Over 1 million tech questions and answers.

CLICKOVER.CN Search Engines Hijacked!!!! HELP!

Q: CLICKOVER.CN Search Engines Hijacked!!!! HELP!

Hello,

I noticed other people having the clickover.cn problem, so I joined and posted hoping for help. Every search is hijacked and taken to ad sites and sites SOUNDING familiar to what I searched for. Clickover.cn usually flashes at beginning of the URL when hijacked. Also something like Volya or volgya has been displayed briefly in url a couple times before it changes to phony sites.

I ran a rootrepeal. Here is my file scan results page:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/03 18:40
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: Volume C:\, Sector 1
Status: Sector mismatch

Path: Volume C:\, Sector 2
Status: Sector mismatch

Path: Volume C:\, Sector 3
Status: Sector mismatch

Path: Volume C:\, Sector 4
Status: Sector mismatch

Path: Volume C:\, Sector 5
Status: Sector mismatch

Path: Volume C:\, Sector 6
Status: Sector mismatch

Path: Volume C:\, Sector 7
Status: Sector mismatch

Path: Volume C:\, Sector 8
Status: Sector mismatch

Path: Volume C:\, Sector 9
Status: Sector mismatch

Path: Volume C:\, Sector 10
Status: Sector mismatch

Path: Volume C:\, Sector 11
Status: Sector mismatch

Path: Volume C:\, Sector 12
Status: Sector mismatch

Path: Volume C:\, Sector 13
Status: Sector mismatch

Path: Volume C:\, Sector 14
Status: Sector mismatch

Path: Volume C:\, Sector 15
Status: Sector mismatch

Path: Volume C:\, Sector 16
Status: Sector mismatch

Path: Volume C:\, Sector 17
Status: Sector mismatch

Path: Volume C:\, Sector 18
Status: Sector mismatch

Path: Volume C:\, Sector 19
Status: Sector mismatch

Path: Volume C:\, Sector 20
Status: Sector mismatch

Path: Volume C:\, Sector 21
Status: Sector mismatch

Path: Volume C:\, Sector 22
Status: Sector mismatch

Path: Volume C:\, Sector 23
Status: Sector mismatch

Path: Volume C:\, Sector 24
Status: Sector mismatch

Path: Volume C:\, Sector 25
Status: Sector mismatch

Path: Volume C:\, Sector 26
Status: Sector mismatch

Path: Volume C:\, Sector 27
Status: Sector mismatch

Path: Volume C:\, Sector 28
Status: Sector mismatch

Path: Volume C:\, Sector 29
Status: Sector mismatch

Path: Volume C:\, Sector 30
Status: Sector mismatch

Path: Volume C:\, Sector 31
Status: Sector mismatch

Path: Volume C:\, Sector 32
Status: Sector mismatch

Path: Volume C:\, Sector 33
Status: Sector mismatch

Path: Volume C:\, Sector 34
Status: Sector mismatch

Path: Volume C:\, Sector 35
Status: Sector mismatch

Path: Volume C:\, Sector 36
Status: Sector mismatch

Path: Volume C:\, Sector 37
Status: Sector mismatch

Path: Volume C:\, Sector 38
Status: Sector mismatch

Path: Volume C:\, Sector 39
Status: Sector mismatch

Path: Volume C:\, Sector 40
Status: Sector mismatch

Path: Volume C:\, Sector 41
Status: Sector mismatch

Path: Volume C:\, Sector 42
Status: Sector mismatch

Path: Volume C:\, Sector 43
Status: Sector mismatch

Path: Volume C:\, Sector 44
Status: Sector mismatch

Path: Volume C:\, Sector 45
Status: Sector mismatch

Path: Volume C:\, Sector 46
Status: Sector mismatch

Path: Volume C:\, Sector 47
Status: Sector mismatch

Path: Volume C:\, Sector 48
Status: Sector mismatch

Path: Volume C:\, Sector 49
Status: Sector mismatch

Path: Volume C:\, Sector 50
Status: Sector mismatch

Path: Volume C:\, Sector 51
Status: Sector mismatch

Path: Volume C:\, Sector 52
Status: Sector mismatch

Path: Volume C:\, Sector 53
Status: Sector mismatch

Path: Volume C:\, Sector 54
Status: Sector mismatch

Path: Volume C:\, Sector 55
Status: Sector mismatch

Path: Volume C:\, Sector 56
Status: Sector mismatch

Path: Volume C:\, Sector 57
Status: Sector mismatch

Path: Volume C:\, Sector 58
Status: Sector mismatch

Path: Volume C:\, Sector 59
Status: Sector mismatch

Path: Volume C:\, Sector 60
Status: Sector mismatch

Path: Volume C:\, Sector 61
Status: Sector mismatch

Path: Volume C:\, Sector 62
Status: Sector mismatch

Path: C:\WINDOWS\system32\vsfoceerrsfabp.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\vsfoceihovhkwn.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\vsfocemphewbml.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\vsfocevbnyokmr.dll
