicking "here" in both cases takes me to the results page.
Web search result links seem to work normally, however Image search results are in what Google call basic version and clicking on a link results in a totally blank page with the status bar saying "done"

Also after updating IE9, when I do a Google search I get a security warning about others can see information, do you want to continue. Clicking yes changes internet options restricted sites from the default setting. Clicking no results in Google not working.
Google states my cookies are not enabled when I try to access my Google settings... they are enabled.
Using IE with Bing does not have this problem, nor does this problem occur in Firefox, Waterfox or Slimboat.

Resetting IE does not help.
Uninstalling IE9 reveals the same problem in... Read more

A:Google search results in "Please click here if you are not redirected within a few seconds"

Here is the DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Ken at 16:10:49 on 2012-09-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1620 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalS... Read more

Read other 44 answers
RELEVANCY SCORE 65.2

I've done several, Spybot, Malwarebyte, WindowsDefender, Mcafee virus scans, and I still keep getting redirected when I click on google search results.Below is my hijack this log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:51:57 PM, on 11/25/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18828)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\OEM02Mon.exeC:\Program Files\DellTPad\Apoint.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\DazzoWallChgr\WallpaperChangerDazzo.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\Mozilla Firefox&... Read more

A:Keep Getting Redirected away from links I click on in Google Search Results.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 44 answers
RELEVANCY SCORE 65.2

When I do a google search and click on the results I get redirected to other sites.I've also noticed that when I right click on my desktop and go to properties and get the "Display Properties" window, the "Desktop" tab is missing therefore I can't change my wallpaper.Here are my logs, thanks in advance!--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, August 4, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, August 04, 2008 10:57:38 Records in database: 1052395--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - My Computer: C:\ D:\Scan statistics: Files scanned: 94146 Threat name: 1 Infected objects: 5 Suspicious objects: 0 Duration of the scan: 01:33:43File name / Threat name / Threats countC:\Documents and Settings\Owner\My Documents\Local Disk (D)\Music\(cam) mary j. blige be without you 1 50.wma Infected: Trojan-Downloader.WMA.Wimad.d 1C:\Documents and Settings\Owner\My Documents\Local Disk (D)\Music\(cam) mary j. blige be without you 1 54.wma Infected: Trojan-Downloader.WMA.Wimad.d 1C:\Documents and Settings\Owner\My Documents\Lo... Read more

A:Google Search, Click On Results, Redirected To Another Site

Hello bxroadsWelcome to BleepingComputer ========================If you are still in need of assistance please post a new Dss log.

Read other 13 answers
RELEVANCY SCORE 65.2

So this is a problem I've been having for a few days now. My Google searches often redirect to click.get-answers-fast.com/ when I click on a link on Google. I've tried to have MSE find it but it couldn't find any problems. This happens while using Firefox (I don't use IE) on Windows 7.

The DDS log is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Adam at 18:56:56 on 2012-07-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12267.7753 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:�... Read more

A:Search results redirecting to click.get-answers-fast.com

For the past week or so I've had my Google searches get redirected to various sites including click.get-answers-fast.com/ I've ran malwarebytes and it found 2 trojans but the redirects still continue. This happens with Mozilla Firfox. MSE has not been able to find anything either. Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Adam at 11:41:33 on 2012-07-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12267.7987 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\s... Read more

Read other 4 answers
RELEVANCY SCORE 65.2

I see that there have been a few others that have posted similar issues, however we have an added issue that after this started happening, the notebook computer started bluescreening immediately after opening AutoCAD LT as well.

The system redirects all search results that are clicked to pages of their choice. Additionally, opening AutoCAD LT 2010 causes the computer to bluescreen with a stop 0x0000008e error.
Attached are the dds, gmer, and security check logs.
I also already ran TDSSKiller and have posted that log (one issue was found/cured)
*********
DDS:

 dds.txt   16.65KB
  1 downloads

 attach.txt   26.32KB
  0 downloads

*********
GMER:

 gmer_log.log   23.56KB
  0 downloads

*********
Security Checkup:

 checkup.txt   1.01KB
  0 downloads

*********
TDSSKiller:

 tdsskiller.txt   51.77KB
  0 downloads

*********
Hijackthis, for good measure:

 hijackthis.log   11.66KB
  0 downloads

A:Search Results redirect to click.get-answers-fast.com

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462453 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 65.2

