Over 1 million tech questions and answers.

Search References Redirected--Highjacked?

Q: Search References Redirected--Highjacked?

My problem is similar to BTHORNBURY (All Search Engines Hijacked). His/her question hasn't been answered yet, and it seems we should not be using the recommendations made to other users, so . . .

I pretty much always use Google to search for things. It throws up a list of links to click on, but about three days ago, whenever I click on a link, I get sent to another search engine, like INFO.COM, or to another site. For example, I click on

Detachable Two-Piece Bamboo Knife Block shopping in Crate and ...Shop for Detachable Two-Piece Bamboo Knife Block Knife Storage and other items in the Cutlery department at crateandbarrel.com.
www.crateandbarrel.com/family.aspx?c=608&f=26236 - 79k - Cached - Similar pages
and I end up at a Smart&Final store website, which has nothing to do with what I was looking for. And my "back" button is usually disabled, so I cannot get back to the search page.

But then sometimes, I will click on the link and get sent to some other site (like I am looking for X-Files episodes and I get sent to a car dealer website), and when I get back to the search results, the links work OK.
Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:16 PM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\All Users\Application Data\Laplink\Laplink Gold\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\LLMirrorMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SoftMaker Office 2008\Smash.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Laplink\Laplink Gold\tsircusr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Smash] "C:\Program Files\SoftMaker Office 2008\Smash.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.9/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139900119294
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-724a046e9bca44e9.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-pcnow/ra/ieatgpc.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3112.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OracleOracle9iDSClientCache - Unknown owner - C:\OraHome1\BIN\ONRSD.EXE
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - Laplink Software, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 15838 bytes

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Search References Redirected--Highjacked?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 60.4

Hello,My name is Jude, and I am in need of some help.For a month now I have tried to fix these problems by myself, but I now realize I need help to get this fixed.Here is the timeline, and what is still occurring, which I cannot figure out how to fix.About a month ago, the computer became nearly unusable. I ran SpyBot and Malware Bytes, which found 49 malware and 23 other problems. The two problems did their job. I then ran AVG, found a few viruses, and took care of them as well.The computer itself was better, but not the browsers...Internet Explorer refused to load, and although Firefox would, it constantly was opening a new tab to some other website...Then I found that even Firefox didn't want to load... So I tried clicking numerous times (once every time the "wait circle" would stop and no browser would appear) until either IE or Firefox would eventually come up. Looking in Task Manager, I would (and still do) find several instances of Explorer, iExplore, and Firefox loaded into memory.I then found that my search (Google in Firefox, Bing in IE) was hijacked, leading to a different website and opening more tabs again!----------Jumping to today----------------I have tried everything I can think of, and more.. I even updated Firefox, uninstalled IE7 and then installed IE8 (64 bit will load up, but not regular IE). The update fixed the Google search, and yet..When I do a search with Google, often times the top results will not show the link (I have to copy th... Read more

A:All browsers redirecting, search bars highjacked, Google search results not coming up, etc.

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 27 answers
RELEVANCY SCORE 56

Hi Guys,
Every time I try to pick a link after a Google (or other provider) search, it takes me to another site and they seem quite random.

I have attached my log file below so hopefully one of you can help before I have to rebuild the PC. you can see from the file I've tried most malware software I can think of!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:15, on 16/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files... Read more

A:Search Engine Highjacked

Hi, JB21

Welcome.

Please follow these steps:

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change Drivers to All
Change Standard Registry to All
Under File Scans, change File age to 30

Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lock... Read more

Read other 1 answers
RELEVANCY SCORE 56

hi, if anybody could give me a hand that would be great, already read and followed the steps on some similar threads, but no luck yet.

Problem: some sort of virus has highjacked all search engine results, meaning, regardless of the browser i use (internet explorer, chrome, etc), or the search engine (google, bing, yahoo, ask, etc) whenever I click on one of the results, I get redirected to advertisement website (advertisementsign, productslabel) for example:

searched highjacked on google and clicked on a result and got:

hxxp://productslabel.com/?search=hij...7546b3fcfa858b

what I've done so far:

-flushed the Java Cache
-flushed all browsers cache
-flushed the DNS cache
-run gooredfix (log attached)
-run kapersky tdss killer (log attached)
found backdoor.multi.zaccess.gen service matlabserver
-run tdss fix (no infection found)
-run mbrcheck (nothing found, log attached)
-run roguekiller (log attached)
-run malwarebytes (log attached, rootkit zeroaccess found)
-run hitman pro (log saved)
-run mgtools

