Over 1 million tech questions and answers.

I use Bing search and search links redirected to http://dailyprize-winners.com

Q: I use Bing search and search links redirected to http://dailyprize-winners.com

DDS.txt Log is below and Attach.txt is attached with this topic.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jigi at 18:43:11 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.1313 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiyara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - mscoree.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.exe -update activex
mRun: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxps://picasaweb.google.com/s/v/73.27/uploader2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://asa1.njit.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28-11263/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{C685745C-D723-4338-B8A4-8FFDF1A7EE50} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{C685745C-D723-4338-B8A4-8FFDF1A7EE50}\2375942554539393 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB-X64: {3142c289-f319-47f5-a594-a827028714c9} - No File
mRun-x64: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 74.208.10.249 gs.apple.com
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 pfmfs_463;pfmfs_463;C:\Windows\system32\Drivers\pfmfs_463.sys --> C:\Windows\system32\Drivers\pfmfs_463.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-27 2253688]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-18 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-9-21 539184]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-2-13 245760]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-8-5 91984]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2011-8-4 111440]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-1-7 63304]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv110;Performance Tools Driver 11.0;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-7-19 67920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-1-15 127984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
S4 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-16 2002728]
S4 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-8-3 645048]
S4 WebFarmService;Web Farm Controller Service;C:\Program Files\IIS\Microsoft Web Farm Framework\WebFarmService.exe [2011-1-20 15640]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-22 00:18:16 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DA47815-DC2E-4CAE-8F75-53167E2406BE}\offreg.dll
2012-03-22 00:03:59 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DA47815-DC2E-4CAE-8F75-53167E2406BE}\mpengine.dll
2012-03-17 22:15:42 -------- d-----w- C:\Users\Jigi\AppData\Roaming\Malwarebytes
2012-03-14 08:58:46 -------- d-----w- C:\Users\Jigi\AppData\Roaming\Catalina Marketing Corp
2012-03-14 08:58:36 485576 ----a-w- C:\Users\Jigi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-03-14 07:10:55 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:10:55 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:10:54 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 06:27:57 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 06:27:50 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 06:27:50 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:14:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 21:14:23 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 21:14:23 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 21:14:23 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 21:14:21 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:14:21 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 21:14:21 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-02-23 04:20:46 327432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSA\9.0\VsaEnv\vsaenv.exe
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-24 05:39:53 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:44:35.02 ===============

RELEVANCY SCORE 200
Preferred Solution: I use Bing search and search links redirected to http://dailyprize-winners.com

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: I use Bing search and search links redirected to http://dailyprize-winners.com

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Backup any files that cannot be replacedIf you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.When you have the files backed up you may do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

Read other 9 answers
RELEVANCY SCORE 115.6

Hi,

After using Spybot, latest version, my wife's computer still has a malware infection which after doing a search and clicking a link, gets redirected to some other site, probably a pay per click site. After searching I found hijackthis and it was recommended to post the log file here for help in determining what entries are suspect. I thought I was fairly knowledgable, but getting into the registry and knowing what is a problem is not my comfort area. Hopefully it is for someone here. This is the log file.

Thanks,
Mark

A:Click links from Google or Bing search get redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 25 answers
RELEVANCY SCORE 114

My laptop is a HP dv6000 t2250 1.73GHz 2 GB RAM running windows xp sp3. I have the search engine redirecting problem, but only with ie8 and firefox. I can still use chrome for google, yahoo, etc. The links all work as intended. There is nothing wrong with my computer speed or connection. I decided to look into the problem the other day when I ran the Norton Scan and it found Spyguard 2008 and had it removed from my laptop. Also, I am not sure if this is related to the virus, but whenever I restart my laptop I get the Blue Screen right before it loads the desktop and then it restarts the entire reboot all over again. Usually it only does this once, then it loads properly the second time. However, recently it gave me the blue screen twice and then loaded on the third time. I ran my avast antivirus (full scan last night then a quick scan today) and it moved what it found to the virus chest. I can provide the logs for both scans if needed. I have run TDSS killer and it came back clean. Same thing with Malwarebytes, the results came back clean. I also used CCleaner to clean my computer and clear my registry. I read that an old version of Java contributed to getting the virus/malware so i removed all the old versions on the laptop and then downloaded the newest one. Here is my HijackThis Log. Thank you for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:07 PM, on 8/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer ve... Read more

A:Google/Yahoo/Bing search engine links are being redirected to ads

Read other 16 answers
RELEVANCY SCORE 112.8

Hi,
This is my first post here but I have been on the site before to get help by browsing other members posts & advice. I now, for the first time, am so stuck on what to do to solve this problem that I'm requesting some help myself. PLEASE HELP!!
The problem is that in both Firefox & Internet explorer (I haven't tried other browsers) the results of any search in either Google or Bing are being redirected to junk/ad sites (mostly - but sometimes even ebay or youtube). I then have to click the Back button & clicking the link a second time then takes me to where it should do. This is most annoying!!
So far i have run Avira Antivirus & found nothing. SpyHunter finds nothing. MalwareBytes will only run in safe mode & finds nothing. ComboFix will only run in safemode & does not solve the issue. I have edited my Hosts file to remove a HUGE list of spam sites to leave only this entry: 127.0.0.1 localhost. Also, this may be unrelated but my copy of CopyToDVD stopped working around the same time this issue started. My PC just freezes when I try use this program & I need to switch off with the main power button. Again, this my be unrelated to the search links problem.
Anyway - any help anyone can give me will be greatly appreciated!
Thanks,
Paul.
I forgot to mention that very recently I had a big problem with getting loads of popups, very erratic PC behaviour & stuff disappearing from my Start Menu. Avira & Spyhunter ... Read more

A:Google & Bing search result links redirected to junk sites

I am going to re-post with more information so please ignore this request.