I use Windows 7 and for the past week or two my web browser (I use Firefox) has been giving me this trouble where whenever I use a search engine, I click on a result and I am redirected to a random web page. Occasionally instead of a web page it gives me a red screen with a some sort of message that says that the page I am trying to view may harm my computer, at which point I close my browser without clicking anything on fake message. Sometimes I am able to get to a page through a search link, but I would say that I am redirected more often than not. Here's my ComboFix log:

ComboFix 10-12-18.02 - Chrissy 12/19/2010 11:51:11.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1213 [GMT -5:00]
Running from: c:\users\Chrissy\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-19 16:57 . 2010-12-19 16:57 -------- d-----w- c:�... Read more

A:Browser redirects me to other web pages when I click on search results

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 65.2

hi, my Google search results are redirected to ad sites. Pop-ups have started to crop up too.I followed your initial preparation instructions, but I ran into some trouble with the GMER section, and an ARK file has not been created. I do have the DDS and Attach.txt information you requested, however when I do a GMER scan I get a blue screen with this information and the scan will not complete:A problem has been detected and windows has been shut down to prevent damage to your computer. The problem seems to be caused by the following file: pwryqkow.sysPAGE_FAULT_IN_NONPAGED_AREATechnical Information:*** STOP: 0x00000050 (0xFC116008, 0x00000000, 0xAFB7C53E, 0x00000000)*** pwryqkow.sys - Address AFB7C53E base at AFB78000, datestamp 4B274f8dPhysical memory dump successful.Here is the DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Justin at 12:38:48.70 on Sat 09/11/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.94 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k Wu... Read more

A:Internet Browser Redirects when I click on search results

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 17 answers
RELEVANCY SCORE 64.8

On every few google searches on firefox (I run Vista) "click find search" highjacks the search. I downloaded and ran malwarebytes program already. There was another search engine highjacker that no longer runs now, but "click find search" has taken its place.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_33
Run by BA at 13:58:23 on 2012-07-13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3998.1229 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Expl... Read more

A:click find search engine results malware redirect

Hy there and sorry for the delay.If you still need help, please re-run DDS and post both logs

Read other 16 answers
RELEVANCY SCORE 64.8

When I do a google search everything comes up normal, however any link listed that I click does not go where it is aimed but instead redirects me to a third party site.

Any help is greatly appreciated, thanks!!

DDS.txt:

DDS (Ver_09-11-29.01) - NTFSx86
Run by pcsadmin at 15:40:32.06 on Mon 11/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.127 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PMService.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files�... Read more

A:Malware infection -- when I click on any google search results, I am redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 64

Hi there, this is my first post on BleepingComputer.com and this one's got me stumped.

If I browse to Google, then do a search, clicking on some of the search results will result in a redirection, not to the shortcut link but to firstly, after about 10 seconds:
hxxp://www.cs102175.com/click.php?s=1&k=612447441&pub=249

which shows a page like this
 redirection.JPG   55.43KB
  2 downloads, then redirects straight away (even if I disable my connection it seams) to:
hxxp://bridge1.admarketplace.net/xtrk.php?k=612447441&isaction=1

this page (if my connection's up) will then redirect to a seemingly random ad page, such as:

hxxp://www.shoppingbank.com/sb/105749/mia/pid/10916384/coid/C85EB6AD44F2C04D80EA8CE66C5881C2

I also notice that there is near constant activity on my network connection, when I'm not doing anything.

I see in the RootRepeal log there's a hidden 'Driver: Tcpip, IRP_MJ_CREATE'. Is this the problem? If so, can it be removed?

DDS (Ver_09-10-26.01) - NTFSx86
Run by Dr Ed Suttie at 22:44:56.75 on 11/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.333 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C... Read more

A:Google search results get redirected by http://www.cs102175.com/click.php?s=1&k=612447441&pub=249

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 64

Ok I've recently had a clean install of windows xp professional and have been very careful as far as keeping it virus free. ATM I only have avg free installed and am running windows firewall. I noticed the problems when I decided to click the play all option in a folder containing videos my system froze up so i decided to restart it (I thought it was just overloaded trying to open them all) after i restarted I attempted to open a secondary hdd i have and it wouldn't open so i went to open my c drive and i got a long error message I'll try to reproduce it but i may make mistakes "Windows cannot find 'RECYCLERS\S-0-1-12-1000002177-1000004212-1000026263-5375.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search." at first it only showed on my c drive but now its on all of them. I then decided to search using yahoo and whenever I click a search result i get redirected to another site. Every time it does it a ip address pops up and then it goes to another site. Oh and I forgot to mention like 4 days prior to all of this avg couldn't update and is still unable to. I should also tell you I'm unable to access microsoft's windows update page everytime I go there it brings me to google search page.
DDS (Ver_09-02-01.01) - NTFSx86
Run by T at 19:15:56.01 on Sat 03/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.103... Read more

A:hdd wont open on double click/yahoo search results redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 15 answers
RELEVANCY SCORE 64

Hi guys, I got a run of the mill search hijack when I do a google search that Im lookin' for help with.

