Over 1 million tech questions and answers.

IE Browser HiJack for Google/Bing Searches (unknown name)

Q: IE Browser HiJack for Google/Bing Searches (unknown name)

Hi there and thanks for taking time to read my post.I have been working on a fix for my current issue from another post/conversation - you can read it here:http://www.bleepingcomputer.com/forums/t/274339/ie-browser-hijack-when-searching-w-googlebing/Issue - when using IE, and conducting a search either in the browser tool bar search or if I go the the specific search engine - when I execute the search I get normal results. When I click on a link, I get redirected to an unwanted search site. If I go back, and re-click - I am brought to the appropriate site. This seems to only happen on page one of the results. This is also random - periodically following these steps, I am not re-directed - but more often than not - the HiJack is taking over.Running XP SP3Browser IE8 - started in IE7, upgraded hoping it would fix.Have run various fix attempts (read linked post/conversation)Since starting the various fixes - the issue has progressed - the last time I launched Google Chrome, I got another browser (chrome) as well that launched into a poker site? hmmm....DDS Log:--------------------------------------------------------DDS (Ver_09-12-01.01) - NTFSx86 Run by Dan at 11:26:54.45 on Tue 12/01/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1392 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXEC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Owner\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uInternet Settings,ProxyOverride = *.localBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dllBHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No FileBHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartmRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXEmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hidemRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NdRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTMIE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTMIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLTrusted Zone: mlxchange.com\abmlsDPF: PUFLITE - hxxp://www.findnewdigs.com/ColpaControls/Photo/Control/PUFLITE.CABDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cabDPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.ca/s/v/53.13/uploader2.cabDPF: {4BEF854E-6531-40D8-825E-5228A12861F3} - hxxps://sagesoftware.thruinc.net/Components/PowerUpload.cabDPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://abmls.mlxchange.com/5.0.05.46/Control/IRCSharc.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: avgrsstarter - avgrsstx.dllAppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dllSEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL============= SERVICES / DRIVERS ===============R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-3 333192]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-3 28424]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-10 285392]R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2009-2-24 81920]S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]S2 MobilitySyncService;ACT! Mobile Sync Service;c:\program files\act\act for windows\MobilitySyncService.exe [2009-5-2 9216]S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-24 29744]S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-15 34064]S3 qcmdmxp;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\drivers\qcmdmxp.sys --> c:\windows\system32\drivers\qcmdmxp.sys [?]S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys --> c:\windows\system32\drivers\qcserxp.sys [?]=============== Created Last 30 ================2009-11-30 23:56:27 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com2009-11-30 23:56:03 0 d-----w- c:\program files\common files\Wise Installation Wizard2009-11-30 23:24:04 2730 ----a-w- c:\windows\system32\tmp.reg2009-11-29 23:34:01 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes2009-11-29 23:33:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-11-29 23:33:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-11-29 23:33:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2009-11-29 23:33:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2009-11-16 22:23:49 411368 ----a-w- c:\windows\system32\deploytk.dll2009-11-10 22:08:07 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2009-11-10 22:07:50 0 d-----w- c:\program files\SUPERAntiSpyware2009-11-10 19:06:09 195456 ------w- c:\windows\system32\MpSigStub.exe2009-11-10 18:57:09 0 d-sh--w- c:\documents and settings\owner\PrivacIE2009-11-10 18:49:26 0 d-sh--w- c:\documents and settings\owner\IETldCache2009-11-10 18:47:04 0 d-----w- c:\program files\Trend Micro2009-11-10 18:46:12 0 d-----w- c:\windows\ie8updates2009-11-10 18:38:26 92160 ------w- c:\windows\system32\dllcache\iecompat.dll2009-11-10 18:38:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2009-11-10 18:38:11 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll2009-11-10 18:36:33 0 d-sh--w- c:\documents and settings\owner\IECompatCache2009-11-10 18:15:49 0 d--h--w- C:\$AVG2009-11-10 17:56:45 0 dc-h--w- c:\windows\ie82009-11-10 17:17:12 0 d-----w- c:\program files\AVG2009-11-10 16:20:14 2145280 ----a-w- c:\windows\system32\ntkrnlmp.exe2009-11-10 16:20:10 2023936 ----a-w- c:\windows\system32\ntkrpamp.exe2009-11-10 05:08:55 0 d-----w- c:\windows\SQL9_KB970892_ENU2009-11-10 04:11:32 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys2009-11-10 04:11:32 54272 ------w- c:\windows\system32\dllcache\wdigest.dll2009-11-10 04:11:32 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll2009-11-10 04:11:31 301568 ------w- c:\windows\system32\dllcache\kerberos.dll2009-11-10 04:09:11 1435648 ------w- c:\windows\system32\dllcache\query.dll2009-11-10 04:08:05 58880 ------w- c:\windows\system32\dllcache\msasn1.dll2009-11-10 04:03:49 81920 ------w- c:\windows\system32\dllcache\fontsub.dll2009-11-10 04:03:49 119808 ------w- c:\windows\system32\dllcache\t2embed.dll2009-11-10 04:03:09 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll2009-11-10 04:02:53 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll2009-11-10 04:02:38 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe2009-11-10 04:02:37 76288 ------w- c:\windows\system32\dllcache\telnet.exe2009-11-10 04:02:22 58880 ------w- c:\windows\system32\dllcache\atl.dll2009-11-10 04:01:38 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx2009-11-10 04:01:00 84992 ------w- c:\windows\system32\dllcache\avifil32.dll2009-11-10 03:45:44 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll2009-11-10 03:45:14 345600 ------w- c:\windows\system32\dllcache\localspl.dll2009-11-10 03:44:43 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat2009-11-10 03:15:30 0 d-----w- c:\windows\system32\XPSViewer2009-11-10 03:14:08 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2009-11-10 03:14:08 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2009-11-10 03:14:08 117760 ------w- c:\windows\system32\prntvpt.dll2009-11-10 03:14:07 575488 ------w- c:\windows\system32\xpsshhdr.dll2009-11-10 03:14:07 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2009-11-10 03:14:07 1676288 ------w- c:\windows\system32\xpssvcs.dll2009-11-10 03:14:07 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2009-11-10 00:55:24 0 d-----w- c:\windows\system32\wbem\Repository2009-11-03 17:28:33 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9==================== Find3M ====================2009-11-30 16:39:48 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys2009-11-13 02:53:32 2880 --sha-w- c:\windows\system32\KGyGaAvL.sys2009-11-10 18:15:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll2009-11-10 18:15:05 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-11-03 17:28:48 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll2008-06-27 16:49:30 8 --sh--r- c:\windows\system32\8C7206D333.sys============= FINISH: 11:28:48.58 ===============Attached are the files needed - I sure hope there is information buried in this data that can help you help me Thank you very much for your time working on my issue!Best Regards!