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_9l11itvcvyohyq3
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_cgbco5gbkwiwamh
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_dpf91lxb6od6iif
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_kix9wrwrobwuqdz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_sordphgsaabkg25
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ux2uhgxbs1e1lby
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_waz2lhgyhansb3p
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\vsfocenkhmqsxgio.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\vsfocepxrlxexy.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\avg8\Log\39f124a9-2e14-41dd-be9b-b3d0bbe1abcf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N2ZABL5T.MJJ\2MVW002Z.WPP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

WHAT DO I DO? Thank you in advance.

RELEVANCY SCORE 200
Preferred Solution: CLICKOVER.CN Search Engines Hijacked!!!! HELP!

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: CLICKOVER.CN Search Engines Hijacked!!!! HELP!

Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:C:\WINDOWS\system32\drivers\vsfocepxrlxexy.sysThen use your mouse to highlight it in the Rootrepeal window.Next right mouse click on it and select *wipe file* option only.Then immediately reboot the computer.Then run a quick-scan with Malwarebytes following the instructions below. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Read other 6 answers
RELEVANCY SCORE 73.2

Hi,I'm looking for some help if at all possible. Everytime I do a googlesearch, the results come up as normal, but if I click on one, instead of going to the link displayed, a random search engine (such as fresh-weather.com or some other obscure name) kicks in and redirects.I read something about fixwareout being useful in fixing something like this, so I tried downloading and running that, but it won't run - it says I don't have admin rights (even though as far as I know, I do).Any help would be appreciated. Here's the HJT log. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:02:51, on 14/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\av... Read more

A:Google Search Hijacked By Dodgy Search Engines

Hello and welcome to BC. Please scan with HijackThis and put a checkmark against the following entries:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO9 - Extra button: Microsoft AntiSpyware helper - {16593A03-CF85-4722-ACC2-070872AF1A0F} - (no file) (HKCU)O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {16593A03-CF85-4722-ACC2-070872AF1A0F} - (no file) (HKCU)O17 - HKLM\System\CCS\Services\Tcpip\..\{A3C8200D-445F-4EA6-87DD-8E905073C951}: NameServer = 85.255.115.18,85.255.112.220O17 - HKLM\System\CCS\Services\Tcpip\..\{EF5AE37E-930A-4643-B7A9-220854BC4274}: NameServer = 85.255.115.18,85.255.112.220O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.220Close all browsers/windows, except HijackThis, and click on "fix checked". Exit HijackThis.==============================Please delete the existing Fixwareout and s download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exehttp://download.bleepingcomputer.com/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take... Read more

Read other 30 answers
RELEVANCY SCORE 72

Please can I have some help.
Everytime I use google or yahoo, the searches come back correct, but when I click on the link I will get redirected to some random site. Some of these sites have the same layout but different content.
I have used malwarebytes, superantispyware, spybot and ad-aware. While they did get rid of some viruses the search engine hijack still remains. I used the scanners in both safe mode and normal mode.
I have also notice that my local hosts file has alot of random web addresses in it, but I don't know what to delete.

So a summery of the issues:
Searches in google come back correct, but if I click on any one of the search results link, it will take be to a random site. Though if I click it a second time, it will take me to the correct site.