Heres the specs: when i put in addresses directly, no redirect happens. Only happens when i google search. and if i right click and select "copy link location" and paste it in the address bar, it works fine and goes to the right spot. But when i google search and then click on any of the results, it redirects me to various different pages. usually its to the "search" sites that claim to be (whatever-term-i-searched-for.com) and full of nothing but fake links , etc. some popups too, but not a whole lot, firefox stll blocks some of them. For the record, theres not a particular search engine or ad page that comes up repeatedly as far as I notice. In the past it kept going to "tazinga", but not lately.

Anyways, I ran Malwarebytes and nothing came up the last time I used this computer. Im on a dell netbook and I had stopped using it for a few months. when i began using it again today, I realized that I still had this redirect problem from last time, so Im running malwarebytes again, but Im guessing it may not find anything this time either, so far, nothing and its been going for over 2 hrs. Im not really noticing any particular things that stand out with the redirects, its a very generic kind of thing no specific sites or ads that keep popping up, etc.

Ill be happy to post any other information you need from me. i keep trying to attach my gm... Read more

A:Browser (firefox) constantly redirects when I click on google search results

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 2 answers
RELEVANCY SCORE 64
A:I always get redirected when I click on my search results from Google or Yahoo to random pages

Hello kerr505, Open HiJackThis Click on the "Config..." button on the bottom right Click on the tab "Misc Tools" Click on "Open Process Manager" Find and Click on C:\Users\Together\AppData\Local\Temp\FullMovies.exe Click on "Kill Process" button Click YesNow navigate to that file in bold and delete it : C:\Users\Together\AppData\Local\Temp\FullMovies.exePlease run HijackThis! and click "Scan." Place checks next to the following entries, if present:R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cabO17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.153,85.255.112.92O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.153,85.255.112.92Close all browsers and other windows except for HijackThis!, and click "Fix checked".Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.... Read more

Read other 1 answers
RELEVANCY SCORE 63.2

I was browsing the web a couple of weeks ago. All of a sudden a window popped up about some sort if Windows Antivirus thing ( I believe it was Win 7 Security 2012, but am not sure about that). It said I needed to download to protect my pc. It would not let me close the window. When I tried, I could tell it was downloading something to my system (hard drive started spinning). Desperate, I shut down my computer. Now, I keep getting redirected when I click on some Google results. Scour.com flashes in the tab before the redirect. I have run Malwarebytes as part of one of the self help topics I think it was "Remove Win 7 Security 2012 (Uninstall Guide) Posted by Lawrence Abrams on December 6, 2011 @ 11:41 AM ? Views: 246,268" at bleepingcomputer. Although Malwarebytes found some infections, my compluter is still being redirected and hangs up more often now; giving me the windows "not responding" message more often when using applications like Outlook 2010, Word 2010 and IE.

I am running 64-bit Windows 7, adn therefore have not attached a log file from GMER.

Thank you in advance for your assistance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 10:40:58 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2807.981 [GMT -5:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C... Read more

A:Infected with unknown malware - Keeps redirecting when I click on Goolge search Results - Scour.com

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end. Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

Read other 14 answers
RELEVANCY SCORE 63.2

Hi,
My Internet Explorer has been having problem, every time I click the search results from google or yahoo, it will redirect the result page to eBay. I spent a lot of time researching and have tried AVG free edition, Ad Ware 2007, it did not correct the problem. I run hijackThis beta V2.0. Here is the result.