RELEVANCY SCORE 200
Preferred Solution: IE Browser HiJack for Google/Bing Searches (unknown name)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: IE Browser HiJack for Google/Bing Searches (unknown name)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 2 answers
RELEVANCY SCORE 97.6

I am doing searches on my computer using bing or google and when I get the searches and access them they direct me to unknown sites. I also tried putting the url's in the web address bar and it will also redirect to random sites. I ran a highjackthis and I have attached. Thanks for any help you can give me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:23 AM, on 3/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe... Read more

Read other answers
RELEVANCY SCORE 94.8

Hi Guys,I'm looking at my Aunt's computer for her as many of her searches on Google or Bing are being re-directed to various different advertising web sites. The same thing happens in Internet Explorer and FireFox.I have had little experience with this type of problem, especially with Window 7 Home Premium - 64 bit version (as is installed on this PC).Normally, she uses SpyBot Search & Destroy and SuperAntiSpyware, with AVG antivirus. None of these programs can detect a problem.GMER would not allow me to select all the suggested options. It would only allow Services, Registry, Files (C:) and ADS. All the other checkboxes were greyed out.Any help you can offer would be greatly appreciated. Cheers.DDS (Ver_10-10-21.02) - NTFS_AMD64 Run by Z5610 at 20:40:20.97 on Mon 25/10/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4093.2186 [GMT 10.5:30]SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files (x86)\AVG\AVG9\avgchsva.exeC:\Program Files (x86)\AVG\AVG9\avgrsa.exeC:\Windows\system32\lsm.exeC:\Program Files (x86)\AVG\AVG9\avgcsrva.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system... Read more

A:Browser re-directs from Google or Bing searches

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 17 answers
RELEVANCY SCORE 84.8

Hi and thanks for reading my post! Any help would be greatly appreciated with my frustrating browser issue.

Issue - when using IE, and conducting a search either in the browser tool bar search or if I go the the specific search engine - when I execute the search I get normal results. When I click on a link, I get redirected to an unwanted search site. If I go back, and re-click - I am brought to the appropriate site. This seems to only happen on page one of the results. This is also random - periodically following these steps, I am not re-directed - but more often than not - the HiJack is taking over.

Running XP SP3
Browser IE8 - started in IE7, upgraded hoping it would fix.

Attempted fixes:
Have been running AVG - up to date w/ version 9. Picked up nothing
Windows Defender - up to date - Picked up nothing.
Installed SuperAntiSpyware - picked up nothing.

Aside from tracking cookies of course after I have been on the re-directed sites.

I have also done a system restore to a few weeks back when nothing was wrong and this did not fix it either.

Ran HiJack this - nothing that I can see is out of the ordinary (I am probably missing something) - looked at all the running processes and again, nothing is out of the ordinary.

I would really appreciate some guidance to help resolve this issue!

Thanks again!

A:IE Browser HiJack when Searching w/ Google/Bing

Hello and welcome.Let's see what this says...Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan... Read more

Read other 6 answers
RELEVANCY SCORE 77.2

Hello, I seem to be having the same problems as alot of folks here. My problems started last week on my Dell laptop......searches on Google and Bing were being intermittently redirected to various different websites. I would also get random popup windows/tabs on Firefox and IE. I scanned my laptop with Malwarebytes, Super Antispyware, and Avast and they could not find anything wrong. I also ran a scan online from Windows Live One Care and it found the Alureon H Trojan but could not remove it. Here are my DDS and GMER logs and attachments. I appreciate all the help I can get since I feel so defeated by this virus. DDS (Ver_10-03-17.01) - NTFSx86 Run by Jeff at 21:35:04.47 on Mon 06/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.277 [GMT -7:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS ... Read more

A:Google and Bing Searches Redirected

Hi dhrifter,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. If the issue is not resolved please update me on the current condition of your computer. Also do the following:We need to remove some settings added by malware.Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:[email protected] OFFReg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /fReg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /fproxycfg -dGo to the File menu at the top of the Notepad and select Save as.Select Save in: desktopFill in File name: fix.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate fix.bat on the desktop. It should look like this: Double-click to run it.A window flashes, this is normal.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:[email protected] offif exist mbr.log del mbr.logmbr.exe -t ping 1.1.1.... Read more

Read other 11 answers
RELEVANCY SCORE 77.2

Hello,
My searches keep redirecting in both Bing and Google. I have IE9. Previous to this I had the File Recovery Virus on my system. At that point I was using Microsoft Security Essentials, but have since removed that and installed Norton Internet Security 2012. When I ran a full scan with that it found the Trojan maljava!gen8 virus and tracking cookies, but that is it. I used a websie to learn how to remove that and found out about your site and Combofix. The redirect problem still remains. In addition, even without having the Internet up I can hear ads running in the background occasionally if my volume is turned up. It is as if there ghosts in the machine.

I have done all the prequisites as per the Preparation Guide.

Here are the results of my DDS Scan:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Darci at 14:18:07 on 2012-08-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6071.1889 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunc... Read more

A:Bing and Google searches keep redirecting

Good evening. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:

Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Click on Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next.On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt. In the Command Window type in notepad and hit <ENTER>. When a notepad window opens, under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64.exe and hit <ENTER>.

Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

Read other 83 answers
RELEVANCY SCORE 77.2

I am not sure where to start so I will just jump in. The main problem is that my browser is redirecting me to places I do not want to go. I use Windows XP. I was using EI7 and in an attempt to fix it upgraded to EI8 this morning, it did not help. After experimenting a bit, I noticed that if I do a Google or Bing search from my browser tool bar, I am redirected 100% of the time when I click on the link I want. If I do a search using Yahoo, most of the time, I get to the right place. However, if I do a search through my Yahoo Home Page (which I assumed uses Yahoo as a search engine but I could be wrong) I get redirected through what looks to me like Google and then off to what usually looks like gibberish on a blank screen. Before I found your website, I ran something this morning called unhack me. This is a partial log that I received (it goes on and looks like this all the way down the page):

RegRun NTFS Checker 1.0.3
Processing C:\WINDOWS\

Found rootkit point!
C:\WINDOWS\\$hf_mig$\KB890046\KB890046
Type is MOUNT POINT
Final Destination:
\Device\__max++>\^
Error opening reparse point C:\WINDOWS\\$hf_mig$\KB890046\KB890046 (error 0x5)
Found rootkit point!
C:\WINDOWS\\$hf_mig$\KB904706\KB904706
Type is MOUNT POINT
Final Destination:
\Device\__max++>\^


I tried to follow the instructions on your website and... Read more

Read other answers
RELEVANCY SCORE 77.2

My searches on google and bing have been redirecting to random websites. I am using Windows 7. Microsoft Security Essentials didn't find anything.

I tried restarting my computer in safe mode. The first time I got a blue screen. I downloaded Malwarebytes and it found 13 infected files and deleted/quarantined them. I am not really sure what to do next. Is my problem fixed? I'm very worried because I logged on to paypal and bank account earlier. Thanks.

Memory Processes Infected:
c:\Users\juile\AppData\Roaming\E861E\AD6F9.exe (Backdoor.Bot) -> 1556 -> Unloaded process successfully.
c:\program files (x86)\internet explorer\F92E\B0D.exe (Backdoor.Bot) -> 808 -> Unloaded process successfully.
c:\program files (x86)\1E7AA\lvvm.exe (Backdoor.Bot) -> 1100 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B0D.exe (Backdoor.Bot) -> Value: B0D.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B0D.exe (Backdoor.Bot) -> Value: B0D.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Bac... Read more

A:google/bing searches redirected

Welcome aboard With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

Read other 3 answers
RELEVANCY SCORE 77.2

I am having a problem that I see others also have where my searches are re-directed to random, usually advertising sites. This happens on both the active browsers that I use, IE9 and Google Chrome. I am running Windows 7 on a 64 bit computer. (not sure if I have a Windows Install disc...but I have something called System Recovery Discs)

Thanks for your help,

Ken

Here is DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Ken at 9:04:03 on 2012-09-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16366.12902 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLAN... Read more

A:Google/Bing Searches Redirected

Please run the following

Refer to the ComboFix User's Guide
Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Read other 11 answers
RELEVANCY SCORE 77.2

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/10 21:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9A985000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_974.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\BK\Cookies\[email protected][2].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\BK\Cookies\[email protected][1].txt
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\bk\local settings\temp\~df5cc5.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\bk\local settings\temp\~dfd223.tmp
Status: Allocation size mismatch (API: 393216, Raw: 16384)

Path: c:\documents and settings\bk\local settings\temp\~dfe061.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\bk\local settings\temp\~dfee57.tmp
Status: A... Read more

A:Redirected google and bing searches

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Read other 3 answers
RELEVANCY SCORE 77.2

Hi,

My computer started acting slow a couple days ago and my google searches were being directed to random websites. I downloaded malwarebytes. It seems like everything is fine now but I want to be sure before it could become something worse. Is it safe to log in to my paypal and bank account? I was on these websites during the time my searches were being redirected. Thanks!
Memory Processes Infected:
c:\Users\juile\AppData\Roaming\E861E\AD6F9.exe (Backdoor.Bot) -> 1556 -> Unloaded process successfully.
c:\program files (x86)\internet explorer\F92E\B0D.exe (Backdoor.Bot) -> 808 -> Unloaded process successfully.
c:\program files (x86)\1E7AA\lvvm.exe (Backdoor.Bot) -> 1100 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B0D.exe (Backdoor.Bot) -> Value: B0D.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B0D.exe (Backdoor.Bot) -> Value: B0D.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\... Read more

A:google/bing searches redirected

Forgot to include attach file.

Read other 15 answers
RELEVANCY SCORE 77.2

Hi All,

It seems I'm infected with a search engine redirect virus.

All my searches are being redirected when searching on both Google and Bing.

Malewarebytes, Spybot, Hitman Pro have not helped. This happens using IE and Firefox.

OS windows XP -- I need some help please!

Here is my HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:15:33 AM, on 3/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files�... Read more

A:Searches redirecting using Google and Bing

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 4 answers
RELEVANCY SCORE 77.2

Hello

I am another user experiencing redirects when trying to search using Google or Bing on Internet Explorer. I have tried McAfee, AdAdware, Spyware Doctor, Malware Bytes. None have found the issue or fixed it. I have run Hijack This and have a log that I can post if required.

Also, Java does not work and I am getting random crashes to bluescreen. I can also see Internet Explorer running in processes even when I don't have it open. Sometimes I also get a message the Internet Explorer has stopped working even when I haven't started it.

Please can you help?

Thanks

Doinnow

A:IE Google and Bing Searches Being Redirected

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- If TDSSKiller does not run, try ren... Read more

Read other 1 answers
RELEVANCY SCORE 76.8

I'm having issues with my browser!So my browser is redirecting to random sites. It sounds like I'm having a similar problem to the info posted here: http://www.bleepingcomputer.com/forums/t/187837/stealthy-browser-hijack-redirects-google-results-to-couponmountain-etc-blocks-anti-virus-searches-aggravating/Who do i need to send my dds report to?Thanks

A:browser hijack - redirects Google results to Couponmountain, etc. - blocks anti-virus searches

You need to post your problem to the forum that deals with Hijack This logs.

