Over 1 million tech questions and answers.

Bing search redirect virus + others ?

Q: Bing search redirect virus + others ?

Hi - I have been trying to get rid of this thing myself by looking and copying the steps in various threads and finally decided that it is beyond my capabilities to do myself. I used Malwarebytes Antimalware and AdAware to try to delete it but was unsuccessful. I have Symantec Antivirus on my computer but it did not catch it. In all cases, the various programs did find something to remove and I thought it would take care of it, but it did not.

I may have some other virus as well but I am not sure as the Norton Antivirus no longer reports anything. However, things are still running slow and the machine locks up from time to time.

At any rate, thanks in advance for the help - I am so glad that you folks are out there to help people like me.
Here is my DDS.txt file.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Poki at 19:58:49.51 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.105 [GMT -8:00]
.
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Colin\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Colin\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: 4Media iPod Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\4media ipod toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Vqobuli] rundll32.exe "c:\windows\saplmg.dll",Startup
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metama~1.lnk - c:\program files\metamail inc\metamail tray\Metamail Trust Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\windows\installer\{0cd3bb5c-bbca-11d2-8c20-00c04fbbcff9}\A94AAB13.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\colin\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://es2-msg05.raymail.ray.com/dwa7W.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rsvpn.raytheon.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\colin\applic~1\mozilla\firefox\profiles\z3nkoy4c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {EA7E6E29-8163-4B8C-B427-556C29DD1AD9} - c:\documents and settings\colin\local settings\application data\{EA7E6E29-8163-4B8C-B427-556C29DD1AD9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: 4MediaiPod Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Yontoo Layers: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Search Toolbar: [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-3 64288]
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-6-6 116928]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-26 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110212.004\naveng.sys [2011-2-12 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110212.004\navex15.sys [2011-2-12 1360760]
S0 waqmj;waqmj;c:\windows\system32\drivers\zkqu.sys --> c:\windows\system32\drivers\zkqu.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-1-10 280344]
.
=============== Created Last 30 ================
.
2011-03-05 02:54:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cisco Systems
2011-02-13 05:43:02 -------- d-----w- c:\docume~1\colin\applic~1\Toolbar4
2011-02-12 20:37:03 378880 ----a-w- c:\docume~1\alluse~1\applic~1\fCgIu5xD.exe
2011-02-12 13:46:10 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-02-12 13:46:10 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-02-12 13:46:10 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-02-12 13:46:10 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-02-08 05:34:38 0 ----a-w- c:\windows\Itumigapuqa.bin
2011-02-08 05:34:31 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\{EA7E6E29-8163-4B8C-B427-556C29DD1AD9}
2011-02-08 05:34:04 -------- d-----w- c:\program files\Search Toolbar
2011-02-08 05:32:48 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-08 05:32:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2011-02-08 05:31:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\nAfPkDe15400
2011-02-07 07:20:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-07 07:20:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-07 07:16:36 -------- d-----w- c:\program files\iPod
2011-02-07 07:16:35 -------- d-----w- c:\program files\iTunes
2011-02-04 05:05:10 -------- d-----w- c:\program files\iPod(2)
2011-02-04 05:05:05 -------- d-----w- c:\program files\iTunes(2)
2011-02-04 04:54:59 -------- d-----w- c:\program files\QuickTime(2)
.
==================== Find3M ====================
.
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1234GSX rev.AH001A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EE085C]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ee6a38]; MOV EAX, [0x86ee6ab4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86F24AB8]
3 CLASSPNP[0xF7636FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000090[0x86FC75E8]
5 ACPI[0xF758D620] -> nt!IofCallDriver[0x804E37D5] -> [0x86F81940]
\Driver\atapi[0x86F68790] -> IRP_MJ_CREATE -> 0x86EE085C
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1234GSX_______________________AH001A__#5&34ee0a3c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86EE06A2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:00:56.33 ===============

I am also adding the HijackThis logfile on as I have seen others post this as well and thought it might help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:19 PM, on 3/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: 4Media iPod Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\4Media iPod Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Vqobuli] rundll32.exe "C:\WINDOWS\saplmg.dll",Startup
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Colin\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://es2-msg05.raymail.ray.com/dwa7W.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://rsvpn.raytheon.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ray.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ray.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 15481 bytes

Thanks again.

Poki

RELEVANCY SCORE 200
Preferred Solution: Bing search redirect virus + others ?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Bing search redirect virus + others ?

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!Please do not PM me directly for help. If you have any questions, post them in this topic.Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________ One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.It would also be wise to contact those same financial institutions to appraise them of your situation.I highly suggest you take a look at the two links provided below:1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?2. When should I re-format? How should I reinstall?We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.NEXT:Running TDSSKillerPlease read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


If an infected file is detected, the default action will be Cure, click on Continue.


If a suspicious file is detected, the default action will be Skip, click on Continue.


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.NEXT:Running OTLWe need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedNEXT:Please be sure to include an update on how your computer is running.

Read other 14 answers
RELEVANCY SCORE 81.2

Hi

I am experiencing problems with my Internet Explorer (IE). Whenever I search for a keyword on any search engine (Google/Bing/Yahoo), the main links of the results would redirect to various Ad websites. When I point the mouse over the main link, the status bar of the IE shows a link starting with http://1942.r.google.com... If the link is clicked, another window of IE opens up and redirects to another site. However, if I close that window or press the back key, it will take me to my original window that I initially intended to go to.