Internet seems slow, though it was never that fast.

Thank you in advance

A:My search engines has been hijacked

Bump

Read other 6 answers
RELEVANCY SCORE 72

Blackle.com, Ask.com, and Google when I'm logged into Gmail all work fine but otherwise, I get a bunch of results with the correct text but the links associated all direct to sites such as moxiesearch.com, findstuff.com, and web.info.com. I've run Malwarebytes already and it found a few things but hasn't fixed the problem at hand. I don't know if I'm supposed to post a HijackThis log or a DDS log, but here's my DDS log. If something else is needed just let me know, looking forward to getting this fixed. Thanks!
DDS (Ver_09-01-18.01) - NTFSx86 NETWORK
Run by ctjordan at 0:03:10.15 on Thu 01/22/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1577 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\ctjordan\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.unc.edu/
uInternet Settings,ProxyOverride = *.loca... Read more

A:Hijacked Search Engines

Hi,While I will be helping you - I hope you can help me as well.Can you navigate to your C:\Windows\System32 folder and search for the file wdmaud.sys in there? If so, upload it here for me: http://www.bleepingcomputer.com/submit-malware.php?channel=8Extra note, make sure it's the wdmaud.sys file present in the system32 folder and not the wdmaud.drv file (because that one will be present there as well and is the legitimate one).Also, don't upload the wdmaud.sys present in the drivers folder or dllcache folder, because those are legitimate as well. Only the wdmaud.sys file present in the system32 folder is a bad one and may be causing your problem.I actually already blogged about the infection you are dealing with here: http://miekiemoes.blogspot.com/2008/10/fak...archengine.htmlBut please perform above instructions first before deleting it. So upload that file for me (if present) for analysis. Thanks.Let me know in your next reply once you've uploaded the file - or if you could find it.

Read other 13 answers
RELEVANCY SCORE 72

Hi. I wonder if you could help me with this. Lately each time I try to use Google or Yahoo search, another website pops up. Each time it is different but with the exact same interface. I downloaded Hijack This! and here is the logfile:

*******************
Logfile of HijackThis v1.99.1
Scan saved at 오후 1:59:33, on 2007-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Google\GoogleToolbar... Read more

A:My search engines hijacked

Read other 9 answers
RELEVANCY SCORE 72

When I try to use google or any other the seach engine, all links go to some other place than where they say they are going to.

any help would be appreceated.

Thanks,

Steve

A:Search Engines have been hijacked

Hello kk4mr and welcome to BC. First I am moving this topic from the XP forum to Am I Infected so we can get some logs.What malware tools (AV,spywre ) are installed?Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Follow with MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen... Read more

Read other 2 answers
RELEVANCY SCORE 72

McAfee has not been able to ID nor fix my problem. Neither has Lavasoft, Malwarebytes, Spybot, nor SuperAntiSpyware. Whenever I try to use a search engine I get results, but when I click on them it sends me to other search engines or web pages. As per this site's instructions, I tried to create a gmer report, but the first time I ran it it froze, the next two times it crashed to a blue screen. Apparently a driver requested that the computer be shut down both times. I followed the directions on your preparation page to a tee, but regretfully could not comply in this respect. I wish I could give you more to go on than that, but I'm afraid I can't. Also, any help pruning my computer of processes that do nothing but consume computer memory/resources would also be greatly appreciated. The DDS report follows:DDS (Ver_10-03-17.01) - NTFSx86 Run by Todd at 13:18:47.62 on Wed 06/16/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.1917 [GMT -5:00]AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:&... Read more

A:something has hijacked my search engines

My name is etavares and I will be helping you with this log.Here are some guidelines to ensure we are able to get your machine back under your control.Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.Please reply within 3 days to be fair to other people asking for help.When in doubt, please stop and ask first. There's no harm in asking questions!Since you're having issues with GMER, please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'

Read other 24 answers
RELEVANCY SCORE 72

I had a virus infection removed with Malwarebytes earlier today. I am still having an issue where most of the items I click on when doing a google search take me to an odd search engine or shopping site. Thanks for your help. Here is the DDS log...
DDS (Ver_09-07-30.01) - NTFSx86
Run by Andy Crowner at 18:46:37.46 on Mon 08/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.620 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmg... Read more

A:Search Engines Hijacked...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 72

Hey guy- all of my search engines are hijacked- I know you've heard this a million times---here's my logs and THANKS FOR YOUR HELP!!!!!DDS (Ver_09-07-30.01) - NTFSx86 Run by Aimee Guild at 20:17:02.37 on Mon 08/03/2009Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.167 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEsvchost.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Dell\Media E... Read more

A:Search engines HIJACKED!!