Read other 4 answers
RELEVANCY SCORE 76.4

This just started earlier today. My default search engine in Firefox is set to Google. WhenI first start Firefox and type in a word like gold in the search bar, I get a page of Google results as expected. If I then enter another word, like silver, in the search box, I get a page of Bing search results for that word. All the following search box entries also go to Bing. Checking the Firefox search preferences still shows Google.

If I enter www.google.com in the address bar, I get the https version of the Google search page with a search box in the middle of it. If I start to enter a word like titanium in the search box, the search box jumps to the top of the page. Clicking on the magnifying glass takes me to a page of Bing results. The three attached screen caps show each of the previous steps.


I am using 32-bit Firefox version 53.0 on a computer running Windows 8.1 Pro. Comcast is our ISP and traffic is going through a SonicWall firewall device. I do not get this behavior with IE 11.
 

Read other answers
RELEVANCY SCORE 75.6

I'm not sure what I'm infected with, but it looks like it might be called Akamai. My google and bing searches time out after about 10 seconds, the page never loads. Everything else about my computer seems fine and even google related sites are fine such as gmail and plus. Looking for help, I posted first in the internet help forums where we found this in my hosts file: 87.229.126.50 www.google.com87.229.126.51 www.bing.comAfter manually deleting these files they still came back, so I posted in the Am I Infected forum which you can read here.Ran Security Check, Super AntiSpyware, GMER (even though I'm 64-bit, oops), ESET, MiniToolBox, reset my hosts file and router and TDSS killer which found this: 22:00:54.0234 6776 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll22:00:54.0234 6776 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af22:00:54.0240 6776 Akamai ( HiddenFile.Multi.Generic ) - warning22:00:54.0240 6776 Akamai - detected HiddenFile.Multi.Generic (1)22:02:16.0677 5152 Akamai ( HiddenFile.Multi.Generic ) - skipped by user22:02:16.0677 5152 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip At which point I was told to come and post here, so here I am, and here are my logs as requested, minus GMER since I'm running 64-bit.

A:Infected with... Akamai? Google/Bing searches time out

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 16 answers
RELEVANCY SCORE 75.6

whenever i search on any search engine and on any browser(opera, firefox, and explorer). I have used Avira, malware bytes, spybot search and destroy, ad aware, and hitman pro none of which have fixed my problem here is my hijack this log someone please help!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:02 AM, on 5/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpe... Read more

A:bing, yahoo, and google searches go to wrong site

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents ... Read more

Read other 3 answers
RELEVANCY SCORE 75.2

Hi all,I've come down with a deviously nasty registry virus.I run a Dell laptop on Windows XP - using Firefox 3.0.5The virus jumps me from legit Google search returns to false pages for couponmountain and other ad-heavy sites.Plus - it blocks my browser from finding results for anti-virus software. According to my browser, MalwareBytes.org doesn't exist. if I shut off JavaScripts, the problem goes away - but so does all the legit Java applications.I've run updated MalwareBytes scans and SpyBot SAD multiple times. At first they caught and destroyed some trojans - but the virus always came back. And now my anti-virus software doesn't even notice the trojans. I have delayed updating to Windows SP3 (I have SP2) because I wondered if I should clean off this virus first. If I need to update to SP3 first - please let me know.I'd appreciate some help in deciphering my HijackThis Log - and wiping away this virus. Copied below is my HijackThis log.I already disabled TeaTimer for SpyBot SAD - as I saw it recommended on other threads.Thank you,Jrsteven00Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:03:02 PM, on 12/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WIND... Read more

A:Stealthy browser hijack - redirects Google results to Couponmountain, etc. - blocks anti-virus searches - aggravating

The virus is still there.Here's an update.I've run Malaware, SuperAntiSpyware, SpyDoctorSAD - both in regular and safe mode. They all come up empty.During the scan I saw that SpyDoctor found virtumonde.dll, .sci, .sdn, as well as Zlob.downloader - but they didn't remove them. I ran VundoFix and VirtumondeBeGone - both came up empty as well.And yet when I click on legit search results in Google - I get redirected by goougly.com to some random page like couponmountain.Definitely a registry bug sitting in my WindLogon files - or something akin to that.I can't seem to find anyone else who has successfully debugged this virus. Is there a response that might help remove this virus?Thank you,JasonHere's my latest HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:19:13 PM, on 12/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-... Read more

Read other 4 answers
RELEVANCY SCORE 74.8

Hi, it seems I'm another occurrence of the search engine redirect and hidden IE instances infection, which started as follows. I'm running Windows 7 Pro 32bit version with SP1:

1) I started receiving warning messages about hard disk and memory failure in the system tray that were labelled as coming from Security Centre. At this point my start menu was empty and task manager was greyed out. I was able to use system restore to restore point from a couple of days ago and these messages stopped appearing.

2) After the system restore, whenever I click on a search engine result in IE or FF the page redirects to a blank page with a button labelled with a random site; I can get to the page I want to if I copy the link and paste it in the address bar.

3) Also since the restore, two hidden instances of iexplore.exe are listed in task manager every 10-15 minutes.

In addition to the system restore, I've run full scans with Malwarebyte's Anti-malware and Avast Free and both have detected nothing.

I've run through the prep guide, dds log below and dds and GMER logs attached.

.
DDS (Ver_2011-06-02.03) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Peter at 20:41:48 on 2011-06-02
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software�... Read more

A:Google/Bing searches redirecting and hidden IE instances opening

Hello Mr_Wibble and welcome to Bleeping Computer!We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps. -------------Please download to your Desktop:TDSSKiller.zip from here and extract it (right click on it => "Extract here").>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the co... Read more

Read other 8 answers
RELEVANCY SCORE 74.8

Hi, it seems I'm another occurrence of the search engine redirect and hidden IE instances infection, which started as follows. I'm running Windows 7 Pro 32bit version with SP1:

1) I started receiving warning messages about hard disk and memory failure in the system tray that were labelled as coming from Security Centre. At this point my start menu was empty and task manager was greyed out. I was able to use system restore to restore point from a couple of days ago and these messages stopped appearing.