Read other 1 answers
RELEVANCY SCORE 98.8

When doing google searches in Firefox or IE the links will get redirected when clicked on.
When the redirect is happening www.search-tracker.net appears in the bottom bar of firefox and the page displayed is wrong.
If I copy the link from the page (right click/copy link location) and paste it into the tile bar it always works correctly.
AVG does not show any issues.
Comcast cable network offers free install of McAfee security suite that I use to run.
When this issue showed up I found I could no longer do a virus scan with McAfee as the computer would reboot when the scan started.
All the management functions of McAfee worked fine but start a scan and the computer reboots.
I uninstalled McAfee and installed AVG.
AVG did one round of cleaning and now can't find anything.
I don't remember what AVG found other then tracking cookies. If it leaves a log behind that may still be around.
I have tried to install and run Malwarebytes' Anti-Malware.
It seems to install fine but will not run. Double click the icon and nothing.
I have uninstalled and reinstalled several times but nothing. Never tries to do the update either.
I have uninstalled and reinstalled Firefox but that did not help.
I just copied the the mbam.exe file to a new name and double clicked that and it started up. Cool.
I have attached the attach.txt file.
The Malwarebytes run finished. 1 Trogan.Agent was found. I have attached that log file also.
I will send this and then have Malwarebytes remove it. I will then ... Read more

A:Links in google search results get redirected / www.search-tracker.net

Hello dchoyt,Uninstall these old versions of Java, as they are malware magnets. Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7Java™ SE Runtime Environment 6Java™ SE Runtime Environment 6 Update 1We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member. You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this ... Read more

Read other 15 answers
RELEVANCY SCORE 98

When I search on google and try to click on the link it get's redirected to another search site. I did have a copy of ulead video 9 that I used a pn off the internet, but then I found my pn so I deleted the program and have not reinstalled yet.


DDS (Version 1.0) - NTFSx86
Run by Lori at 12:26:31.78 on Tue 11/18/2008
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3006.1801 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\... Read more

Read other answers
RELEVANCY SCORE 93.6

This computer was infected but cleaned with Norton Internet Security 2010 quite some time ago. I do not have the logs for those cleanings but today's full scan turned up nothing. Clicking on search results will bring up fake pages. Sometimes going back and clicking the link again will bring up the right page. It happens about 1 in every 4-6 search results.I've scanned with MalwareBytes, SuperAntispyware and Norton and nothing seems to correct this problem. I have followed the instructions on posting here and following is the DDS.txt report:--------------------- cut here----------------------DDS (Ver_09-12-01.01) - NTFSx86 Run by Jim at 12:42:00.75 on Wed 01/06/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.257 [GMT -8:00]AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech ... Read more

A:Google (And Bing) search results are being redirected...

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

Read other 3 answers
RELEVANCY SCORE 93.6

Sometimes when a search result link is clicked a window is displayed with an animated graphic in green or orange that says redirect , then a page opens that is not the page from the link. Other times there is no animated graphic but the page that opens is not the one whose link was clicked on. Sometimes, there is a warning banner at the top of the browser window stating this site is not safe. Navigating back to the search engine and clicking on the same link opens the correct webpage. Some links lead directly to the correct webpage. Have scanned whole computer in normal mode with updated AVG Anti-Virus Free Edition 2012 and updated Malwarebytes Anti-Malware free, niether found any malware. The last malware detected and quaranteened by Malwarebytes on 7-19-12 was Trojan.Happili.
The computer may be running more slowly and the display might flicker every once in a while.

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Arnold at 13:02:18 on 2012-07-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.256 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAFor... Read more

A:Google and Bing search results redirected in IE8

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass... Read more

Read other 50 answers
RELEVANCY SCORE 93.6

I tried running Malwarebytes and a few othe malware programs all unsuccessfully removed the problem of being redirect to odd web sites when clicking on a link in a search page. Please help.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by PTPros at 13:59:54 on 2011-08-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1020 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k ... Read more

A:Keep getting redirected on Search pages Google or Bing

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 93.6

I am completely stumped. My wife's laptop acquired this issue and all steps to remove have been unsuccessful:

I modified the hosts file to include: 127.0.0.1 click.findsearchengineresults.com which blocks most redirection. Selecting a google search result now returns:

"http://67.196.0.168/c.php?p=KJchZinb4iU5KERo8yqGaYB8h5fSu7MrEUF_KOkkiVCupcungVwT3SlPVpvJVonDi1H4HhSwY5zBiuYFViBJu3zyTJXRW6SeZ2o1D363uy2UBF-ZS87j6IIEb9-..............................." IP Address varies...
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Jill3 at 10:08:52 on 2012-05-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1740 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system3... Read more

A:IE Google/Bing search result redirected

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Read other 5 answers
RELEVANCY SCORE 93.6

Google search results being redirected when using IE, but not when using Chrome.