I, like any other tech, ran several software in safe mode, such as AVG, Trend Micro Worry Free, Symantec Endpoint Security, Spy-Bot, Ad-Aware, Malware Bytes and more. Even though it cleaned many viruses/spy-wares, it could not fix the redirecting issue. I even checked and removed suspicious registry entries from the system. However, I was unable to get rid of the redirection.

I am including log files that were requested. Please help get rid of this redirection issue. Any help will be greatly appreciated.

Thank You!

========================= DDS.txt =====================================
DDS (Ver_10-12-12.02) - NTFSx86
Run by raf at 21:53:40.07 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1284 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Security Agent *Disa... Read more

A:search engine redirect virus (Google/Bing/Yahoo)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 81.2

Recently have been unable to search on any of the search engines. When doing a search on google or other sites I am redirected when trying to click on a site of interest. Attempted to use antivirus and anitmalware without luck.

Appreciate boopme and his assistance
Attached is the information requested

Thanks for the help

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nicholas at 19:26:12.43 on Mon 03/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.80 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\... Read more

A:Infected with google/bing/yahoo etc redirect virus and un able to search

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 16 answers
RELEVANCY SCORE 81.2

Hi

I am experiencing problems with my Internet Explorer (IE). Whenever I search for a keyword on any search engine (Google/Bing/Yahoo), the main links of the results would redirect to various Ad websites. When I point the mouse over the main link, the status bar of the IE shows a link starting with http://1942.r.google.com... If the link is clicked, another window of IE opens up and redirects to another site. However, if I close that window or press the back key, it will take me to my original window that I initially intended to go to.

I, like any other tech, ran several software in safe mode, such as AVG, Trend Micro Worry Free, Symantec Endpoint Security, Spy-Bot, Ad-Aware, Malware Bytes and more. Even though it cleaned many viruses/spy-wares, it could not fix the redirecting issue. I even checked and removed suspicious registry entries from the system. However, I was unable to get rid of the redirection.

I am including log files that were requested. Please help get rid of this redirection issue. Any help will be greatly appreciated.

Thank You!

========================= DDS.txt =====================================
DDS (Ver_10-12-12.02) - NTFSx86
Run by raf at 21:53:40.07 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1284 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Security... Read more

A:search engine redirect virus (Google/Bing/Yahoo) on IE

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They ... Read more

Read other 10 answers
RELEVANCY SCORE 80.4

I have had a search engine redirect virus for some time. Inititally I thought it was the "google redirect" virus, so I started playing with other search engines (Bing, Yahoo) from both Firefox and IE, but I get redirected on all search hits through those engines too. I disabled PrevX software, Spybot software, and AVG software, ran Malwarebyte's Anti-malware which identified 5 things to remove - most it couldn't remove until reboot - but the reboot did not remove them. I ran Hijack This, which directed me to here and to the DDS tool.

Thanks in advance - Sara.

The DDS log is as follows:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Sara at 11:07:36.18 on Sat 06/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1446 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx Edge *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
J:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\McAfee\Common... Read more

A:Redirect virus from variety of search engines (e.g., google, bing, yahoo)

I also should mention two things:

1 - that I have run "Find" on GooredFix.exe and here is the log it creates:

GooredFix v1.92 by jpshortstuff
Log created at 13:42 on 27/06/2009 running Option #1 (Sara)
Firefox version 3.0.11 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="J:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="J:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="J:\Program Files\AVG\AVG8\Toolbar\Firefox\[email protected]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="J:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="J:\Program Files\AVG\AVG8\Firefox"
And 2, I have run CCCleaner, and here is that log (though I did not have it clear the Firefox cache as I was busy composing this post at the same time):

CLEANING COMPLETE - (4.849 secs)
------------------------------------------... Read more

Read other 7 answers
RELEVANCY SCORE 70.8

Hi all, my computer appears to be infected with a redirect virus. When I perform a search on Bing and click a link my browser gets redirected to a site I didn't choose. I'm operating Windows Vista with Microsoft Security Essentials. I ran Malwarebytes and AdAware and neither program found anything. Below is my DDS log and I've attached the Attach and GMER logs as requested. If you need any other info please ask. Thank you!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by office depot at 14:10:43.35 on Tue 04/12/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.668 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rp... Read more

A:Bing search redirect

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 28 answers
RELEVANCY SCORE 70

Within days I have been getting redirects to sales sites when I use Bing on Firefox. Does not occur with Google, nor on IE with Bing or Google, nor on aol with Bing or Google. Only redirects when using Bing on Firefox. I have read some previous posts and have downloaded the couple things it says to start, but did not want to go any further without your approval. Here is the first from RKUnhookerLE which says I'm clear. At anyone's say so I can run the next thing but wanted to make sure I wasn't missing anything. Thank you for your time looking at this for me.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0C4000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF633D000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1470464 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF32B000 C:\... Read more

A:redirect from Firefox using Bing search only

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 8 answers
RELEVANCY SCORE 70

I started encountering redirects from Bing search results. This does not occur very time, but about 50% of the time. Then I've started experiencing various svchost consuming all CPU after about 10 minutes of a reboot causing everything to freeze up. The PC also reboots every so often for no reason. Here is the DDS information:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by John at 20:24:06 on 2013-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5619.3367 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* /SlimCut 2
SP: Windows Defender *Disabled/Updated* /SlimCut 1
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* /SlimCut 0
FW: McAfee Firewall *Enabled* START Hide Column 9
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files ... Read more