Update- I ran TrendMicro's HouseCall and it found ADW.COMET.AO and AWARE.180.SOLUTIONS which I had it remove. After oing a bit of research I searche fro an found lot.dll, sssinstaller.exe an comet.dll and erased them. But the search engines are still hijacked......Thanks in avance for your help!!Hello dieselburner,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

Read other 3 answers
RELEVANCY SCORE 72

When I go to google or any other search engine, I get the correct descriptions of what I am searching for, but the actual URLs are hijackedDDS (Ver_09-02-01.01) - NTFSx86 Run by little twig sales at 23:45:56.84 on Mon 02/02/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1221 [GMT -8:00]AV: Panda Internet Security 2008 *On-access scanning enabled* (Updated)FW: Panda Internet Security 2008 *enabled*============== Running Processes ===============C:WINDOWSsystem32svchost -k DcomLaunchsvchost.exeC:WINDOWSsystem32svchost.exe -k netsvcsC:Program FilesPanda SecurityPanda Internet Security 2008TPSrv.exesvchost.exesvchost.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesDell Network Assistanthnm_svc.exeC:Program FilesPanda SecurityPanda Internet Security 2008PsCtrls.exeC:Program FilesPanda SecurityPanda Internet Security 2008PavFnSvr.exeC:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exeC:WINDOWSExplorer.EXEC:Program FilesPanda SecurityPanda Internet Security 2008pavsrv51.exeC:Program FilesPanda SecurityPanda Internet Security 2008AntiSpampskmssvc.exeC:Program FilesPanda SecurityPanda Internet Security 2008AVENGINE.EXEc:program filespanda securitypanda internet security 2008firewallPSHOST.EXEC:Program FilesPanda SecurityPanda Internet Security 2008PsImSvc.exeC:Program FilesDell Support Centerbinsprtsvc.exeC:WINDOWSsystem32igfxtray.exeC:WINDOWSsystem32igfxpers.exeC:WINDOWSRTHDCPL.EXEC:Program Files... Read more

A:something has hijacked my search engines

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 3 answers
RELEVANCY SCORE 72

Hey gang first post here...Looks like everytime I click a link after search in Google, the browser gets redirected ... for example after clicking a link to download "hijackthis" it gets redirected ' <hxxp://xfindmywolrdx.com/?q=hijackthis>In addition to this problem, about every 15 minutes i get a pop-up for a fake norton system scan telling me that my computer is infected.*sigh*After running adaware, anti-virus full scan and ccleaner, no change to the aforementioned problem. Any and all help would greatly be appreciated.Here is the hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:38:40 PM, on 3/7/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\pcAnywhere\awhost32.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exeC:\Program Files\Symantec An... Read more

A:My search engines are hijacked

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal,spades0ace. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.Step1Please close all browsers and other windows while running GooredFix. Please download GooredFix and save it to your Desktop.Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).Note: Do not run Option #2 yet.Step2Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below: @Echo off
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32" >> C:\look.txt
START C:\look.txtName the file as check.bat, making sure save as type is set to " All Files ". It should look like Double click on check.bat & allow it to run. Copy and paste the content in your next reply (If the file does not open please check here for the file C:\look.txt.).Step3Please download GMER Rootki... Read more

Read other 2 answers
RELEVANCY SCORE 72

Whenever I use yahoo, msn, google, etc. to search for something, the correct search results come up, but when I click the clink, it redirects me to some random site, usually shopping sites. If I type an address in the bar, it's no problem. Then, once I am at that page, I can click any link and it will work properly. THe only time I get the redirect is from a search page.