I have tried these fixes without success....

Norton Internet Security 2009
MalwareBytes
SuperAntiSpyware
CCleaner
GooredFix
VundoFix
ComboFix (I can submit log if requested)

I have not yet run HijackThis.

Please help.

Thanks, RGWomack

Read other answers
RELEVANCY SCORE 93.6

I could not get DSS to run without an error and outputing garbage. GMER Output (ARK) is as follows:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-24 22:43:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.12.0
Running: gmer.exe; Driver: C:\Users\Kathleen\AppData\Local\Temp\uwdcrkob.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x90F32BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x90F3452C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x90F34782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x90F349FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) Z... Read more

A:Bing & search engines results redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 24 answers
RELEVANCY SCORE 92.4

Hi, I am running:Windows XP ProfessionalVersion 5.1on a Dell Inspiron 1440For the last day or so, I get normal looking search results but, when I click on them, I get taken to some ads after a long delay.I ran Norton, Ad Aware, Malwarebytes, Hijackthis, DDS, MBR,RKU, and defogger I attached all of the logs but, the RKU saved as something else...how do I post that log?I have no idea what to do now. This is exceptionally weirdThanks, Joe

A:Search result links go to ads(Google, Bing, etc)

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

Read other 2 answers
RELEVANCY SCORE 92.4

When using IE, searches in google and bing will redirect from the intended link to bogus sites. The problem does not occur with firefox.

I have avast and running a scan did not correct the problem. I also ran ad-aware and that did not correct it either. Thanks in advance for assistance with this issue.

Info as requested in instructions for this forum:
_________________________________________

DDS (Ver_09-12-01.01) - NTFSx86
Run by Amy at 16:52:04.82 on Tue 12/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1082 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091205-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Prog... Read more

A:google/bing redirects search links

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 17 answers
RELEVANCY SCORE 92.4

Hello.

For the past several days whenever I would use google, yahoo, or bing, my search results are redirected through a website called "searchingandclick44.com" and the original search terms are then plugged into several other websites.
I'm not completely sure that this is connected to it, but at the same time this started happening I became unable to use Gmail, as my browser (Both IE and Firefox) started saying "There is a problem with this website's security certificate." The same thing would happen when I used other websites that required the use of Gmail, such as signing into Youtube.
Occasionally when using the search toolbar to the right of my address bar with google, it will state that the 302 has moved and will give me a link.

I have tried to use MalwareBytes, but it will not pick up the problem, even after updating the program.
I tried to use gmer to see if I could find anything, but that didn't work either, because whenever I open it, it says, "C:\Windows\system32\config\system: The system cannot find the file specified." And the only things that can be checked afterwards are Services, Registry, Files, and ADS.

I use Windows 7, IE 8, and Firefox 3.5.11

I'd like to thank you in advance, and I look forward to you're help.
Ivan the Submissive.

A:Search results for Google, Yahoo, and Bing are redirected

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 1 answers
RELEVANCY SCORE 92.4

Both Firefox (v3.6.3) and IE 8 get redirected from the google and bing search pages. When I click on links they get redirected to other sites. Also, randomly the speakers start blaring advertisements. Task Manager shows instances of IE running in the background. Killing the IE process stops the ads from the speakers.I disabled using Defogger, then ran the DDS utility and am supplying the two logs. The GMER utility does not run to completion. It closes before I can save the logs. I saved a log in the middle of the scan and am attaching it. Not sure if it is useful. Additionally, I ran TDSSkiller and it indicated that I had a 'Driver "atapi" infected by TDSS rootkit!' but it could not cure the problem.I have also run MalwareBytes and Spybot Search and Destroy and both now provide clean scans but the browser redirect problem still exists.Please help.________________DDS.log:_______________DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 12:07:25.09 on Fri 04/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.295 [GMT -4:00]AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files�... Read more

A:Browser gets redirected from google, bing and other search results

Hello pn123 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be f... Read more

Read other 12 answers
RELEVANCY SCORE 91.6

Firstly, should I retain or remove IBingSurrogate? to eliminate the following problem?
 
The situation is probably commonplace across several sites, but so far it's not appeared in Google, and only in web site searches.  It doesn't relate in any way to Bing as a search engine in a drop down menu of Bing, Google, eBay, etc.
 
I normally left click the following link then click on the individual option, but if I wish to have multiple forum tabs open to go through one at a time, it's quicker to right click.  It's at this point that I noticed this.  It doesn't appear to be a virus, but it's only occurred today::
 
http://www.bleepingcomputer.com/forums/
 
 
 

Search for "Spyware" with Bing - Virus, Trojan, Spyware, and Malware Removal Logs

 
 

Search for "Infected" with Bing etc - Am I infected? What do I do?

 
 
The word searched for varies depending on which part of the sentence I right click, so the above sentences could change to:
 
 

Search for "Trojan" with Bing - Virus, Trojan, Spyware, and Malware Removal Logs

 
 

Search for "What" with Bing etc - Am I infected? What do I do?