A:Bing Search Results Redirect

Hello, and welcome to TSF. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
Please reply within 3 days. If I do not hear back from you in that time fra... Read more

Read other 19 answers
RELEVANCY SCORE 69.2

UPDATE 3/28: Tried a Google and Bing search today, and none of the links appear covered by redirects. Before receiving instruction not to make any changes to my system, I ran another Anti-Malware scan. The results:Memory Modules Infected:c:\Users\Michael\AppData\Local\Temp\ftpgent.dll (Trojan.Agent) -> Delete on reboot.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PkgMtend (Trojan.Agent) -> Value: PkgMtend -> Quarantined and deleted successfully.Files Infected:c:\Users\Michael\AppData\Local\Temp\ftpgent.dll (Trojan.Agent) -> Delete on rebootI am not sure if this will completely erradicate the problem, logs from DDS and GMER (pre-antimalware removal) below:Hello,As of yesterday when I search using Google and Bing I am redirected to various sites when attempting to follow links. The redirect links affect most, but not all of the search results. I am running Windows Vista Home Premium, Firefox version 3.6.16. I have run Malwarebytes Anti-malware, which found three malicious files yesterday, 1 Trojan.Agent and 2 Trojan.Dropper. I deleted these files and restarted. I have also run a full scan using McAfee, which registered and deleted 3 trojans. I am pretty much a novice at most of this stuff, but I can follow directions well. Any help is greatly appreciated.Regards,Mike DDS log:.DDS (Ver_11-03-05.01) - NTFSx86 Run by Michael at 15:4... Read more

A:Search engine redirect (Google, Bing)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 69.2

Hi,

I got a "Internet Security 2010" on Dec 28, 2009. Use AVG, Malwarebytes' Anti-Malware and Ad-Aware (all with the latest update) to clear up the mess. Now, both browser (IE 7 and firefox 3.5) both redirect search results to some bogus web site.

I have run several times using the software mentioned but was not able to find anything.

I've used HijackThis v2.0.2 to produce the following log.

My system Win XP sp3

I've attached the HijackThis log file. Please help!!!!

A:search results redirect (google and bing)

Hi,

Thank you all for posting your suggestions, especially for people working on this site to help others. I saw a post here that ran ComboFix to take care of the browser redirect problem. So, I download it and following the simple instructions. Low and behold, ComboFix was able to detect there was a rootkit running on my computer. After several scan and reboot, my computer is back and no more browser redirect.
I thank you again from the bottom of my heart!!!!

If BleepingComputer.com needs any help, please contact me and I will be more than happy to give my time back to serve the community.

Stephen

Read other 2 answers
RELEVANCY SCORE 69.2

Good morning,
I'm having a problem with a search engine redirect. Most results in google and bing are redirected to an undesireable site. Also, when I open IE and type in an address, a new window opens up with an undesirable redirect. In addition to this, I'm also having the following problems:

-"generic host process for Win32 Services" error message
-"No active mixer devices" error message when I try to adjust audio volume
-generally slow running computer
-restarts frequently needed because software freezes when opening

Below is my dds log as well as an attached zip file with the second dds log and the gmer log. Please let me know what I can do to fix this problem. thanks!!
DDS (Ver_10-12-12.02) - NTFSx86
Run by bdavidson at 10:10:08.95 on Tue 12/28/2010
Internet Explorer: 8.0.6001.18702
============== Running Processes ===============
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\sy... Read more

A:Search Engine Redirect (google, bing, etc.)

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 11 answers
RELEVANCY SCORE 69.2

Hi,
I am getting redirected from Google and Bing seach results page to random unrelated pages.
Avast! is giving a message that there is a rootkit detected on startup at C:\\WINDOWS\system32\drivers\disk.sys but is unable to resolve the issue.
I have access to the XP reinstall disc that came with the computer.
Thank you in advance for your assistance.
Cindy
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Cindy at 20:50:16.54 on Fri 04/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.531 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
... Read more

A:Google and Bing search engine redirect

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a... Read more

Read other 9 answers
RELEVANCY SCORE 69.2

Hello,
After searching on Google or Bing, clicking on a link in the results redirects to sites such as yellowbook.com or get-answers-fast.com. MalwareBytes detected and removed about 50 infected files, but the redirecting is still happening. This occurs on both IE and Firefox. The DDS is pasted below. I have attached ark.txt, and 2 Malwarebytes logs that show what was removed, and a third that shows no infections. Thanks for the help!

===========================================================
DDS LOG
===========================================================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Teacher at 10:01:02 on 2011-11-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.1153 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestr... Read more

A:Infected with Google/Bing search redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 12 answers
RELEVANCY SCORE 68.4

Hello,

I keep getting redirected when I search something in Google or Bing. After searching something on either search engine, the search results page will load, but once I click on one of the result links it redirects me to something totally differnt. The websites I'm redirected to vary between various websites - often including something called "Mfeed", "Stopzilla" and a few others. I have tried searcing with both internet explorer and firefox with the same results. I am also unable to log onto Google Talk or Skype. When I try to log onto Google Talk I get an error message that says "Could not authenticate server".

I first noticed this off and on a week or so ago but wasnt sure if I was imagining things, since it only happened rarely. Approximately two days ago I recieved a notice that my outlook was signing onto a server without a valid signature, but I clicked "ok" or something (in hindsight, not the smartest idea). Since then, the search engine redirects have been increased significantly and now 100% of the search engine results are redirected.