2) After the system restore, whenever I click on a search engine result in IE or FF the page redirects to a blank page with a button labelled with a random site; I can get to the page I want to if I copy the link and paste it in the address bar.

3) Also since the restore, two hidden instances of iexplore.exe are listed in task manager every 10-15 minutes.

In addition to the system restore, I've run full scans with Malwarebyte's Anti-malware and Avast Free and both have detected nothing.

A:Google/Bing searches redirecting and hidden IE instances opening

Because you ran system restore you have made things more difficult for yourself. Most malware these days likes to hide files in system restore, so when a user attempts a system restore they get reinfected, so Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

Read other 3 answers
RELEVANCY SCORE 74.8

Hey,
It's pretty much just like the title says- anytime I search anything I end up on bogus pages. Really out of ideas, I have run TDSS, Hitman Pro, Malwarebytes, Spyhunter, you name it, iv'e run it. Any help would be greatly appreciated.
Logs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3999 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1807 Mb
Hard Drives: C: Total - 292361 MB, Free - 34897 MB; D: Total - 12877 MB, Free - 2033 MB;
Motherboard: Quanta, 3627
Antivirus: None
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:22 PM, on 12/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 74.8

On October 4th I downloaded what I thought was a trusted program, but a virus infected my computer at that time. I ran MCAffee and it said it found the virus etc. But when i go to my McAffee log it is missing over a month of data which is prior to the incident as well as after I believe. I can't see what virus it corrected, deleted, or quarantined on Oct 4th.

Since then I have noticed a few simple card game programs won't work anymore. I uninstalled the game and reinstalled it but it won't open at all.

When using IE and a search engine the results often go to a weird URL that starts with z43523673.cn and a ton of letters & numbers following it and resulting page is IE page can't be found. I can't go back again. I have to close IE and start my search again. I ran the rootrepeat as well as the DDS programs your boards asked for.

The original root report was:
ROOTREPEAL ? AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 19:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7DA6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA618000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.s... Read more

A:IE searches via Google Bing etc. results go to page titled Z43523673.cn

Today Windows defender states I have a trojan win32/alureon.gen!U It says there was an error when removing it. globalroot\device\Ide\IdePort3\bcorfjrp\tdllwsp.dll From what I have read it appears this Alureon trojan is the root of my evils. It seems the trojan is responsible for the hijacking of IE as well as other issues.

When I reboot my computer it takes forever now & all open tasks are not showing in my taskbar. My verizon phone progrma is crashing and a windows error report page opens. Then it finally boots up, BUT my taskbar now only shows my McAffee as running. No more arrow or slide on my taskbar to show all programs running. The Hasbro Parker brothers card game will only open for a flash of the opening screen and a windows error page pops up. It appears the exe file is crashing. This is a simple older game that was unning perfectly fine before the virus infection.

Read other 3 answers
RELEVANCY SCORE 74.8

Hi there. Okay, so a few day ago I downloaded a file .exe and without thinking ran it. I had just rebooted my computer on that day or maybe a day before, but anyways I had no anti-virus programs installed. So the file ran but nothing happend so I knew it was some sort of virus or malware. I downloaded Malwarebytes Anti-Malware ran it and it found the infections. I removed them through Malwarebytes and all seemed fine again. But then whenever I would search something on Google or Bing, my searches would be redirected. At first I went to my HOSTS file to see if the problem was there. But the HOSTS file was perfectly fine. So I tried to see if my browsers were using a proxy maybe, (I did this because something similar had happened to me before and setting the browsers to not use a proxy solved my problem). But that still didn't work. I have two accounts, the admin, thats me, Nabil and another account called People. On both accounts first the searches send me to goingonearth.com and then some bogus website. The thing is it happens randomly. Sometimes it happens to every search, sometimes it happens to a few.I'm really annoyed and don't know what to do. I see many other have had the same exact problems and just as a sidenote, do you guys know what this is. It seems that a lot of people have had this problem and there is no 'official' fix of it. Thanks for all your input and effort as I've seen you guys help other before. Thank you!! .DDS (Ver_2011-... Read more

A:Search Engines Keep Redirecting Searches including Google, Bing etc.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 17 answers
RELEVANCY SCORE 73.2

Pretty sure I've some form of Malware/Spyware. I can't seem to get it off, so here I am. It takes a long time to shut down, my start bar theme will change back to default on occasion as well. My browser is being hijacked to a site which claims I've won a Walmart gift card. Also, my Google results are being redirected. If I'm in my browser for long enough, suddenly I won't be able to pull up new websites, everything stops loading, although my computer says I'm still connected to the internet, (says that the server took too long to respond) and a restart is necessary. Please help!

DDS (Ver_10-12-12.02) - NTFSx86
Run by Crazz25 at 16:01:33.23 on Mon 12/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

============== Running Processes ===============

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files... Read more

A:Browser Hijack/Malware. Google searches redirected. Slow boot up/shut down. Frequent freeze ups. Connection time-outs requirin...

I realize I'm not supposed to bump, but I really need help here, and it has been nearly a week. Please help me, I don't want to reinstall my OS!