 
 
I accidentally opened two of the same BC link and discovered that Bing appeared when right clicking (while offline) but did not appear (while logged in).

A:Bing Search unexpected when Right Clicking on Web Page links

FWIW:  http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/bingsurrogateexe-is-taking-more-space-on-my/4b35cf6d-9b35-4916-8b4e-0994a980d110
 
Louis

Read other 28 answers
RELEVANCY SCORE 91.6

Hi.
 
I've been working with Jeff over in the Virus, Trojan, Spyware and Malware forum and we've come to a point where he feels that the problem is possibly a hardware software problem of some sort.
 
Until a couple weeks ago, my I.E. search engine was Google and I had no problem opening links.  However, somehow I was hacked and they managed to corrupt my Kasperky Pure 3 program as well as my IoBits Advanced System Care Pro, well still acting as if both were updating and running as they should.  Then I discovered my firewall was down, and the programs were not running according to Windows Security.  From there, I couldn't turn on Windows Firewall or Windows Defender and Windows Update had been shut down.
 
Kaspersky worked with me and we discovered that the program had indeed been corrupted so using another computer and cd which I burned, I installed a new Kaspersky Pure 3 program.  Windows Security now showed Kaspersky as the firewall, virus protection and spyware/malware protection.  I had to turn Windows Update back on.
 
When I turned Windows Update back on, it did some updates to I.E.  I didn't think anything of it as I don't use I.E. except for the very rare occasion.
 
When finalizing our troubleshooting, it was recommended that I check settings in I.E. to be sure they were set properly.  When I opened I.E. all of a sudden it kept trying to redirect from the homepage. I closed the browser, opened it again with... Read more

A:I.E. 11 BING - Can't Open Links or Change Search Engine

Bumping to see if anyone can help me.  Thanks.

Read other 4 answers
RELEVANCY SCORE 91.6

Google, Yahoo, and Bing search Hyperlink Jacked

I have been doing research and using Google and Yahoo search engines... I never had an issue until a few days ago.... google,Yahoo, and bing links to one web site re-direct to a scam site.

It's not my computer..

I have tried the searches on 5 different computer to include iPad and iphones.... It's all the same. Google has a " warning " on the site now....

However, if I type the web address into the browsers it comes up just fine.

What would cause this issue seeing that it is not my computer(s) and its not the hosting server that the web site is using?

For some reason both Google, Yahoo, and Bing are being re-direct away from the actual site....

It get this "/wevwubhy.ru/links/1.php" and this " sumjecyg.ru/count15.php...

I looked them up and there are known Mal sites...

So what can be done and how can this happen if the Web Server hosting the site is fine.... Because I can type the site address directly into the browsers and it goes to the site I need.... But If I click on the link it goes to the Mal site?????



__________________

A:Google, Yahoo, and Bing search links jacked

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Preparing for the malware removal process

While a description of the trouble you're having is of help, we need more information. A comprehensive set of logs is required to determine the presence of malware.

Please follow our pre-posting process outlined here:

NEW I... Read more

Read other 5 answers
RELEVANCY SCORE 91.2

Please help! I have been infected by something that redirects me do random sites after I have done a searchs on Google, Yahoo or Bing. The latest redirects have taken me to the following website hxxp://server2.mediajmp.com/surveys/don-index.html?sub=yahoo.comor hxxp://server2.mediajmp.com/surveys/don-index.html?sub=google.comBoth of these links have an audio file asking me to participate in a 30 second survey. I have run Byspot Search & Destroy, PC Tools Spyware Doctor. Adaware & Malwaresbytes Anti Malware and still can not rid this thing. Other sites worth noting which are part of the redirect there are 9 click.php files here are some of the URL'shxxp://64.111.208.43/click.php?re=1&cc=eNoVUs3OqjAUfCATbQuUduECUPlERAFBYHNDC4j8qKCCEB7-amYyyUxOchYz10kkFE0I4GlfKB-r2H4mMAdQ_OkvBxRCRABCVMJTeIbSVjdyXn-q1F4uJ8gTIGaMEiDwOOYZSBCDCUScpISSmP-DNOM4FgSQUkw4FzOJUSQnNMNMRoyyCaJJmFLrXnlW9b6Mir0wGmLUGrevD7-yhfJuKbaSO2LDe-e-jfr6eOwwbt24dcfnuD96_Wc1k9vv20p5FabpGsRD2H0koPKNzs5eoguHRTc8mjxVr59z4dB1mWe3esXtNKt0t6tIK-zOg8w3z-RlVUBk6_Wi1AYr90vzSA6CT1Zdu7iPqNmWffHurdQYj3-qLcB920inRluczuqmf2yybnSawNEeRSll1Ws3vNP4-Iy4FP3lQxU4GCq9mvsZ9e-BWjfrEgkzwxc7sFadYIisp25oPDx_Bh_qoLeiY9kf6pNXBhqbxfygaKi-xeSa6UPirzwxuuyk0NuBgofrw-4un3TlOr5uTXgYxtCTN7PNFcscRqV5qQ-tebLExZ4IWvq4pezQlK5K3MdMSYYn8y7LiZI5QtJcIF9OYIKEzEUwl9Ec_-yEpkRIBLOGHbtZIAqMVxgYbRQ4PdM3ReRKBUOg-17-8O00RhCbZ-cdBepg1lbHfntBIMFJmooES4jiFCBKMlliTGIA41RG_wGSB9Po&cu=54d123a8433ce1b67595029df86bafdf&co=bc2be11daa9a7ffd8567da1141096460&... Read more