Since I noticed the infection, and before I logged onto bleeping computer, I ran Malwarebytes Anti-Malware, which found 8 infections and then said it removed them. I also ran SUPERAntiSpyware which found 1 trojan and 993 adware cookies, all of which were removed by the program.

I hope this information is helpful to anyone. If anyone can help me I would greatly, greatly appreciate it... Read more

A:Google/Bing Search Redirect - seems like a hijack problem

Apologies for the improper post - I am just reading about the proper way to post a request for help. I am a noob - apologies. I will post a proper posting as soon as I can run the proper programming. Thank you.

Read other 1 answers
RELEVANCY SCORE 68.4

cannot conduct any searches on the computer. Will bring up searcg results but everytime I click a result from the search I am redirected to other pages such as http://search.us.b00kmarks.com/search.php?keyword=norton+internet+security+systems and http://www.blinkx.com/ac/cb?adid=02-100-201-300-404-25&affiliate=6363F6E9%2D9BFC%2D4F79%2D9439%2D761078D881A1 redirected pages are always different. dds text below:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by kelly at 20:06:55 on 2011-07-24
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.479 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc... Read more

A:Google, Bing and other search engines redirect constantly

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 7 answers
RELEVANCY SCORE 68.4

I'm just going to throw out as much info as I can think of. I run XP, ran defogger, then dds, but gmer crashes before the scan is complete. It gets to a certain point and crashes. The folder it gets hung up on is:

c:\documents and settings\myname\application data\mozilla\firefox\crash reports\pending (Ironic!)

Mainly this is just affecting searching right now, with a few pop ups, but it's getting worse so I need to get rid of this ASAP!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Dawg at 13:59:28 on 2012-02-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.424 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience&... Read more

A:TDSS and Google/Bing redirect search results

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Replace your hosts file first.Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=Download the program HostsXpert to restore the default hosts file back onto your machine.Unzip the program and execute it.Select "Restore MS Hosts File".Close the application.=*=Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the ... Read more

Read other 11 answers
RELEVANCY SCORE 68

Hello,

Today while browsing my AGV notified me that it caught a threat and moved it to the virus vault. Soon after I began having redirects in my Bing search results. I was redirected to Scour the first time and then a couple of other sites during later attempts. I did not get the name of those sites because I hit the back button as quickly as I could. I attempted removal instructions found on the net to no avail. I used rkill, tdsskiller, and scanned with Malewarebytes and AGV. Both found nothing and I'm still getting redirects.

Thank you for the help!

Here is my log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mr. Holbrook at 20:25:38 on 2012-09-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.291 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012&... Read more

A:Infected with Scour Redirect and other Redirects in Bing Search Results

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 18 answers
RELEVANCY SCORE 68

I don't remember the exact day it started, but for the past week or so, I have had issues when I try to click on a search result link from any search engine: Google, Bing, etc. Like so many others in different forums/posts I have read over the past few days, if I cut and paste the shortcut into the address bar and hit Enter, it takes me to the appropriate site. But if I just click on the link, I am redirected to anything from porn to shopping to completely random sites. (There is a green globe before the web address for every site I am redirected to, if that helps at all.) That seems to be the only issue I have currently, although a few days back my firewall turned off on its own. Since then, I have downloaded and run Ad-Aware and Malwarebytes' Anti-Malware software, as well as the (paid version of) Spyware Sweeper and (free version of) AVG Anti-Virus that I already had running on my system (Windows XP). At first, a trojan was found (Trojan.Backdoor.ProgDav) and after two tries, seemingly removed. I also had a Win32/Cryptor virus found and removed and two other viruses I can't recall. I have run full scans using everything I have over the past day (in both safe and regular mode) and nothing has been found. But the redirecting links problem still persists and I am worried that there are worse things happening to my computer behind the scenes that I can't detect with the naked eye. Any help would be appreciated; if I can't figure this out soon, I&#... Read more

A:Search Engine (Google, Bing, etc.) Link Redirect Problems

hello JHWK54ME and to Bleepingcomputer.if I can't figure this out soon, I'm going to have to take my laptop in to a professionalmethinks we're going to put these guys out of business one day Yup. . . you've got a nasty on your machine. We can get rid of it. . . but first, a warning.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you d... Read more

Read other 38 answers
RELEVANCY SCORE 67.2

On @11/1 i would get redirected to sites that have nothing to do with the search engine result i clicked on. I would need to rerun the search and click on it again to get to it. BACK does not work on the site i'm redirected to, it just sends me to the main page that i'm redirected to.Happens with bot IE and Firefox.I have dwm.exe running from my temp directory and i can't delete it, even in safe mode. Also looks like shell.exe and svchost.exe are running from a wrong directory. Note: I downloaded GMER but the buttons that the instructions say to check are grayed out & uncheckable. Services, Registry & Files & c:/ & ADS are the only ones i'm allowed to check. I did not run it.Here are my logs as per http://www.bleepingcomputer.com/forums/topic34773.html .DDS.txt:DDS (Ver_10-11-03.01) - NTFS_AMD64 Run by John at 4:49:51.15 on Thu 11/04/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1630 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows&#... Read more

A:Browser redirect in Search Engine results (Yahoo, Bing, Google)

Moderator - please close this thread.
I followed boopme's 1st post in the below thread and i'm good now.
http://www.bleepingcomputer.com/forums/topic358309.html

THANK YOU!