I have run Windows Defender, Spybot - Search and Destroy, and Ad-Aware, and fixed any problems that were found. I also ran my McAfee Virus Scan and again, fixed any issues found.

Here is my result from the Panda ActiveScan:

Incident Status Location Adware:adware/sidestep - Not disinfected - c:\windows\downloaded program files\SbCIe02a.inf
Adware:adware/searchexe - Not disinfected - Windows Registry ... Read more

A:Search Engines Hijacked - Please Help

www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 8 answers
RELEVANCY SCORE 72

My personal confuser has been hijacked, not allowing me to visit or use any major search engines.
Here's my log, PLEASE HELP
Logfile of HijackThis v1.95.0
Scan saved at 5:08:42 PM, on 10/3/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\GWMDMMSG.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\PGPSDKSERV.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\PROGRAM FILES\GATEWAY\GATEWAY INK MONITOR\INKMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\PGP CORPORATION\PGP FOR WINDOWS ME\PGPTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.de/
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.220.30 www.google.akadns.net
O1 - Hosts: 207.44.220.30 www.google.com
O1 - Hosts: 207.44.220.30 google.com
O1 - Hosts: 207.44.220.30 www.altavist... Read more

A:HIJACKED!...Can't use search engines!!!

Read other 9 answers
RELEVANCY SCORE 72

I'm running windows XP on my computer. Any time I try to use a search engine (Google, MSN, Yahoo, etc) in Firefox or IE all of the links of the results take to me spam sites. When I use Google Chrome everything seems to be fine. I've tried running basic searches and the same links keep coming up no matter what I do.

I added a picture to show what links keep coming up


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:18 PM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Prog... Read more

A:Search Engines Hijacked

Hi, Welcome to TSG!!

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Please download Malwarebytes Anti-Malware and save it to your desktop. alternate link 1 alternate link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say &quo... Read more

Read other 1 answers
RELEVANCY SCORE 72

I haven't been able to use a search engine since yesterday afternoon. Any help would be greatly appreciated.
I ran Spybot and cleared some stuff out. I just ran Hijack This and here's the log:

Logfile of HijackThis v1.97.2
Scan saved at 2:32:27 PM, on 10/4/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\RSRCMTR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\DUAL WHEEL MOUSE\4DMAIN.EXE
C:\PROGRAM FILES\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exp... Read more

A:Search engines hijacked, HELP

Dracodiem

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.220.30 www.google.akadns.net
O1 - Hosts: 207.44.220.30 www.google.com
O1 - Hosts: 207.44.220.30 www.altavista.com
O1 - Hosts: 207.44.220.30 altavista.com
O1 - Hosts: 207.44.220.30 uk.search.yahoo.com
O1 - Hosts: 207.44.220.30 ca.search.yahoo.com
O1 - Hosts: 207.44.220.30 jp.search.yahoo.com
O1 - Hosts: 207.44.220.30 au.search.yahoo.com
O1 - Hosts: 207.44.220.30 de.search.yahoo.com
O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
O1 - Hosts: 207.44.220.30 www.lycos.de
O1 - Hosts: 207.44.220.30 www.lycos.ca
O1 - Hosts: 207.44.220.30 www.lycos.jp
O1 - Hosts: 207.44.220.30 www.lycos.co.jp
O1 - Hosts: 207.44.220.30 alltheweb.com
O1 - Hosts: 207.44.220.30 web.ask.com
O1 - Hosts: 207.44.220.30 ask.com
O1 - Hosts: 207.44.220.30 www.ask.com
O1 - Hosts: 207.44.220.30 www.teoma.com
O1 - Hosts: 207.44.220.30 search.aol.com
O1 - Hosts: 207.44.220.30 www.looksmart.com
O1 - Hosts: 207.44.220.30 ca.search.msn.com
O1 - Hosts: 207.44.220.30 fr.ca.search.msn.com
O1 - Hosts: 207.44.220.30 search.fr.msn.be
O1 - Hosts: 207.44.220.30 search.fr.msn.ch
O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
O1 - Hosts: 207.44.220.30 search.msn.at
O1 - Hosts: 207.44.220.30 search.msn.be
O1 - Hosts: 207.44.220.30 searc... Read more