A:highjacked search results

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad... Read more

Read other 2 answers
RELEVANCY SCORE 56

Hi, everytime I click on a website from the list Google or Bing returns, I get these random search engines, I have read the other posts and they seem to be about the same. I downloaded HJTsetup from the link and here are my results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:25 PM, on 12/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\N... Read more

Read other answers
RELEVANCY SCORE 56

When ever I click on a link from a search rngine it gets higjacked. Please help me fix this problem. Thank you in advance.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by macey2 at 14:30:31 on 2011-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1744 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Sof... Read more

A:Highjacked Search engine

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.[list]
alternate download link 2Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked ... Read more

Read other 5 answers
RELEVANCY SCORE 56

Hello,

I use Windows XP and have a problem that my AVG anti-virus, Malaware or any other spyware killers can't remove. Anytime I try to search for something in Google, I get taken to a fake ad site when I click on a result. I am also getting new tabs popping up. I use Firefox. It's frustrating not being able to do any searches. Any help would be appreciated. Thanks!

Here are the requested files:


DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 22:44:14.04 on Sun 05/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2824 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClea... Read more

A:Search engine is highjacked

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 15 answers
RELEVANCY SCORE 55.6

hi
can anyone help with seacrh engine results being highjacked

thanx mark

A:search engine results highjacked

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 33 answers
RELEVANCY SCORE 55.6

I followed the advice of a posting in another sectioni of this forum, and downloaded a "free download" suggestion. It turns out to have been malware. Now the search function of my browser has been stolen. Its logo is shown in the attachment. How do I get rid of it, and restore Google?

A:Malware has highjacked my search function

Could you give us a hint what you downloaded and from where?
Can you give us the post you found this download in?

Read other 1 answers
RELEVANCY SCORE 54.8

Hello,

My Trend Micro is picking up a TROJ_ZAC quite a bit. I ran Malwarebytes and 11 items were found including Trojan.QHost.BG, PUM.Hijack.StartMenu, Trojan.Agent, and RootKit.0Access.H to name a few. Also, a program named "SMART HDD" was installed on my computer and it pops up things like my HD is corrupt/damaged and it will run a fake scan, etc.

Things I've done:
-- Ran Malwarebytes and Superantispyware in Safemode. Seemed to clean it up but the issues returned.
-- Was able to delete the SMART HDD but that will return after a time too.

Help!! And thanks in advance!

Matt

A:**** Troj_zac, pum.hijack.startmenu, IE search highjacked

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 4 answers
RELEVANCY SCORE 54.8

Hey everyone, well I dont know how it got there but there is this thing that has highjacked my browsers. When I load my browser and type in a website I want to goto it takes me to this searchportal. I downloaded the highjack this but Ijust dont know what to delete or what to do to get my system fixed. Here is my logfile. Please help, I am lost at this.
LOGFILE
Logfile of HijackThis v1.99.1
Scan saved at 7:05:27 PM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuaucl... Read more

A:Search Portal has Highjacked my system(Help with HIGHJACK THIS)

Read other 16 answers
RELEVANCY SCORE 54.8

For the last 24 hours, I have not been able to access my regular Google search engine. Every time I try (and I have tried A LOT) whatever I am looking for takes me to Bing. Once there, I still cannot get to any of the sites.

I have done LOTS of things to correct this, such as:

Searched out help online
Cleaned my cache
Deleted my History
Did system restore (a number of times)
Changed some information in the Hosts file
Searched Google Help for help (problem has occurred a lot - no indication they are concerned)
Upgraded my Google Toolbar
Nothing has worked!

At this point, I am at my wits end!

Please help me.