Read other 2 answers
RELEVANCY SCORE 66.4

Please help! I have been infected by something that redirects me do random sites after I have done a searchs on Google, Yahoo or Bing. The latest redirects have taken me to the following website hxxp://server2.mediajmp.com/surveys/don-index.html?sub=yahoo.comor hxxp://server2.mediajmp.com/surveys/don-index.html?sub=google.comBoth of these links have an audio file asking me to participate in a 30 second survey. I have run Byspot Search & Destroy, PC Tools Spyware Doctor. Adaware & Malwaresbytes Anti Malware and still can not rid this thing. Other sites worth noting which are part of the redirect there are 9 click.php files here are some of the URL'shxxp://64.111.208.43/click.php?re=1&cc=eNoVUs3OqjAUfCATbQuUduECUPlERAFBYHNDC4j8qKCCEB7-amYyyUxOchYz10kkFE0I4GlfKB-r2H4mMAdQ_OkvBxRCRABCVMJTeIbSVjdyXn-q1F4uJ8gTIGaMEiDwOOYZSBCDCUScpISSmP-DNOM4FgSQUkw4FzOJUSQnNMNMRoyyCaJJmFLrXnlW9b6Mir0wGmLUGrevD7-yhfJuKbaSO2LDe-e-jfr6eOwwbt24dcfnuD96_Wc1k9vv20p5FabpGsRD2H0koPKNzs5eoguHRTc8mjxVr59z4dB1mWe3esXtNKt0t6tIK-zOg8w3z-RlVUBk6_Wi1AYr90vzSA6CT1Zdu7iPqNmWffHurdQYj3-qLcB920inRluczuqmf2yybnSawNEeRSll1Ws3vNP4-Iy4FP3lQxU4GCq9mvsZ9e-BWjfrEgkzwxc7sFadYIisp25oPDx_Bh_qoLeiY9kf6pNXBhqbxfygaKi-xeSa6UPirzwxuuyk0NuBgofrw-4un3TlOr5uTXgYxtCTN7PNFcscRqV5qQ-tebLExZ4IWvq4pezQlK5K3MdMSYYn8y7LiZI5QtJcIF9OYIKEzEUwl9Ec_-yEpkRIBLOGHbtZIAqMVxgYbRQ4PdM3ReRKBUOg-17-8O00RhCbZ-cdBepg1lbHfntBIMFJmooES4jiFCBKMlliTGIA41RG_wGSB9Po&cu=54d123a8433ce1b67595029df86bafdf&co=bc2be11daa9a7ffd8567da1141096460&... Read more

A:Search Engine Result Redirect Google, Yahoo & Bing http://r9237242.cn/

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 64.8

The issue I am experiencing sounds extremely familiar to this thread (http://www.bleepingcomputer.com/forums/topic451230.html). However I read the instructions and created my own topic just in case it was a different source that is causing the same symptoms.

Thank you in advance for taking the time to look at my issue!

----------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Will at 23:03:49 on 2012-04-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6134.4127 [GMT -5:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\sp... Read more

A:Redirect Virus when using Google or Bing

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 19 answers
RELEVANCY SCORE 64.8

I seem to have the same virus others have posted about recently. Clicking on links in google and bing causes redirects to other random sites. I've ran a couple programs such as Hitman and Malwarebytes, and they both found and removed some trojans, but the problem still remains. Thanks in advance.

Here's my dds:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Run by Jeffrey Brunetto at 10:03:30 on 2011-07-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1314 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility(2)\CameraMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\... Read more

A:another google/bing redirect virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 12 answers
RELEVANCY SCORE 64.8

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

A:Redirect Virus when using Google or Bing in IE

Hi Gringo, I appreciate your help.

Last night this problem was still occuring, being redirected... today when I tested, from IE, both Bing and Google were no longer redirecting... the only thing I have done since was shutdown and rebooted and copy a few files from that machine for back up... strange...

Anyway, using ComboFix now (I'm on another machine)... it's taking quite awhile... ComboFix told me to disable Norton Antivirus, when I had already disabled it. I checked it was disabled, it was and clicked ok and ComboFix's next message said it would continue, at my own risk... do you want me to unintall Norton completely to use ComboFix?

Waiting for it to finish now, and will post logs asap. Thanks.

Read other 17 answers
RELEVANCY SCORE 64.8

Also, deletion of dsona.dll is prompting a consistent DLLRUN error at startup.

Appreciate any help.

Thanks,
Tom
 ComboFix log 080312.txt   26.68KB
  2 downloads

A:Infected With Redirect Virus - Bing

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463802 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 31 answers
RELEVANCY SCORE 64.8

Hello all,
I'm a bit ashamed to resort to posting here - usually I can handle all this myself but this one has me flummoxed. I've read through the 'Preparation guide' so apologies if I get this wrong. I have Trend AV running (nice job Trend!), I've also run TDDSKiller, RogueKiller & GMER to no avail. ComboFix seems to come up with an error - Cannot access specified device, path or file - and thats running as administrator. Ho hum.

Symptoms: Clicking on Google search results will redirect to strange websites - usually blocked by Trend. Also does this in Bing. Across all browsers. Firefox has recently stopped launching, kept immediately crashing but worked on other account. Have since uninstalled.