Please help!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:07:26 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MS... Read more

A:Solved: IE browser hijacking, click on search results from yahoo or google go to eBay

Read other 16 answers
RELEVANCY SCORE 62.8

Hi,

I hope you guys can help me out here. This started yesterday on my PC. Basically if you open google and perform a search (lets say for Tech Guy), when you get your results and you click on the one you want, instead of going to the right site, it opens up a new window with the heading "Please take a second to help us identify click fraud" at the top with a list of search terms shown in a central window. Obviously this isn't right so I'm not sure what's causing this to happen, must be something that's got into my PC.
Can someone help, HJT log is as follows and if you need any more info please just ask.
The only thing thats come up recently is that Bullguard asked if I wanted to allow or block C:\windows\che3.exe and I blocked it as I didn't recognise it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:30:48, on 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crypserv.exe... Read more

Read other answers
RELEVANCY SCORE 56

Using a mouse the right click behaves as I would expect it.  Using the touch pad, right and left click perform the same function. 
I am new user to both lap tops and Win 10.  Is there a problem with my new Inspiron 11 3000 or with me?

Read other answers
RELEVANCY SCORE 54.8

I got it from a video link from Facebook, I assume then is a Facebook virus.

The only method I've used to try to get rid of it is an AVG full computer scan and I also did a BITdefender online scan in safemod. Couple of trojans here and there were disinfected and deleted, but I still have the I-X search problem.

A:search answer results lead me to I-X search results

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

Whenever I google search something and click a result, the page usually redirects to get-search-results.com

I tried running several programs like Ad-Aware and Microsoft Security Essentials, however they are saying my computer is clean. How can I remove this? Thanks

Windows XP / 32bit computer

TIA!

A:Google Search Results Redirect to *get-search-results.com

I am having the exact same problem. I've run almost every kind of scan I can think of (Spybot, AVG, SuperANTI Spyware, Microsoft Essentials, etc) and it won't get rid of it.

Read other 2 answers
RELEVANCY SCORE 52.4

I have a toshiba satellite model A215-s7422 with 160 gb harddrive AMD turion 62 duelcore running at 1.9 each and one gig of ram running windows vista premium 32 bit- first of all when I download windows updates it freezes for example, I shut down my computer to go to sleep and my computer installs and configures but when i wake up it will still be on the screen without shutting down. second my system restore doesnt work and I didnt shut it off I use to be able to restore from a earlier time but then when I tried to do one it says i have no more points and when I try to create a new one I get an error saying something to do with the vcss or vss volume driver. Now for my third problem when I turn on my computer sometimes it will just turn off and when i try to do a virus check with avg in safe mode without networking my computer will shut down. Will somebody please help me because I have so many music files I cannot afford to lose any of it since I'm a dj.



Here are my hijack scan results

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:15 AM, on 9/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Advanced System... Read more

A:results after hijacker scan

Hello, coolv70 (2)
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste ... Read more

Read other 2 answers
RELEVANCY SCORE 52.4

Hello and thanks for checking in to my post. As a first time poster here I hope I give you the information you need.

When I do a search in google the first page of the rsults gets hijacked. The description and summary are fine but the link to the results is an ad or questionable "search engine" site. In Google this only applies to the first page of results. The same is happening in a Yahoo search. Dogpile works fine.

I've run Spybot S&D, Avast, Kaspersky and HJT. I've also deleted all cookies and files, removed all versions of Java and reloaded Java 6.11 all to no avail. Help!

Below is the most recent HJT log. The Avast log listed 900 some files all of which it could not scan because they were archived files and every one of them was in the Spybot Recovery directory. ere's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:53 PM, on 12/7/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:�... Read more

A:Google results Hijacker

Hello Wats0469 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 5 answers
RELEVANCY SCORE 52.4

Here you have the new results of rescanning with hijack this, what can I do?.Thanks

Logfile of HijackThis v1.99.0
Scan saved at 07:43:21 p.m., on 30/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Trend Micro\PC-cillin 9\Tmntsrv.exe
C:\Archivos de programa\Trend Micro\PC-cillin 9\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ltmoh\Ltmoh.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Archivos de programa\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Archivos de programa\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Telmex\Visual IP InSight\Telmex\IPClient.exe
C:\Archivos de programa\Telmex\Visual IP InSight\Telmex\IPMon32.exe
C:\Archivos de programa\Trend Micro\PC-cillin 9\PCCClient.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.e... Read more

A:New results of rescanning with hijacker

First, move HiJackThis into its own folder so it can create backups. Then run HJT again, and put a check next to these.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R3 - Default URLSearchHook is missing

Close all other windows and click FIX.

Post another log here in this thread.
 

Read other 1 answers