B~
 

A:Solved: Search Engine Highjacked by Bing

Read other 8 answers
RELEVANCY SCORE 54.8

Sorry for the multiple posts on the same board. I was given a 503 (I think?) error the first two times so I assumed it hadn't posted
 
When launched, IE and Firefox open to dp-search.com instead of their normal home pages. I am able to change the home page back, but once I exit the browser and start it again, dp-search is the home page. Has not affected Chrome. Was not detected by malwarebytes, microsoft security essentials, spybot search & destroy, or avast! free antivirus. Need help removing this adware/malware.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Tim (administrator) on TIM-PC on 02-02-2015 17:46:41
Running from C:\Users\Tim\Downloads
Loaded Profiles: Tim (Available profiles: Tim)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Waterfox)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Adva... Read more

A:home page of firefox and IE being highjacked by dp-search.com

Hello Inn0x,  Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.  If you do not understand any step(s) provided, please do not hesitate to ask before continuing.  Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.  Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.   1.Download attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operat... Read more

Read other 8 answers
RELEVANCY SCORE 54.4

I got hit by several malware attacks all at once. Avast blocked 4 or 5 while it was happening. Then I ran a scan and it found another one. I found one myself called e.exe and deleted it.Now I get random web sites popping up in new IE windows. I also get highjacked search results in Google. When I click on a link, it redirects to a random site. If I right click on the same link, copy shortcut, and paste it in then it goes where it is supposed to.Thanks in advance for your help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Owner at 13:07:02.76 on Mon 08/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.447 [GMT -7:00]AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\HP\HP Software Update\HPWuSchd.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI... Read more

A:Unknown adware/malware & highjacked search results

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 18 answers
RELEVANCY SCORE 54.4

I run AVG protection on my laptop. I kept getting an error which popped up saying "Generic Host Process for Win32 Services has encountered a problem and needs to close". This message is shortly followed by "This shutdown initiated by NT Authority System. DCOM Server Process Launcher has terminated uexpectedly and needs to close". Then my computer restarts itself in 30 seconds. It seems totally random. I have also noticed that I get a lot of redirects to bizarre websites from my home page. I have automatic updates from AVG and Microsoft. I have scanned with both AVG and Microsoft and removed three trojans, but the problem still occurs.DDS (Ver_09-12-01.01) - NTFSx86 Run by user at 21:48:19.01 on Fri 01/29/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.93 [GMT -6:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\WINDOWS\Explorer... Read more

A:Windown Shutting Down at Random & Search Engine Highjacked

Hi bighawgWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.Please give me some time to look it over and I will get back to you as soon as possible.Please post back to this message so I know that you still need help with this issue.Thanksmaranatha

Read other 8 answers
RELEVANCY SCORE 53.6

WIN XP Professional (32bit)I have tried numerous malware removal tools to no avail. I tried to reboot into safe mode to run Malwarebytes, but boot sector was highjacked as well - showing a "warning" about hard drive infected and advertizing "Trend Micro Chipawayvirus" and then showing a "progress page" advertizing "Trend Micro www.antivirus.com" In an effort to start up in safe mode I loaded the original WINXP Professional (32bit) disc and wound up using the repair function. I now have an operable system but back to Service Pack 1. I downloaded Service Pack 2 and it ran OK until I had to restart my computer, at which time the boot sequence went into a continuous cycle of failed boots. I reloaded original disc and recovered system to Service pack 1 operation, and ad ware pop-ups are still present. I'm afraid to reboot computer until I can get rid of the boot sequence virus!Please help - I love my XP system!Shaun5152CONTENTS OF DDS.txt LOG FOLLOWS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Shaun at 9:29:17.85 on Sat 08/14/2010Internet Explorer: 6.0.2800.1106Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1535.938 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exesvchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDO... Read more

A:Highjacked Boot sector and Google search redirects and web page ad pop-ups

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

Read other 18 answers
RELEVANCY SCORE 53.6

Win 7, 64 bit.  It seems it's not safe anymore even to purchase software from official websites.  I keep getting bundled programs, even though I am careful to uncheck all  "extras".  I just went through Programs and uninstalled "Fast Free Converter" and "VAF Player", and am considering uninstalling "Free You Tube Downloader -- HOW, Inc."  I suspect the culprit this time is VAF Player, because it is connected to the MIXI.DJ search bar, which is still highjacking my browser, even though I've repeatedly switched it back to Google.  Also, both my card reader and my printer have stopped working, although I'm not sure there is a connection to malware.  McAfee says I'm protected.  I ran Malwarebytes and it only came up with 4 instances of "Adware.Domal Q".   I've had to change my financial passwords so many times lately that I'm about to give  up online banking. Can anyone give me some direction/advise ?

A:Browser Repeatedly Highjacked, McAfee Secure Search Disabled

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 1 answers
RELEVANCY SCORE 52.4

Hello, im new member here..
need some help regarding the websites being redirected.
also some unwanted search manager that stick to my computer.
 