Many thanks for looking - Pete

DDS.TXT:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by Pete at 21:55:32 on 2013-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.1479 [GMT 0:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program ... Read more

A:Google (& Bing?) redirect virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 3 answers
RELEVANCY SCORE 64.8

Hello,

Recently, I was having problems with my computer where I could not open any applications or access parts of Windows 7 (64 bit). Ultimately, I was told by the ASUS technicians that I had to reinstall Windows 7. I thought reinstalling Windows 7 resolved everything but google/bing searches yield results that redirect me to spam websites. Strangely, yahoo searches work fine. I understand that there is some malware on my computer but I have no idea how to remove it and am befuddled because I assumed a reinstallation of Windows 7 would bring it to its factory state (obviously I was mistaken). If somebody could assist me in resolving this problem, I would GREATLY appreciate it.

Below is the DDS.txt file:
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Big Boy at 14:52:28.44 on Thu 12/23/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2193 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows�... Read more

A:Google/Bing redirect virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 64

Hello. I seem to be infected with some sort of redirect virus. A second or two after performing a Google search, all of the listed links have been modified to something like: http://www.google.com/go?8024257

And when I click one of them, I get redirected to a different spam site each time. I get the exact same behavior with Bing. With Yahoo, it doesn't show any results at all and instead suggests that I may be infected with a virus. Also, I get the same behavior with Firefox and Internet Explorer.

While trying to run DDS and GMER, I get several "crash" error messages (cscript.exe, notepad.exe, mspaint.exe, etc.). I am attaching some screenshots.

When I tried to run GMER, I got several "access denied" messages and when it finally opened, several options were grayed out (see screenshot). So I was unable to run the tool (it just popped up more "access denied" messages and then said "no modifications were found").

The DDS log is below and the "attach.txt" file is attached. Thanks in advanced!

---------------

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by simon at 8:28:22 on 2011-07-01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1166 [GMT -7:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32&... Read more

A:Redirect virus - Google and Bing, Firefox and IE

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 4 answers
RELEVANCY SCORE 64

I am operating XP on a MSI Wind laptop. When in IE 7 any searches done with Google are redirected to unusual site (florida-traffic.com). If I use the google search window in my toolbar I get a "302 Moved the document is here" page or the following:ERRORCache Access Denied--------------------------------------------------------------------------------While trying to retrieve the URL: hxxp://www.google.com/searchThe following error was encountered: Cache Access Denied. Sorry, you are not currently allowed to request: hxxp://www.google.com/search? from this cache until you have authenticated yourself. You need to use Netscape version 2.0 or greater, or Microsoft Internet Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please contact the cache administrator if you have difficulties authenticating yourself or change your default password. ----------------------------------------If when using Google I return to the search page after the initial redirect and resubmit the inquiry I get to the page listing potential sites. When I click a site, I am redirected to other bogus sites. If I return to the former page and click the link again, I am then forwarded to the site I want. In Firefox google searches get the same "302.." page mentioned above. I also get redirects using Bing in either IE or Firefox. I have tried Hitman Pro 3.5.5 and Malwarebytes Anti-Malware to no avail. I don't think these are related but will include them just in case, I... Read more

A:Google & Bing redirect virus infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

Read other 16 answers
RELEVANCY SCORE 64

When I search for something using Google (or Bing), the results list shows up like normal. But when I click on a listed link it redirets me. I see a partial http address- boses.com- pop up for just a couple of seconds on the Explorer tab before it changes to another address. The first time it happened a pop-up window occurred saying I was the winner! and asking for me to click on the the bottom to continue (which I didn't). Now the only thing that happens is I am redirected to a blank white page that has a button that says click to continue (which i don't).Here's my operating system and browser info:Windows 7Version 6.1 (Build 7601: Service Pack 1)Internet Explorer 8Version 8.0.7601.17514Cipher Strength 256-bitHere's DDS.txt log:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514Run by Jonathan at 11:56:03 on 2011-09-20Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.1911 [GMT -7:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\sys... Read more

A:Google/Bing redirect virus/malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 44 answers
RELEVANCY SCORE 64

I have a redirect virus. I have read all of the posts on this and performed the same actions as others, but it is not fixed. I had the fake AV alert a week ago, which I removed, but since then I get the browser redirects. I have used ComboFix, MalwareBytes, ESET, SpyDoctor, SpyBot, TDSSkiller, RootRepeal, SuperAntiSpyWare, GMER, etc. I haved tried every program I have read in these forums and I am still not fixed.Can someone help me with this?What log do you wish for me to post?Thank you!Here is the HijackThis log file...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:13, on 2010-07-08Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Syman... Read more

A:Redirect Virus, Google, Yahoo, Bing

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

Read other 11 answers
RELEVANCY SCORE 64

Hello,

I have a trojan/adware/spyware on one of my computers installed.
Combofix, Malwarebytes, Avira, Kaspersky, DrWeb, Spybot, Panda Cloud and Superantispyware cannot find it. They all say the computer is clean.
When I use google the link I click goes to another site then I selected. Same goes for Yahoo and Bing.
When I open the link in a new window it works.

Also Windows is reporting the security center does not work.