A:Search Engine Result Redirect Google, Yahoo & Bing http://r9237242.cn/

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 90.4

I am using a Dell Dimension DIM 4550 with a Pentium4, 2.4GHz, 2.39 GHz 768 RAM running Windows XP Home 2002 Service Pack 3. (I have not updated Windows for over one year because when a Windows update form the last year or so gets installed I cannot get a wireless connection between my Netgear RangeMax Wireless N Gigabit router WNR3500 and Netgear RangeMax Dual Band Wireless-N USB 2.0Adapter WNDA3100-- I have the auto update disabled after figuring out that if I system restored to a point before updates I do not lose wireless connection.)

My problem is that when trying to use the internet, I cannot get passed the search engine page. I use Internet Explorer and Google. I have switched the search engine to Bing and Yahoo and each results in same problem. I also loaded Firefox and tried Google, Bing and Yahoo with Firefox with same bad result.

I use ESET and ran Malwarebytes. I am able to access updates for each. I've run scans with each and have found and removed things a couple of times. I still can't get passed the search engine homepage.

This is what happens when I run a search, go to a favorite or type in a URL. I initially get to the next page but then I get a warning
"ESET NOD 32 Antivirus
Address has been blocked
URL
clkh71yhks66.com/eOGNg6de5asc8hvI2S5Xpeg...
IP
78.47.249.228:80"

Then I get an error message telling me that Internet Explorer has encountered a problem and needs to close. Then I get an error page that says "X we were unable ... Read more

A:Search Engine Redirected and can't get past Google/Bing/Yahoo page

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Read other 3 answers
RELEVANCY SCORE 89.2

When I click on a google link or even a bing link my page gets redirected to places like spyware scanner and fake search engines. I know its a virus or some sort of malware/ Spyware. It only takes control on links.

If you type something in the address bar or sometimes just open it in a new tab your fine. This happens in both IE and Firefox. I am running windows 7 and I have had no other problems. I have scanned the computer with spybot and avg 9 both in safe mode and in normal mode still nothing. Here is my hijack This! log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:52:24 AM, on 12/23/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
F:\Windows\Explorer.EXE
F:\Windows\system32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
F:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink... Read more

Read other answers
RELEVANCY SCORE 88

When ever i type in an address i just get forwarded to http://search-links.net/ + the address i tyed in. So if i want to goto a website, im having to go through google as i can access that. Is there anyway to get rid of this.

Thanks in advance
 

A:Being forwarded to http://search-links.net/

Closing duplicate, please continue here: http://forums.techguy.org/showthread.php?t=351426
 

Read other 1 answers
RELEVANCY SCORE 87.2

Hello, Everytime i use google or any other search tool and i click on a link i am redirected to various sites. It is not the same site every time. Deckard's System Scanner v20071014.68Run by cpsdhen on 2008-04-26 10:29:36Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --57: 2008-04-26 14:29:42 UTC - RP57 - Deckard's System Scanner Restore Point56: 2008-04-25 20:13:14 UTC - RP56 - System Checkpoint55: 2008-04-24 20:11:17 UTC - RP55 - System Checkpoint54: 2008-04-23 19:19:09 UTC - RP54 - Installed Conductix Quick Quote53: 2008-04-23 18:06:41 UTC - RP53 - System Checkpoint-- First Restore Point -- 1: 2008-02-01 07:07:00 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as cpsdhen.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:30:55 AM, on 4/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI... Read more

A:Search Links Redirected

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 2 answers
RELEVANCY SCORE 87.2

About two weeks, I had a problem where my background changed into a bright green screen and I received several warnings about virus and malware installed. The system would not let me open the task manager and was running very slow.

I check the registry and found that a setting was changed to prevent opening the task manager. I changed this back, and found a program taking 100% of the system resources. I killed the process and run my Spyware Doctor which found and removed several infections.

This allowed me to use my system and run programs again, but, my Google Search results started redirecting me other sites. I normally have to click on a link several times to get to the correct site. I also get random tabs popping up asking me to take "surveys".

I have tried Malbytes and SUPERAntiSpyware but to no avail.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bruce at 21:30:38.68 on Fri 12/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.692 [GMT -7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\... Read more

A:Search links are being redirected

This has been resolved.

I downloaded Kapersky Internet Security that identified rootkit.win32.TDSS.d

Kapersky was not able to remove this, but a google search pointed me to a program called TDSSkiller.exe

This identified and removed the rootkit.

Read other 2 answers
RELEVANCY SCORE 87.2

Hello,A few days ago I started getting redirected to random ads and websites when I click on a search result in google. I've run both McAfee and AdAware scans, but they haven't found any problems. Here is my HijackThis log. I appreciate any help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:48:24 PM, on 9/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\dlcxcoms.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Common Files\Micro... Read more

A:Search links being redirected

Hello sro1987Welcome to Welcome to BleepingComputer =====================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checke... Read more

Read other 1 answers
RELEVANCY SCORE 87.2

Hello,
My computer has recently started to redirect my search links to various spam websites. I am running Windows 7 and the problem occurs in Firefox.