Read other answers
RELEVANCY SCORE 50

My windows and other programs will not update and Windows update redirects to Google. Any searches in google will redirect when I click on a link. I have run Malwarebytes, Superantisyware and Hyjackthis.This is the latest Hijack this log. I would appreciate any help you can give me.Thanks,PaulLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:59 PM, on 2/10/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\WINDOWS\mHotkey.exeC:\WINDOWS\CNYHKey.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOW... Read more

A:Windows update redirects to google, and other search results being redirected to different search engines

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 2 answers
RELEVANCY SCORE 50

Hi, I am having trouble with using google on a computer running Windows XP SP3. The links from search results are being redirected through the pages "basic-search.net", "get-answers-fast.com" and "easyA-Z.com".

Steps taken so far:
1)
Attempted manual removal of files after searching for this problem on google. Located and removed files in
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader
"qmgr0.dat" and "qmgr1.dat".

These had to be removed in safe mode - upon restarting they were back again.

2)
Scanned computer using malwarebytes and spybot s&d. Other than tracker cookies, no problems were detected.
Scanned computer using TDSSkiller, which found nothing either. Some unregistered drivers were found when the optional settings were enabled.
Attempted scan using combofix, based on the success story here:
http://www.bleepingcomputer.com/forums/topic412458.html/page__st__45
although this stalls soon after it starts scanning for infected files.

Any help would be greatly appreciated.

A:google search results redirected (basic-search.net, get-answers.fast.com and easya-z.com)

Hello and welcome pezboytom! We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

Read other 5 answers
RELEVANCY SCORE 50

Logfile of random's system information tool 1.06 (written by random/random)Run by Naitik Bhatt at 2009-06-29 14:10:11Microsoft Windows XP Professional Service Pack 2System drive C: has 17 GB (46%) free of 38 GBTotal RAM: 2038 MB (57% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:10:15 PM, on 6/29/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.ex... Read more

A:Infected with trojan malware, google search redirected (search-tracker.net)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 50

DDS.txt Log is below and Attach.txt is attached with this topic.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jigi at 18:43:11 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.1313 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32... Read more

A:I use Bing search and search links redirected to http://dailyprize-winners.com

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

Read other 9 answers
RELEVANCY SCORE 50

Hi,

My search results (when I use IE) are getting redirected to a related site or another search engine. It doesn't seem to happen with firefox. Please have a look at the HijackThis log and let me know what I should do............scanners have not found the problem.

Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:09 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
D:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
D:\WINDOWS\system32\MsPM... Read more

A:Solved: Search Results Redirected To Related Site Or Other Search Engine

Read other 7 answers
RELEVANCY SCORE 50

I can't even use my search engine because it loads a different page and not the link it was suppose to go to. It makes me have to type the link manually, which i don't want to have to keep doing. I even click on links from other pages and an ad loads isntead. Sme goes for the search engines.

A:When i search something on search engline and click on link, i'm redirected to a different site

Same computer as here: http://www.bleepingcomputer.com/forums/topic461364.html/page__p__2770460__fromsearch__1#entry2770460 ?

Read other 5 answers
RELEVANCY SCORE 50

When doing google searches in Firefox or IE the links will get redirected when clicked on.
When the redirect is happening www.search-tracker.net appears in the bottom bar of firefox and the page displayed is wrong.
If I copy the link from the page (right click/copy link location) and paste it into the tile bar it always works correctly.
AVG does not show any issues.
Comcast cable network offers free install of McAfee security suite that I use to run.
When this issue showed up I found I could no longer do a virus scan with McAfee as the computer would reboot when the scan started.
All the management functions of McAfee worked fine but start a scan and the computer reboots.
I uninstalled McAfee and installed AVG.
AVG did one round of cleaning and now can't find anything.
I don't remember what AVG found other then tracking cookies. If it leaves a log behind that may still be around.
I have tried to install and run Malwarebytes' Anti-Malware.
It seems to install fine but will not run. Double click the icon and nothing.
I have uninstalled and reinstalled several times but nothing. Never tries to do the update either.
I have uninstalled and reinstalled Firefox but that did not help.
I just copied the the mbam.exe file to a new name and double clicked that and it started up. Cool.
I have attached the attach.txt file.
The Malwarebytes run finished. 1 Trogan.Agent was found. I have attached that log file also.
I will send this and then have Malwarebytes remove it. I will then ... Read more

A:Links in google search results get redirected / www.search-tracker.net

Hello dchoyt,Uninstall these old versions of Java, as they are malware magnets. Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7Java™ SE Runtime Environment 6Java™ SE Runtime Environment 6 Update 1We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member. You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this ... Read more

Read other 15 answers
RELEVANCY SCORE 49.2

When I search on google and try to click on the link it get's redirected to another search site. I did have a copy of ulead video 9 that I used a pn off the internet, but then I found my pn so I deleted the program and have not reinstalled yet.