Here is the log from Combofix (it says Panda is enabled, but it was deinstalled):

ComboFix 12-03-04.02 - Gebruiker 05-03-2012 16:34:13.2.3 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.3405 [GMT 1:00]
Gestart vanuit: F:\CFx.exe
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-05 to 2012-03-05 ))))))))))))))))))))))))))))))
.
.
2012-03-05 15:38 . 2012-03-05 15:38 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp
2012-03-05 15:38 . 2012-03-05 15:38 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-03-05 15:38 . 2012-03-05 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 17:20 . 2012-02-24 17:20 -------- d-----w- c:\progr... Read more

A:New Google/Yahoo/Bing redirect virus?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Wisso at 17:40:51 on 2012-03-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2735 [GMT 1:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:&... Read more

Read other 20 answers
RELEVANCY SCORE 63.2

Hello, This thread was originally posted herehttp://www.bleepingcomputer.com/forums/topic435405.html/page__gopid__2530602#entry2530602In that thread, I posted minitoolbox and HijackThis log files. In subsequent posts, I will posts the files asked for here. In short: I am running Windows 7 64 bit. According to Microsoft Security Essentials, I have the Win32/Alureon.tk and Win64/sirefef.j Virus that redirects one's searches. When found and quarantined or removed, MSE tells me to reboot. Once I reboot, the system will not boot, a quick BSOD flashes and it goes into a system restore mode. I have tried rebooting a few times to see if any removal attempts worked, but to no avail. The system seems ok while they are suspended by MSE, but obviously I need this garbage off my machine ASAP, as it is still a threat. I disabled my CD Emulation software.I've read others who have this problem, but the "reboot and have to restore the system" problem seems new. Hence, looking for help from those more expereinced than I with this new Trojan..DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26Run by Tuff at 17:09:22 on 2011-12-30Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2347 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\... Read more

A:The Alureon.tk/sirefef.j virus (google/bing redirect)

This is the attachment asked for in this forum.

I suppose Microsoft does not have a more "solid" (ie - quick) fix for this trojan yet. The need for a system restore once MSE removes the threat puzzles me.

Read other 3 answers
RELEVANCY SCORE 63.2

Hello,

First post here. After searching about this Trojan for a couple of days and making little progress on it myself, I found this place with numerous people reporting the same problem. I believe I have run into the same problem, but am more "restrained" with what I am able to do.

The problem is this: I originally saw some popup come up that I mistook for Microsoft Security Essentials, and went to clean the problem. However, I question if that was a fake popup or MSE (I wish I was paying better attention now, was preoccupied) and also had a Java update. After that, the redirects began coming over and over. I updated MSE and it founded the alureon.tk and sirefef.f and sirefef.b trojans. (additionally it founded coinminer, but it seems to of cleaned that problem at least).

Here's the kicker - MSE finds these trojans, and it seems they come back every 5-16 min. The logs from MSE show the threat removed, but it's clearly not, as it returns briefly. From here, it suggests "reboot to finish removal" so I reboot. I get a brief BSOD, says system cannot boot, and I have to do a system restore, sending me back in time and back to square one. I've run TDSS and that has found nothing. Adaware found nothing, malwarebytes found a few things and removed them, but nothing pertaining to this it seems. I also have run HijackThis and cleaned a few BHO files I thought were redirect related. Those also return once MSE "refinds' the alureon.tk or s... Read more

A:The Alureon.tk/sirefef.j virus (google/bing redirect)

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 6 answers
RELEVANCY SCORE 63.2

Hi -

I need help removing some sort of malware from my computer.
Whenever I use google, the search results are re-directed to other sites - sometimes bing, k-directory.co.uk, cansearch.ca and many others.

I have been trying to get rid of this for months now, I have changed to firefox from internet explorer, I have cleared my history/cookies, etc, tried the methods from other forums, and I have scanned my computer using AVG 9.0, Super Anti-Spyware, Windows Defender, Malwarebytes, Spybot Search and Destroy and Web CureIT.

Nothing works.

I'm getting the feeling that this problem needs some sort of manual fix, and since I don't know much about these, I'm looking for help here.
Sorry if this is a duplicate topic, but I have tried the answers in other forums to no success.

PLEASE HELP.

Thanks!

A:Google Redirect Virus - K-directory, bing, cansearch.ca

Please post the results of your last MBAM scan for review (even if nothing was found).To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\LogsPlease follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.If malicious objects are found, they will sh... Read more

Read other 11 answers
RELEVANCY SCORE 57.6

Hey all,I have a nasty redirect virus/malware on my computer that I have been trying to delete for 2 days now. The symptoms are as follows:-Google and Yahoo are in German (and therefore all websites I visit through those search engines are in German). For example, when I type "Yahoo" in my Google search bar it directs me to google.de, and then when I click Yahoo the entire website is in German. It does this with other sites such as CNET, etc. as well.-Clicking links often results in multiple redirects-I have Spybot and AVG 9 Free. Spybot has detected around 200 malicious files but when I attempt to remove them, I get an error saying something about the System32 host files.-I have checked for the TDSSServ.sys and didnt see one.I would appreciate ANY and ALL assistance. It is driving me crazy! I want to avoid wiping at all costs if I can, as it is a computer I received through college with a laptop lease program which I have since bought out and it has several programs on it thanks to the University which arent standard.THANK YOU! P.S. I have the DSS files below and attached. When I attempted to obtain the GMER file, my computer froze the first time and on the next two attempts I received the following blue screen with the message:"STOP: c000021a {Fatal System Error}The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000). The system has been shut down.=================================DDS (Ver_10... Read more

A:Possible Redirect Virus (in addition to all search engines/search results being in German)

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.====================================I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either AVG or McAfee.Important note: It is important to run the removal tool after you uninstall the AV that you wish to remove.AVG removal tool --> HEREMcAfee removal tool... Read more

Read other 20 answers
RELEVANCY SCORE 56.4

I have a phantom item that says "search with bing" on my right click menu in IE11, which I can't remove.  It doesn't appear in the list of search providers in IE options, only the right click menu.