I have run a Malwarebytes scan and a SuperAntiSpyware scan; both found problems, but once the viruses/malware were removed, the redirect problem continued to happen. Any help with this issue would be greatly appreciated.

Additional Notes: I am not running Windows 7 SP1 because the installer always comes up with an error; I believe the problem is being caused because I dual-boot Fedora.

A:My search links are being redirected.

Hello, let's run this next and see if it stops.Please post the MBAM log. The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed o... Read more

Read other 12 answers
RELEVANCY SCORE 87.2

If I search something from a website like google, and I click the link. It will sometimes redirect me to an ad. it doesn't redirect me all the time, but if I were to open a wikipedia page about the Olympics 10 times. It will redirect me about 3 times. I have used avg, panda, kasperkey, spybot s&d, malwarebite, superantimalware, combofix, tdsskiller. Some of them only find malware, but never anything that removes this virus. The virus scanners never find anything. Also I have tried these things in safe mode also.

I tried using this forum before Search links being redirected. but they weren't really any help.

I've used panda, avast, spybot s&d, tdss, malwarebytes, trojan remover, hitmanpro, avg, superantimalware, combofix and kasperkey, they find and remove small things like cookies, but they don't find anything else and the redirecting still happens.

Read other answers
RELEVANCY SCORE 87.2

Search links are being redirected to various sites. If I click on the link quickly it will take me to the correct site. On occasion a Google window (I am not sure if it is authentic) will open. Thanks for any help you can provide.

Sorry, additional information. I am using Windows XP and Firefox. I have tried IE and have the same problem. I have ran Malwarebytes, which has found some issues, but it has not fixed this problem.

A:Search links being redirected

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 1 answers
RELEVANCY SCORE 87.2

All browsers are being redirected when I click a search link. I have attempted to clean the system myself by running the Security Tango. All scans show the system as being clean(Avg Free, Malwarebytes, SuperAntiSpyWare). The hosts file seems to be clean as well.
 
Thank you for any help.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16521  BrowserJavaVersion: 10.21.2
Run by mike at 17:16:49 on 2013-05-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2171 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k Lo... Read more

A:search links being redirected

Hello sirdartan I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 14 answers
RELEVANCY SCORE 87.2

Running Windows XP on a hp pavilion laptop. Just about every time I click on a search link, I get redirected to another site like webcry.com or findstuff.com. Really annoying!! Any help would be greatly appreciated.
 

A:Help! My search links keep getting redirected!!

staninbji said:


Running Windows XP on a hp pavilion laptop. Just about every time I click on a search link, I get redirected to another site like webcry.com or findstuff.com. Really annoying!! Any help would be greatly appreciated.Click to expand...

oh yeah, I forgot. Whatever it is also deleted all of my system restore points, so I can't go back beyond the date I picked it up.
 

Read other 2 answers
RELEVANCY SCORE 87.2

Hi I have a computer which have all search results redirected, google,yahoo,bing,etc... to mx2(dot)35326(dot)get-search-results(dot)com/jump1/xxxxxxxxxxx.................................

I have ran Malware Bytes with updated definition file, but didn't capture anything.

Computer have updated Trend Micro OfficeScan as well.

Any ideas what i should be trying ?

A:All search links are redirected

Hello and welcome. Perhaps we can get in like this.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rki... Read more

Read other 3 answers
RELEVANCY SCORE 87.2

Whenever i search in google, yahoo, or live and click on the search link, i am being redirected to a different site. I ran adware, spybot, and avast scans, they picked up some malware and viruses which removed, but my links still are redirected.

A:search links are being redirected

Re-direction is ALMOST ALWAYS caused by malware issues...Even though you have run a few scans with IMHO good products they may or may not pick up every sign of infection. I would open up a new topic here:http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Let the experts there guide you in the removal of what may be causing this issue....I would also highly recommend that you limit your use of the internet until this issue is resolved as someone may be stealing valuable information from you without you even knowing about it...

Read other 1 answers
RELEVANCY SCORE 87.2

My search result links (In Google or Bing) are being redirected. I would be thankful for any help.

HiJackThis results:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:59 PM, on 7/31/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Dena_2\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.ex... Read more

Read other answers
RELEVANCY SCORE 87.2

Hello,

I'm running WIndows Vista on a Toshiba Laptop.

When I click on search links in Google or Yahoo they are redirected to something else altogether. I have Trend Micro and have run that and gotten no results and ran SpyBot S&D with no results either.

DDS.txt below...and other files attached as per instructions page...

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455
Run by Kenneth at 10:32:38 on 2012-12-06
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2038.1142 [GMT -5:00]
.
AV: Trend Micro Titanium *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Media Player\wmpns... Read more

A:Search links are redirected

Hello and welcome to TSF.