DDS (Version 1.0) - NTFSx86
Run by Lori at 12:26:31.78 on Tue 11/18/2008
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3006.1801 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\... Read more

Read other answers
RELEVANCY SCORE 49.2

Second post as the first one was not accepted because of me using an old Hijackthis version.Username "gm" - 09/10/2007 17:16:47 [Fixwareout edited 9/01/2007]~~~~~ Prerun checkSuccessfully flushed the DNS Resolver Cache.System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" ........~~~~~ Misc files. ....~~~~~ Checking for older varients.....~~~~~ Current runs (hklm hkcu "run" Keys Only)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe""QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime""SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\"""iTunesHelper"="\"D:\\ITunes\\iTunesHelper.exe\""[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized""ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe""IEFilter"="C:\... Read more

A:Search Engine Results Redirected To Search-daily.com

Welcome to the BleepingComputer HijackThis Logs and Analysis forum hanno My name is Richie and i'll be helping you to fix your problems.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

Read other 8 answers
RELEVANCY SCORE 49.2

When i search anything in Google chrome in Google, it automatically gets redirected to the website search.yahoo.com. I even tried going to settings and removing yahoo search from the 'Manage search engine' option. But somehow it again keeps showing up.Kindly help.
 

Read other answers
RELEVANCY SCORE 49.2

I don't seem to be be having any serious issues, yet, but I obviously have some sort of infection. Any information you could give me about what it is and what I should do about it would be very helpful.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 11:59:23.81 on Thu 12/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.130 [GMT -7:00]

AV: Additional Guard *On-access scanning enabled* (Updated) {FAAC0546-66E4-4A84-BF26-38C715DAC7AF}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Additional Guard *enabled* {33A7E8AE-A38E-45E6-9078-A9A0FD7E95A1}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:�... Read more

A:Google search is redirected to "Gala Search Directory"

I downloaded malwarebytes anti-malware and ran it as per the instructions on this site, but it did not remove additional guard from my computer. I'm not quite sure if this is the proper place to request help, but I would really appreciate it if someone could please instruct me on what to do next.

Thank you,

Mike (pruco)

Read other 3 answers
RELEVANCY SCORE 48.4

i have done smitfraudfix,kapersky anti-virus full computer scan twice and spyware doctor and they did not help here is a copy of my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:47:13 PM, on 6/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wudfhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\regsvr32.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\System3... Read more

A:Search Resulets Being Redirected By Search-daily Etc.

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

Read other 6 answers
RELEVANCY SCORE 48.4

I have been fighting a malware issue for the past few weeks which resulted from my son's internet surfing. We have resolved the surfing issue but I am still trying to remove the last traces of the malware. I have updated and scans with microsoft security essentials. I have downloaded Malwarebytes and done a update and a complete scan. I still have an issue with both browsers (Mozilla and Explorer)jumping off to adware and google search jumping off to Gala search. I find sites with removal tools, but I'm not sure which sites to trust. Any advice? Thanks.

A:Google search is redirected to Gala Search

Welcome to BC.Please post the complete results of your MBAM scan for review.To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Logs are saved to the following locations:-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-ddPlease download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the content... Read more

Read other 5 answers
RELEVANCY SCORE 48.4

I did the research on our forum and follow 3 different posts with similar resolved issues and I am still getting the same problem. So here I am with my own post.

Win XP SP 3
IE 8
McAfee
Dr. Web curit
Malwarebytes

Problem:
1. It started a few days ago with the "Antivirus Pro Alert", issues with pop ups and fake alerts. The fake alerts and pop ups was resolved by installing the "Malwarebytes' Anti-Malware" program.

2. After that I started noticing that my search results were always the same, no matter what subject I searched in Yahoo, Google or MSN I will get something like "www.toseeka.org, mycoupons.com,etc..." on the search page.