Read other 3 answers
RELEVANCY SCORE 68.4

My browsers have recently begun to re-route my searches to other pages, for example : http://www.news-11-today.com/finance-news/...&tid=dcpvusOther times a new tab will open with a fake alert claiming that I have been infected and need to download something.I updated and ran Spybot and SuperAntiSpyware. I also have installed McAfee and Microsoft Security Essentials. I still see my search results being hijacked after all those programs found nothing. When I try to run gmer.exe, my computer restarts.My DDS.txt file is below, I attached my Attach.txt file from dds.scrPlease let me know if there is something else I need to try in order to diagnose and clean my system.Thanks in advanceDDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 0:22:31.43 on Sat 06/05/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2144 [GMT -7:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WIND... Read more

A:Browser searches hijacked - Unknown infection(s)

Good evening. Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important. You will then need to extract the file(s) from the zipped folder.To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish Close all open programs as a reboot may be required. Go to Start > Run, copy and paste the following into the text box and hit OK:"%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped. If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manuallyPlease post the contents of the log, report.txt, in your next reply.

Read other 6 answers
RELEVANCY SCORE 68

Internet browsers (iexplore, firefox) on my computer have been rendered incapable of accessing certain specific sites, most notably Google and Bing.

Browsers on other computers on the same network do not have this problem.

Could someone help?

A:browser cannot access google/bing

Hello lets see what we can find.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Fini... Read more

Read other 7 answers
RELEVANCY SCORE 68

Hey all, I have been trying to fix my parent's computer and have had some issues getting everything removed. The main issue is that Google Chrome, Internet Explorer, and Firefox all seem to be redirecting on their search engines. It is seemingly random. It doesn't happen all the time or on every link. That sites that it redirects to are mostly just link farms or pure ads. Most of the time, the domain name isn't in the address. Instead, it eventually redirects to a class A IP address. That seems to be the main issue (besides any behind the scenes keylogging or such). Here are the requested logs:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0Run by Helene at 23:54:51 on 2012-08-23Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2245 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32... Read more

A:Google/Bing Redirects in Every Browser

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 16 answers
RELEVANCY SCORE 67.2

Hi,

Just bought a new laptop and, within 24 hours, my google and bing searches are being redirected, which is very frustrating. Have performed a Hijack This scan and here is the result.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:26, on 24/10/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Users\George\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George\AppData\Local\Google\Chrome\Application\chro... Read more

A:Bing and Google keep redirecting w/ Hijack This log

If I could find a way to delete my previous post I would.

Have fixed this problem myself by flushing DNS and hard-resetting my router.

Thanks

Read other 2 answers
RELEVANCY SCORE 67.2

hi
having trouble with running rootrepeal, hijack this, rootkitrevealer, windows malicious software removal tool, says i dont have the permissions
search engines go everywhere but where i want em to lol /sigh

was told to post a win32kdiag txt here

Running from: C:\Users\John\Desktop\Win32kDiag.exe

Log file at : C:\Users\John\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16919_none_3426e4871c4578dd\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16919_none_3426e4871c4578dd: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.21119_none_34b0597435634be9\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.21119_none_34b0597435634be9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18322_none_35fb513b197a745e\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18322_none_35fb513b197a745e: 3
Could not open reparse... Read more

A:rootkit/bing and google hijack

completely ate that computer up so i reinstalled windows thanks for ur time and should i be worried about anything else?

Read other 2 answers
RELEVANCY SCORE 67.2

Hello and thank you for advance for the help. Two days ago I had a virus mimicking a Windows 7 antivirus program. This program would provide increasing difficulty with remaining logged in to Windows, and I was eventually forced to do a System Restore. The problem seems to be fixed, except that I now notice I have a problem using search engines. After the search I am able to click on one result to get to the correct website, but any other results I use off the same search are redirected to random "search result" sites. I am forced to right click on the result I want on Google or Bing and open a new tab in order to view legitimate search results. This problem occurs with both Google and Bing using both Internet Explorer and Chrome. Below I have posted the DDS logfile. Once again, thank you for your help:DDS (Ver_10-11-10.01) - NTFSx86 Run by Albert at 16:25:22.32 on Wed 11/17/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1015.176 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\s... Read more

A:Google/Bing Search Hijack

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 5 answers
RELEVANCY SCORE 67.2

HI! When I do a Google search, then click on a result, I often times get redirected to an ad site, or to Bing. Exceptionally annoying. I have tried Spybot, MBAM, and Advanced System Care, and none of them are removing the malware. I cannot figure out what is causing this. Google's help menu is no help. Any thoughts/suggestions would be appreciated. Ark.txt and Attach are attached, and here's the DDS Log: DDS (Ver_10-10-10.03) - NTFSx86 Run by Steve Snyder at 21:21:51.87 on Thu 10/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.672 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exesvchost.exeC:\Program Files\Application Updater\ApplicationUpdater.exeC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\S... Read more

A:Google searches redirected, unknown malware?

Hello seafarersteve ,I see pieces of Norton in the logs....but not running. Is it out of date? We'll need to get you a good AntiVirus afterward.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Be especially sure that TeaTimer is disabled, or it WILL interfere. If it gives you problems anyway, then temporarily uninstall it so we can do what we need to do here. 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.If you have trouble running it the first time, then rename ComboFix.exe to seafarersteve.exe and try again.Thanks,tea

Read other 6 answers
RELEVANCY SCORE 67.2

I am using a toshiba satellite laptop with windows 7 64 bit version. I have been using Firefox as my default browser. I also have IE and google chrome. In the past three days, whenever I click on any of the search results in google, it gets automatically redirected to some random website. I have noticed the website blinx opening more than once. It is really frustrating. Initially I thought that the problem might be with the browser add-ons or extensions and I uninstalled Firefox altogether and switched over to Chrome. But the same problem exists. Following the instructions, I am pasting the DDS log below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Lirin at 21:47:32 on 2011-10-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3894.1151 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rap... Read more

A:Google searches are being redirected to unknown site

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 32 answers
RELEVANCY SCORE 67.2

Hello. I am new to this forum, so hello to everyone. I seem to have a very serious spyware problem. In the past I have always been able to deal with these, but this time it is different. I have tried Norton Antivirus, Panda, Adaware, Spybot SAD, CWShredder in safe mode, and Hijackthis to no avail. The only symptoms I can identify are that when I do a search (Google, etc.), and click on links for the results, I am redirected to other sites 2 out of 3 times. The other sites are often Spyware Nuker and other software associated with this infection which offer to remove spyware for a fee. Here is my latest Hijackthis logfile. Please let me know if anyone here can help.Thanks so much in advanceTomFYI: I have deleted the 17 entries for DNS at one point when uninstalling programs, but they are back and different from before.Logfile of HijackThis v1.99.1Scan saved at 2:52:26 PM, on 4/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32&... Read more