Read other 3 answers
RELEVANCY SCORE 72

I am having issues with a couple of my search engines (yahoo & google). Every time I query the search engines, I get a list of links that appear normal, but when I click on them I am routed to some mysterious new search engine, or random website not of my choosing. A pop-up accompanying my original search window is also now not uncommon. I have tried to kill whatever it is on my system with malwarebytes & system restore points, but have had no luck. In general, my computer seems to be running OK, but I am concerned about what is re-routing my searches & what other nefarious things it may be doing. I am running windows XP. Below you will find a couple 'websites' I was routed to by my mystery hijacker. Any assistance you can provide is greatly appreciated!

hxxp://67.51.70.52/q3.php?affiliate=se1-93705&source=abc&query=Whatalesya&adword=|WhatalesyaABCYP&campaign=0326

hxxp://www.directrdr.com/v3.php?pid=245&cid=11374&crid=10129&t=4(7126)8(392918)1(1946748)&cc=840&said=0&params=ab8e13cc4fea84679cbdec07728b7e36b8a7cf90-Uu.sFf.sU.wus%09f.fwwfff%097cKqLvIaL%09wsUw3UufwF%09pTc&pc=0-11374&vurl=http%3A%2F%2Fsports.yahoo.com%2F&mm=32

DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Ryan at 17:39:23.75 on Sun 12/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.797 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4C... Read more

A:search engines being hijacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 20 answers
RELEVANCY SCORE 72

When I use any search engine, I get all of the results just like normal, but whenever I click one of the results, I get redirected to seemigly randon sites. Often, these sites are other search engines. I'm running Windows XP. So far I have updated my anit-virus (Norton 2010) nad run it. I also ran AdAware and Spybot. Seveal times it seemed like things were fixed, but then the problem returned 10-15 minutes later. I also downloaded HiJackThis! and heres my log file:Logfile of HijackThis v1.99.1Scan saved at 7:39:01 PM, on 1/25/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exeC:\WINDOWS\arservice.exeC:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\... Read more

A:Search Engines Hijacked

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 3 answers
RELEVANCY SCORE 72

Hello. Trying to fix my wife's laptop. The search engines have been hijacked. If you type in a query in google (ex: elderscrolls.com), it takes just a tad bit longer than usual and then directs you to a results page. BUT when you click on one of the results (ex. elderscrolls.com homepage) it redirects you to http://bee-find.com/?q=elderscrolls.com and then you usually end up on some random search engine's page, usually with results that have nothing to do with what you need.
You can copy and paste the link in the address page and it takes you to the appropriate site.

I've searched the forums and tried two other posts, but either I'm doing something wrong or I have a different problem.

I ran CW shredder and it did find a few entries.
I've also ran Cleanup several times in SAFE MODE.

HIJACK THIS
Logfile of HijackThis v1.99.1
Scan saved at 9:39:28 PM, on 6/19/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\Explorer.EXE
C:\Users\Pol\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1... Read more

A:Search Engines Hijacked

Read other 6 answers
RELEVANCY SCORE 72

Hello again (for the 1st time),Whenever I try to search, using any search engines, I am redirected to random sites..sometimes related to my search and sometimes completely random but never to the result I select. Below is the DDS report and attached the attach and ark logs. Any help you can offer is greatly appreciated. Thx.DDS (Ver_09-12-01.01) - NTFSx86 Run by Alexis Grajales at 17:06:50.79 on Sat 01/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.553 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Security Essentials\msseces.exesvchost.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\WINDOWS\system32\bgsvcgen.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\... Read more

A:Search engines hijacked, please help.

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

Read other 2 answers
RELEVANCY SCORE 72

I have run Trend micro Housecall
CWS Shredder and HJT Please Help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:18 AM, on 10/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Egnyte Local Cloud\egnyte_local_cloud_systray.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\WINDOWS\system32\rundll32.e... Read more

A:Search Engines Hijacked

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After down... Read more

Read other 2 answers
RELEVANCY SCORE 72

Gentlemen, I am running Vista SP2... And every time I click on a link on any search engine using Firefox or I.E., it seems that I get taken to one of many different websites, that is not what I was looking for... Can you please help?

sorry, I failed to fully comprehend the first steps before I posted... So here goes the rest of the stuff...