3. I tried several other remedies from similar posts and I am still having the same problem...not sure which virus, malware or whatever is on my system...please advice.

Thanks

A:still getting redirected to different search results on search engines

Hi Tony Tsai, and to BleepingComputer!Lets see if we can find a cause for your problems!ROOTREPEAL-------------Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Go HERE and download RootRepeal.zip to your Desktop. Unzip that, (7-zip tool if needed) and then click RootRepeal.exe to open the scanner. Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.DriversFilesProcessesSSDTStealth ObjectsHidden ServicesNow you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).Please copy and paste that into your next reply.

Read other 1 answers
RELEVANCY SCORE 48.4

I've seen this same problem posted several times, and the 1st diagnostic step seems to be to run Hijackthis and post the log, so here it is. BTW, has anyone seen this malware replace the tcpip.sys file? My networking stopped working (as a result of attempted corrective actions by anti-spyware programs?), and I've had to replace it several times. Anyway, here's the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:01:18 PM, on 12/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SSA\smc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\PROGRA~1\sygate\ssa\syg_hp.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microso... Read more

A:Redirected From Search Engine To Search-daily (201.218.196.152)

Hello bbgeek,Welcome to Bleeping Computer I wouldn't worry about the network until this is clean. You don't want the other machines on the network to become infected too, so I would suggest you disconnect it anyway. Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":http://www.mvps.org/winhelp2002/DelDomains.infSave the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Then please restart your computer, and post a new HijackThis log. 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 16 answers
RELEVANCY SCORE 48.4

This computer belongs to my buddy's girlfriend. It had no antivirus on it and had a bunch of problems with all kinds of pop ups saying it was infested etc. The name was Antivirus System Pro. and it wanted you to buy from them. It blocked all .exe files. Finally got Advast on it and it took care of most of it. The proplem I have now is it keeps redirecting (but not connecting to anything) all attempts to search either with Google or Yahoo. I have attached files requested. Please advise on next steps. I do not have a boot cd but have a copy of Windows XP. Thanking you in advance....Mike


DDS (Ver_09-11-29.01) - NTFSx86
Run by Cheryl at 16:53:02.89 on Mon 11/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.243 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashM... Read more

A:Google Search and Yahoo search redirected

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 10 answers
RELEVANCY SCORE 48.4

When I use a google search in IE6 and click on any of the results it opens another search window at x-max.net instaed of going to the URL of the google search result. Please help!

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-16 19:50:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-04-16 18:51:10 UTC - RP661 - Deckard's System Scanner Restore Point
19: 2008-04-15 23:45:08 UTC - RP660 - System Checkpoint
18: 2008-04-14 22:59:51 UTC - RP659 - Installed Symantec Technical Support Web Controls
17: 2008-04-14 22:34:39 UTC - RP658 - Installed AVG 7.5
16: 2008-04-14 22:33:48 UTC - RP657 - Removed AVG 7.5


-- First Restore Point --
1: 2008-03-29 19:19:43 UTC - RP642 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:14, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.... Read more

Read other answers
RELEVANCY SCORE 46.8

When I perform a search and click on a given link, I can see that initially rds.yahoo. . . . is trying to take me to that link, then I am redirected elsewhere. This happens whether I am performing a yahoo or google search, but more frequently when I do a yahoo search. Also, I can get to a site if I directly type the url into the address bar. And if I stay on that page a while, a new window will pop-up. DDS (Ver_10-03-17.01) - NTFSx86 Run by Sha'Vonya at 7:18:32.15 on Sat 08/28/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.472 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Broadcom\BACS\BacsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Registry Mechanic\RegMech.exeC:\Program Files\NTT-ME MN-WLC combo\ACU.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\ASTSRV.EXEC:\Program Files\IVT Corporation\BlueSoleil\... Read more

A:Redirected during search (particularly yahoo! search)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 19 answers
RELEVANCY SCORE 44.4

hi, could someone please help me out, my web search are being redirect to a different sight that has nothing to do with what I'm trying to search. Thanks in advance for any help you can give. PS also i was told to post these reports.

A:web search being redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.[We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%&#... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

I am hoping someone will know what this is. I have read a few threads and it looks as if it is a common issue, but nothing I have read online has led to any found virus or problem. I have run MalwareBytes, Search&Destroy, SuperAntiSpyware, etc. They have occasionally found something that they said they removed, but the problem persists.