I am currently reviewing your post. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification then click Subscribe.
----------

Please download TDSSKillerDouble click TDSSKiller.exe
Press Start Scan
Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
items.
Attach the log in your next replyA copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Read other 13 answers
RELEVANCY SCORE 87.2

Howdy, An unfortunate click on a pop-up window appears to have infected our Vista machine with some malware that redirects our google searches to other sites. It also occasionally starts up an IE session by itself. We've tried our McAfee Security Center scans and the HitMan Pro 3.5 software, but the problem persists. Also...when I was saving the GMER scan, my bleeping computer locked up and I got the Vista version of the BSOD. Before I could read everything, the machine rebooted. As it restarted, I got a message saying the System Event Notification Service had a problem and I should read the log. I'll try to find it after I finish this post. I'll appreciate any help you can provide!DDS (Ver_10-03-17.01) - NTFSx86 Run by GlennFam at 14:23:18.22 on Sun 06/13/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3325.1912 [GMT -6:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRe... Read more

A:Search links being redirected

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 11 answers
RELEVANCY SCORE 87.2

Previous topic in AII here: http://www.bleepingcomputer.com/forums/t/312166/google-searches-redirected/ ~ OBHi,Yesterday, I somehow managed to get myself some nasty sort of virus. At first, I wasn't even able to run virus scans or Malwarebytes to get rid of it, so I attempted a system restore. The system restore seemed to solve most of my problems, except my AVG resident shield constantly popped up telling me there was a threat. After running both an AVG scan and Malewarebytes, that problem, too, seems to have subsided.Now, however, when I clink on links in Google, I am redirected to other websites. I have run Malwarebytes, AVG virus scan, Hitman, and SuperAntiSpyware several times each to no avail. The DDS scan results are below, however, I was unable to run GMER. The first time I attempted to run it, the scan began, but a few minutes later my computer froze. I assumed this was because I had a couple windows open, so I restarted my computer and tried again with nothing open. This time, I started the scan and went away from my computer, only to return a few minutes later and see that my computer had a blue screen of death.Edit: I noticed today that sometimes while I'm browsing the internet, a new tab will randomly open up and go to some website as well.DDS (Ver_10-03-17.01) - NTFSx86 Run by AdamC at 16:45:23.09 on Sat 04/24/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2389 [GMT -4:00]AV: A... Read more

A:Search links redirected

Hello AdamC243 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.I would like for you to try GMER once again but this time uncheck everything but Sections and then give it a try.Also please run the following prior to attempting GMER again:RKill by GrinlerLink #1Link #2Link #3Link #4Download Link #1.Save it to your Desktop.Double click the ... Read more

Read other 20 answers
RELEVANCY SCORE 87.2

On a friends computer, when doing a search, the list comes back looking as it should but clicking on a link to visit that page will usually go to some unrelated shopping site. I have noticed that there is a lengthy delay (10-15 seconds) if the link is being redirected while there is no delay on those rare occasions when the link works properly. Although Google is the primary Search Engine, the redirection also occurs with Yahoo and Bing. It also occurs from both the Google Toolbar search and the main Google web page.I have tried repeatedly to run GMER.EXE but I am unable to get a complete run. The first three runs ended in a Blue Screen (STOP 0c000021a). After updating all of my drivers, I no longer get the Blue Screen error. However, on 3 occasions, the computer froze while scanning /Cdfs and on two other occasions, the computer froze at some other location during the scan. On one occasion, I was able to complete the scan, but as soon as I clicked on the Save button, the computer froze. All freezes are "hard" freezes. Nothing can be done except to power off the computer and power it back on again.Here is the DDS.txt file:DDS (Ver_10-03-17.01) - NTFSx86 Run by Kim Falconer at 11:30:19.15 on Mon 08/16/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2492 [GMT -4:00]AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) Close topic 0FW: McAfee Firewall *enabled* BOTTOM BUTTON... Read more

A:Search Links Redirected

Hi James, to Bleeping Computer My name is SpySentinel and I will be helping you fix your malware problem.Sorry for the delay, we have been very busy lately, and I apologize for your wait.Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections... Read more

Read other 15 answers
RELEVANCY SCORE 87.2

Quickly I'll thank all those that take their time to help others here, and then try to be specific with my problem. I'm having my search links redirected by some hijack. There seems to be a lot of this going around lately. I mainly use Google, but I tried other engines, specifically Bing, and it got redirected too. This has occured with both IE & Firefox.
I've cleaned up my system with Spybot, McAfee, Windows Defender, & MBAM. Almost all now give me the all-clear; however, McAfee still finds two NTOSKRNL-HOOKs when it scans. It always deletes them, but still finds them again next scan.
I've tried Gooredfix, and it seems to do nothing. I have its log, though, if one is interested. I have MBAM logs, too, as well as HJT logs.
I'm out of other ideas and am tired of this, as it's gone on a couple days. So, I submit to those who know more than I. Let me know what else I can do to make things clearer for your understanding if needs be, and I hope I'm doing this all right.
Here's my DDS.txt with Attach.txt attached:

DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 18:16:38.52 on Fri 08/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.193 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Progra... Read more

A:Search links redirected. Tried everything else.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 87.2

Whenever i search in google, yahoo, or live and click on the search link, i am being redirected to a different site. I ran adware, spybot, and avast scans, they picked up some malware and viruses which removed, but my links still are redirected.