A:Unknown Infection - Searches On Google Redirect

Hi collectinvestWelcome to BC.You have a wareout infection. Please save or print these instructions before beginning.Download FixWareout? by LonnyRJonesSave it to your desktop and run itClick Next, then Install, then make sure "Run fixit" is checked and click Finish The fix will begin; follow the promptsYou will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts Afterwards, HijackThis will launch. Please click Scan, and check the following items:O1 - Hosts: localhost 127.0.0.1O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO17 - HKLM\System\CCS\Services\Tcpip\..\{4C2F91A1-D72D-4EEE-AEB4-7B5B17395B5C}: Domain = domain.localO17 - HKLM\System\CCS\Services\Tcpip\..\{4C2F91A1-D72D-4EEE-AEB4-7B5B17395B5C}: NameServer = 192.168.253.8 192.168.253.5 85.255.115.99 85.255.112.90If you see a new item that wasn't in your last log in the O4 section of HijackThis, five-letters long, starting with dm... for example:O4 - HKLM\..\Run: [dm***.exe] C:\WINDOWS\system32\dm***.exe (the *** stand for random letters)or starting with hg***.exe for example:O4 - HKLM\..\Run: [hg***.exe] C:\Windows\System32\hg***.exeor starting with cs***.exe for example:O4 - HKLM\..\Run: [cscyd.exe] cscyd.exeCheck it as well. If you're not su... Read more

Read other 6 answers
RELEVANCY SCORE 67.2

The other night Avira found some malware and I noticed that my Comodo Firewall was closed (assuming the malware did that), I immediately started it and it found malware as well. There were many files cleaned but apparently something slipped through as my Google searches are being redirected. Currently the infected machine is disconnected from the internet.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 22:02:51.96 on Mon 03/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1053 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\OmniPageSE\OpwareSE2.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\PowerDVD\PDVDDXSrv.exe
C:\Program Files\ATI Techno... Read more

A:Unknown malware redirecting Google searches

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log... Read more

Read other 19 answers
RELEVANCY SCORE 66.8

Both Firefox (v3.6.3) and IE 8 get redirected from the google and bing search pages. When I click on links they get redirected to other sites. Also, randomly the speakers start blaring advertisements. Task Manager shows instances of IE running in the background. Killing the IE process stops the ads from the speakers.I disabled using Defogger, then ran the DDS utility and am supplying the two logs. The GMER utility does not run to completion. It closes before I can save the logs. I saved a log in the middle of the scan and am attaching it. Not sure if it is useful. Additionally, I ran TDSSkiller and it indicated that I had a 'Driver "atapi" infected by TDSS rootkit!' but it could not cure the problem.I have also run MalwareBytes and Spybot Search and Destroy and both now provide clean scans but the browser redirect problem still exists.Please help.________________DDS.log:_______________DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 12:07:25.09 on Fri 04/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.295 [GMT -4:00]AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files�... Read more

A:Browser gets redirected from google, bing and other search results

Hello pn123 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be f... Read more

Read other 12 answers
RELEVANCY SCORE 66

I google stuff and click on the links it is redirecting me to a different AD page called like Medolife or something like that. When use a differnt page it seems to work fine.


I could not run the gmer thing because somehow my computer would say something about a computer error happened for safety and will automatically shut down my comp it was a blue screen. I tried to do it in safe mode same problem. The scan wouldnt start when i open the gmer soo i did the instructions it said to uncheck those tabs and clicked scan. When i start the gmer it does a quick scan then stops in like 3 seconds so i saved w/e that scan did, not sure it will help.


I've added a combofix just incase that will help.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 12:51:44.76 on Sat 02/13/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3071.1608 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:... Read more

A:Browser redirecting me when i click on links on google, bing,yahoo etc.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > and tick the 'Display Run' or 'Run command' box > OK > OK.

------------------------------------------------------

Who instructed you to run ComboFix? As stated in the disclaimer you had to pass when running ComboFix, it is not intended for unsupervised use.

As you also should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset ... Read more

Read other 19 answers
RELEVANCY SCORE 65.6

Hello,

I keep getting redirected when I search something in Google or Bing. After searching something on either search engine, the search results page will load, but once I click on one of the result links it redirects me to something totally differnt. The websites I'm redirected to vary between various websites - often including something called "Mfeed", "Stopzilla" and a few others. I have tried searcing with both internet explorer and firefox with the same results. I am also unable to log onto Google Talk or Skype. When I try to log onto Google Talk I get an error message that says "Could not authenticate server".

I first noticed this off and on a week or so ago but wasnt sure if I was imagining things, since it only happened rarely. Approximately two days ago I recieved a notice that my outlook was signing onto a server without a valid signature, but I clicked "ok" or something (in hindsight, not the smartest idea). Since then, the search engine redirects have been increased significantly and now 100% of the search engine results are redirected.

Since I noticed the infection, and before I logged onto bleeping computer, I ran Malwarebytes Anti-Malware, which found 8 infections and then said it removed them. I also ran SUPERAntiSpyware which found 1 trojan and 993 adware cookies, all of which were removed by the program.

I hope this information is helpful to anyone. If anyone can help me I would greatly, greatly appreciate it... Read more

A:Google/Bing Search Redirect - seems like a hijack problem

Apologies for the improper post - I am just reading about the proper way to post a request for help. I am a noob - apologies. I will post a proper posting as soon as I can run the proper programming. Thank you.