One thing I noticed is that it often redirects to 66.146.72.42. I don't know if that will tell you anything.

My cousin said I probably have a rootkit and had me try a few programs to try to find it, but they all came up as clean.

Any help you can provide would be very much appreciated.

A:Web search being redirected

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 18 answers
RELEVANCY SCORE 44.4

When I click on a Google search link I am redirected to results2google.com and then to Yahoo. If I do a search in Yahoo I an reditected to a different search engine etc etc.

My DDS files is below and I will ty and attach the Ark and Atach files.

Roy

###################################

DDS (Ver_09-12-01.01) - NTFSx86
Run by Home at 16:57:37.23 on 02/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2039.1118 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\crypserv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Win... Read more

A:Redirected Search

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > and tick the 'Display Run' or 'Run command' box > OK > OK.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please ... Read more

Read other 16 answers
RELEVANCY SCORE 44.4

hi in the last week or so my laptop has started to experience a few odd things. Web search results are takin me to random adverts and sites like myspace and youtube or just returning me back to my home page. I've ran spyware terminator, tuneup 1click, malwarestopper and AVG they find and remove tracking cookies but it's still playing up. I'm not able to update windows or any of the anti virus programmes I get a message telling me I'm not connected to the internet. My MSN messenger has stopped working too. I'm using windows VISTA on a wireless network with 4 other pc's all having the same proplem.

hope somebody can help, here's my dds log file
DDS (Ver_09-03-16.01) - NTFSx86
Run by gary at 15:06:30.16 on 06/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.1916.881 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C: ... Read more

A:Web search redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

Hello.

My search results get redirected sometimes to other websites. It happens on Firefox 3.6.3 and IE-8. I've tried using the Google search and Yahoo search
I use Windows 7 with Avast anti virus and recently tried Hitman Pro 3.0 for this problem.

I've been doing some reading in forums about this problem and I ran HiJackThis.exe and here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:24:39 AM, on 6/4/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexp... Read more

A:Search redirected

Read other 16 answers
RELEVANCY SCORE 44.4

Every time I search a topic in the search window I am redirected to "asearchgate.com" which is a porn site. I ran a scan with my McAfee antivirus and it did not find it. How can I remove this from my computer?

A:redirected search

Hi and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you will have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

Read other 2 answers
RELEVANCY SCORE 44.4

Hello. Every time I search in Google and the links show up as I click on a link I get redirected to another search engine like morewill, lycos, upspirel or even porn sites. I use internet explorer, firefox, and seamonkeys as browsers and it happens regardless what search engines I use. Can someone please help me?

Thanks

The following is a requested diagnostic

DDS (Ver_09-07-30.01) - NTFSx86
at 20:51:21.82 on Thu 08/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.45 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\LXSU... Read more

A:Getting redirected when I search

Hello and welcome to TSF

You have only posted one of the three requested logs. Please follow the directions found in this thread then post back here:

http://www.techsupportforum.com/f50/...lp-305963.html


Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 44.4

My laptop is under a spell. I can't get rid of the bug with Ad-Aware or Spybot. I have read previous threads and I have ran HiJack This. Here is the Log.

I've tried to download all the previously mentioned files, but some are not at the previous links.

StartupList report, 1/30/05, 1:51:24 PM
StartupList version: 1.52.2
Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\N20050308.EXE
C:\PROGRAM FILES\U.S. ROBOTICS 802.11G WLAN\USRWLANG.EXE
D:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
U.S. Robotics 802.11g Wireless Netwo... Read more

A:Redirected Search to 69.20.16.183

Welcome to TSF.

This is not what we want, at least not yet.

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Read other 14 answers
RELEVANCY SCORE 44.4

How can I stop being redirected during a search?

A:Redirected when I search

What browser are you using?

Read other 3 answers
RELEVANCY SCORE 44.4

Everytime I try to search on any search engine I get redirected to another page. Sometime if I redo the search and then try to click on a link I will get a Google page error. I have McAfee and it tells me nothing is wrong. Thanks for helping. We use this computer to homeschool so it is frustrating not to be able to search for stuff!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:59:17 PM, on 3/29/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18565)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Tara\AppData\Roaming\SystemProc\lsass.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\... Read more

A:Cannot search/ get redirected

Read other 14 answers