A:search links are being redirected

help?

Read other 2 answers
RELEVANCY SCORE 87.2

I am having trouble with my XP computer. When I do a search using IE or Firefox, then click on any of the links, I am redirected to some unrelated advertising site.

I have use Maleware Bytes, (free version) SpyNoMore (paid subscription) CCleaner, and McAfee Security Suite. I have run these until the results all come back clean. As soon as I get on the internet, I get hijacked again.

I'm hoping that bleepingcomputer.com can help me get my computer back on track. I am not very a techincal person, so I hope any help is in easy to understand and follow terms.

I am doing this initial post from work, so I do not have access to my problem computer right now.

Thanks.
vickilz

A:Search links being redirected

Hello let's do a couple more...Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Now run SASPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Wi... Read more

Read other 11 answers
RELEVANCY SCORE 87.2

When i click o a link in a google search it is redirected to another site, After 3 or 4 tries this problem stops until ther are new search results. I have tried all sorts of scands and virus checks bur can nor et rid of the problem. I only have this with y desktop achine . My laptop is free of the problem. I see from other posts that you ave been able to solve the problem. Any help would be appreciated.
Hi-jack This log attached.
Logfile of HijackThis v1.99.1
Scan saved at 12:51:26, on 25/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
G:\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
G:\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\M... Read more

Read other answers
RELEVANCY SCORE 87.2

Most search links are being re-directed- some virus infection for sure. I scanned using Malware Anti-virus s/w v1.41 with latest update, which found 4 rootkit(?) infections, and removed all these. SUPERAntiVirus 4.30 did no find any viruses. I would highly appreciate any help in fixing the problem. I have a Windows XP SP2.Thanks,SatyaFollowing the steps given in this link: http://www.bleepingcomputer.com/forums/t/271066/keep-getting-redirected/, I ran Gmer, RSIT and Malwar Anti-virus. Please find the logs below:Merged posts. ~ OB

A:search links being redirected

Anyone who could help me? Much appreciated.

Read other 3 answers
RELEVANCY SCORE 87.2

Search links are redirected by this ip address 216.133.243.28

A:Search links are redirected

Hello crmadison,I apologise for the delay, the forum is busy.---------------------------------------------- I will be assisting you with your malware issues.Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!Please bookmark or favourite this page. In case you need it as reference or etc.If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.IMPORTANT NOTE:If you are using Windows Vista you must right click on the desktop icon and choose Run as Administrator all tools.----------------------------------------------Malwarebytes' Anti-MalwarePlease download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Checked (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.When completed, a ... Read more

Read other 2 answers
RELEVANCY SCORE 87.2

Hi, I didn't really get if I'm allowed posting here or not, since I don't know if I'm a member or an other member other members should refrain from posting to these logsWell at least I did register.Now, my IE-Homepage got changed into "http://search-links.net". I did run AVG and Spybot Search & Destroy as well as Ad-Aware. All of them found some registry changes and deleted the bad entries but still my IE-homepage is changed. As before in situations like this I went to "cexx.org Message boards" to seek for help. "YoKenny" did help me but after his advices didn't work he told me to go to the "bleepingcomputer.com" and post my message there which I do now herewith. Below I enclose my current HJT-Log. Please could someone tell me what to do to get rid of this "http://search-links.net"-thing?Thanks in advance for any help! filfilLogfile of HijackThis v1.99.1Scan saved at 16:01:02, on 15.04.2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:... Read more

A:IE-Homepage changed into http://search-links.net

Hello filfil and welcome to the BC forums. Yes this is the correct place to post HijackThis logs. The warning you mention is so that those who do not have the training to interpret HijackThis logs do not post responses that could damage your computer.After reviewing your log I see a few items that require our attention. Please proceed with the following steps in order.Step #1Before starting the fix we need to turn off WinPatrol so it does not interfere with our fixes. Right-click on the WinPatrol icon in the task try and click on Exit Program.Step #2Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-links.netR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-links.net/?my= (obfuscated)R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-links.net/?my= (obfuscated)O13 - DefaultPrefix: http://%73%65%61%72%63%68%2D%6C%69%6E%6B%73%2E%6E%65%74/?my=O13 - WWW Prefix: http://%73%65%61%72%63%68%2D%6C%69%6E%6B%73%2E%6E%65%74/?my=Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Step #3OK. Reboot your computer normally, start HijackThis and perform a new scan. Post your new log file back here along with details of any problems you encou... Read more

Read other 13 answers
RELEVANCY SCORE 86

Hi, I have done all I can to get rid of this pest on my PC. I now need your help.

I have run the lavasoft program Adaware SE, Spy Sweeper, CW Shredder and Spy Subtract.

I have created a log via Hijack This and then run the analyzer on it. The results are below.

I hope you can help me rid my PC of this annoyance. I have also decided to use Firefox for 95% of my browsing now.

Rick

-----------

Logfile of HijackThis v1.98.2
Scan saved at 09:04:14, on 13/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe... Read more

A:ie explorer is being redirected to http://best-search.us/?page=home&pid=sext01

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

The Temp folders should be cleaned out periodically as inst... Read more

Read other 3 answers