A:Unable to remove "Search with Bing" from Internet Explorer 11 right click search

I think the Bing bar comes as part of win 7 install on a lot of computers so you should find it in add remove programs
and be able to uninstall it from their.

Read other 28 answers
RELEVANCY SCORE 56.4

DDS.txt Log is below and Attach.txt is attached with this topic.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jigi at 18:43:11 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.1313 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32... Read more

A:I use Bing search and search links redirected to http://dailyprize-winners.com

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

Read other 9 answers
RELEVANCY SCORE 56.4

You know where it says www.techspot.com. Yes it has taken it over. There is no bing addon, extension or remove program. I followed a few guides I found googling and they only work until I restart FF. My old search engine was Google in the address bar.
 

A:Bing has taken over as my default search address bar in Firefox, search provider

In the address bar where it says your search program. Drop down the menu there. You should be able to switch it back to Google
 

Read other 24 answers
RELEVANCY SCORE 56.4

The problem is any search website comes up with page can't be found: Google.com, Bing.com, Yahoo.com comes up but when I try a search it does nothing. I have no issues going to any other website, just search websites.

I have a laptop running Windows 7 Home Premium 64 bit with AVG Anti-Virus Free Edition 2011 and no third party firewall.

AVG scan is clean. Malwarebytes scan is clean. Ccleaner has been run. I have reset IE 8 settings to default. I have flushed the DNS. I have run HiJackThis and don't see any problems. I have checked the host file and there are no strange entries.

I need to know what to try next. Any help or direction would be appreciated.

Thank you.

A:Can't Access Search sites: Google, Bing, Yahoo Search

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Kindest Regards,SweetTech.

Read other 3 answers
RELEVANCY SCORE 55.6

Those who use Bing and Google to do searches might find this interesting.

http://nakedsecurity.sophos.com/2012/10/05/bing-image-blackhat-seo-poisoning/

---------------------------------------------------------
 

A:infecting Your Computer - Bing Search Vs. Google Search

Good read, Frank
 

Read other 1 answers
RELEVANCY SCORE 54.8

I have done this several times, but I no longer see Google Search listed at Internet Explorer Gallery

How else can I do it?

A:Replacing Bing search with Google search

One way---

https://tools.google.com/dlpage/tool...en&brand=GGHP&

Read other 14 answers
RELEVANCY SCORE 52.8

When I do a web search and click on the result, it redirects me to a different search-type website (find-quick-results.com, etc), instead of the intended website.

Thanks for the help resolving this in advance.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Frank at 14:15:06 on 2011-07-04
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2037.735 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\... Read more

A:Web Search Redirect Virus?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 52.8

Hello,
I am experiencing the same Search redirect problem that many others have posted about. All search results on all search engines are being redirected to randoms sites when clicked on. Also my laptop's overall performance seems to be slowing down at times.
The computer is a Dell Lattitude E6400 running Windows XP, SP3. Spyware Doctor with Antivirus, AntiMalwareBytes and McAfee haven't caught anything. Please help!

Thanks.

A:Search redirect virus

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers
RELEVANCY SCORE 52.8

Hello, When I search on google or yahoo I get redirected to a different site ithas been happening for a couple days nowI full scanned using Malwarebytes' Anti-Malware and it found a trojan and removedit but it still redirects the linksDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 10:45:46.04 on Thu 09/09/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.163 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Multimedia Card Reader\readericon10.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator.ALO.000\Desktop\dds.scr==... Read more

A:Search redirect virus

Good evening. I see no sign of either an anti-virus or a third-party firewall installed on your system - how long has this been the case?

Read other 22 answers
RELEVANCY SCORE 52.8

My McAffe did not pick up a search redirect virus. I seems to want to redirect me to Intellius, among others, but it does not always hyappen. I can't figure the pattern. I do not have the original windows install disk, it was pre-loaded. Thank you.

I have attached the zip file with the other 2 logs.

Here is the DDS file:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by James Peters at 13:02:47 on 2012-05-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1283 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.... Read more

A:Search redirect virus - please help.

Hello and welcome to TSF.

I am not really seeing any serious malware. However, I'd recommend you uninstall the Yontoo Layers Runtime 1.10.01 application via Add or Remove Programs in Control Panel, as it's classifed as malware here Then navigate to this folder and delete it if it still exists:

c:\program files\yontoo layers runtime

===============

Next,
Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Launch Malwarebyte's, and select Perform Quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply and let me know if the situations has improved.

Read other 19 answers
RELEVANCY SCORE 52.8

Hi I hope someone can help me. I visited popular comics news site Newsarama.com and either they or their adserver tagged me with something nasty. Windows Media Player opened, my Microsoft Security Essentials immediately announced it was suspending something and did so but by then the damage was done. Now every Google search on any browser redirects to attack pages. I can use Google cache to find stuff but I can't fix the underlying problem. I've updated and run full Microsoft Security Essentials scans, Malwarebytes (both with System Restore on and off), Spybot and Housecall. No dice. I installed the Firefox addon NoRedirect which worked for a while and then bizarrely stopped working as if the bugger and learned how to get around it. At this Google Support Forum http://www.google.com/support/forum/p/Web%20Search/thread?tid=6df7e15519290612&hl=en someone had recommended ComboFix to solve the problem but surrounded by bloodcurdling warnings to only use it under the supervision of an expert. End of my rope here and I really hope someone can help me.

A:Help! search redirect virus

I would recommend re-posting in THIS forum.

Read other 5 answers