Read other 1 answers
RELEVANCY SCORE 65.2

On @11/1 i would get redirected to sites that have nothing to do with the search engine result i clicked on. I would need to rerun the search and click on it again to get to it. BACK does not work on the site i'm redirected to, it just sends me to the main page that i'm redirected to.Happens with bot IE and Firefox.I have dwm.exe running from my temp directory and i can't delete it, even in safe mode. Also looks like shell.exe and svchost.exe are running from a wrong directory. Note: I downloaded GMER but the buttons that the instructions say to check are grayed out & uncheckable. Services, Registry & Files & c:/ & ADS are the only ones i'm allowed to check. I did not run it.Here are my logs as per http://www.bleepingcomputer.com/forums/topic34773.html .DDS.txt:DDS (Ver_10-11-03.01) - NTFS_AMD64 Run by John at 4:49:51.15 on Thu 11/04/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1630 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows&#... Read more

A:Browser redirect in Search Engine results (Yahoo, Bing, Google)

Moderator - please close this thread.
I followed boopme's 1st post in the below thread and i'm good now.
http://www.bleepingcomputer.com/forums/topic358309.html

THANK YOU!

Read other 2 answers
RELEVANCY SCORE 64.4

Hi there is something weird going on in my firefox and internet explorer browsers. When I do a search in Yahoo or Google, I always get redirected to googleads.g.doubleclick.net when I click a link and then it times out or there is an error or it takes me to a different page than what I clicked on.

I've tried spybot SD, I have Microsoft virus protection. I've tried deleting things, erasing cookies, clearing the cache. Nothing seems to fix this. If anyone could help, I would greatly appreciate it!!!

Here is my HiJack this Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:13 PM, on 11/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:&... Read more

A:Browser redirecting during searches - HiJack This Log

Hello, coco1985.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by ri... Read more

Read other 26 answers
RELEVANCY SCORE 64.4

Hello. I am running Windows XP Pro Service Pack 3 using Internet Explorer 8 and Google Chrome 11.0.696.68. I am running AVG Free version and Spybot Search and Destroy.

I have a redirect problem. Only the Google browser is effected and 2 out of 3 Google search results are redirected. Any help would be appreciated.

A:Google browser 2 of 3 searches redirecting

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, a log report will ... Read more

Read other 21 answers
RELEVANCY SCORE 64.4

Need help with browser going to wrong web sites ocassionally.
Can't post GMER due to stop error regarding kgddypog.sys

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Postma at 10:20:30.12 on Sat 05/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.158 [GMT -4:00]
.
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Progr... Read more

A:Browser being redirected in google searches

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

Read other 19 answers
RELEVANCY SCORE 64.4

Hi,The symptoms (and other possibly fishy stuff) I'm seeing:* If I do a Google search and click a result, I'm taken to the page I want about 1/4 of the time. The other times I click a search result, I'm taken to dirty, nasty places full of pop-ups and bogus malware scans. This happens with IE, Firefox or Chrome!* If I do start->run->cmd and hit Enter, the taskbar disappears for a second and comes back, and there is no error, but cmd does NOT open.* There are two copies of wuauclt.exe running - one as system, one as logged in user (not sure if that's normal).Troubleshooting:Turned off system restore, rebooted into safe mode and did this:* Spybot SnD full scan: nothing found* Malware Bytes full scan: nothing found* Ensured my DNS was set to DHCP - even tried hard-coding it as OpenDNS addresses but that did no good.* HJT log - attachedI'm at a loss here...looks like some sort of rootkit, but I didn't want to go any further and just run utilities willy-nilly until I got some advice from the experts! Thanks all!--Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32&#... Read more

A:Google searches get redirected *sometimes* with ANY browser

Hello RouterPouter,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 64.4

I am running Win XP. I was hoping Malwarebytes' Antimalware would help but that was not the case. So I downloaded hijackthis and have the following report:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:00:04 PM, on 1/23/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgfws9.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exeC:\Program Files\DDNI... Read more

A:Google searches are redirected regardless of browser

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. Do you still require help?If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 3 answers
RELEVANCY SCORE 64

Hi Everyone.

I've been trying to fix this using the tools I found in these forums for about a week. I finally gave up today and opened this ticket.

I noticed about a week ago that Google adwords ads were not showing on my queries. So I tried the same searches on my wife's computer and was able to see them. Soon after that I noticed in the left corner of my firefox browser that whenever I do a query the 7.7.7.0 ip address appears. Anyway, I've been trying to get rid of that for days with no luck. Here is my DDS file:
DDS (Version 1.1.0) - NTFSx86
Run by DavidO at 16:51:57.77 on Fri 01/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1384 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC&#... Read more

A:Google hijack? Seems to go to 7.7.7.0 on searches

Hey Guys,

Please disregard this post. The issue seems to have corrected itself.

Thanks anyway.

Read other 2 answers
RELEVANCY SCORE 63.6

Hi,
I may have gotten ahead of myself, and may have done something stupid. Avast, Adware, and ESET all have located a malware/trojan. However, even when removed, my browser continues to be hijacked via google searches. When I rerun Avast and ESET, they no longer locate the trojan. I (perhaps stupidly) ran ComboFix on my own. After researching some more realized that may have been a mistake.

Thank you for your help!

Here are my dds results (below and attached):

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Kelli at 18:17:58 on 2012-03-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.384 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Java\jr... Read more

A:Browser Hijacks via Firefox/Google Searches

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Pl... Read more

Read other 14 answers
RELEVANCY SCORE 63.6

Hello. I am having problems with my browser getting redirected from Google searches to sites like "beesq.net" and others. It started with Chrome, which I stopped using after running Norton 360 scans and power cleaner, which did not fix the problem. Now I am getting the same redirects with IE and the browser is freezing up and running slowly. I went for help to the Norton forums and they suggested I try here. After reading some of the topics that seemed similar to my problem, I ran adware cleaner, which apparently found some issues but did not fix the problem. I realize I am in over my head and would appreciate any help! Thanks for considering.
 
k-lo
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by KEVIN at 10:20:53 on 2013-10-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.3015 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k Local... Read more

A:browser redirects from Google searches on Chrome and IE

Hello k-lo195 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

Read other 48 answers