DDS (Ver_10-03-17.01) - NTFSx86
Run by Carl at 1:17:01.30 on Wed 10/06/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3054.1794 [GMT -4:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
d:\Program Files\AVG\AVG9\avgchsvx.exe
d:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
d:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
d:\Pr... Read more

A:Help me, my search engines appear to have been Hijacked

Hello, and welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Also, I'd be grateful if you would note the following: The fixes are specific to your problem and should only be used for the issues on this machine.
Do not install/uninstall anything on your computer unless advised.
Do not run any other scanning tools other than those instructed for you to use.
Follow the instructions on the order they are given.
Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.
_________________________________________________

You will need to right click and choose "Run as Administrator" to run the tools we will use.

Read other 19 answers
RELEVANCY SCORE 72

Hi, I have a problem when I use a search engine. The first search result page is filled with obvious advertising. To get to the actual search results I must click "next page". I thought I could live with this, but now I think I will bury my computer in the backyard.

Help me Obi Wan Kenobi, you're my only hope.

Logfile of HijackThis v1.97.7
Scan saved at 6:33:49 PM, on 1/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Zain.P4COMPUTER\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO... Read more

A:Hijacked search engines

Read other 7 answers
RELEVANCY SCORE 72

Hi!

For the past couple of months, anytime I search for anything on google/yahoo/bing and click on a link from the search engine, it redirects me to a completely different page than what I clicked.

I followed the instructions for "Preperation Guide for Use Before Using Malware Removal Tools and Requesting Help" but when I tried to follow step #8 (Create a GMER Log), my computer automatically restarts by itself and at the start up I get the following message: "The system has recovered from a serious error". I've attached the error message. I am running a 32-bit machine.

Below is my DDC.txt file. I've also attached the Attach.txt file created by DDS

Thanks in advance for your help.
------------------------------------------------------------------------------

DDS (Ver_10-12-05.01) - NTFSx86
Run by jsimon at 13:53:29.36 on Wed 12/08/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.629 [GMT -5:00]

AV: AVG Internet Security Business Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\A... Read more

A:My Search Engines have been Hijacked

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 6 answers
RELEVANCY SCORE 72

I was going to post my hijack log here but to be honest it seemed like to do that I had to download more crap and I'm really tired of downloading stuff onto my computer to try to fix this problem so I gave something one last shot and, well, here's my information. Maybe it will help, maybe people who are smarter than me can help better. I just know today I can search and I'm like a kid in a candy store. Someone in a Windows forum suggested I download Ashampoo AntiSpyware 2 to fix my problem. I tried this and at first no luck. I just updated it last night and scanned again and it found this in my files....Trojan-Downloader.Win32.Small.ancw!A2 from here.... C:\Windows\_MSRSTRT.EXEWhen I went back today to find it under quarantined to write here it also had removed....Trojan-Downloader.Win32.Agent.cosc!A2 from here.... C:\MSOCache\AllUsers\{900120000-0026-0000-0000000FFICE}-C\setup.exeThis morning is the first time I've used Google normally in a while. I'm not positive this will help you but I'm guessing it can't hurt. Before I end this there's two things. Well' actually three.1.) I have NO relationship with this software. Download it if you want. Don't if you don't. I don't mean to sound bi***y; I just REALLY want you to understand I have no reason to advocate this software other than it seemed to help me after a lot of other measures failed (McAfee; Windows Defender; SUPERAntiSpyware and Malwarebytes).2.)This software is not free.... Read more

A:WAS Being Hijacked in ALL Search Engines. Maybe this can help someone.

I may need to offer someone an apology. This may not have been the forum that I needed to download a few other programs to have my hijack log looked at. I looked at so many I may be confused about which is which. If so, my apology's.

Read other 2 answers
RELEVANCY SCORE 72

Hello all, my name is John, and I have a problem....

A few weeks ago, my home PC began displaying some odd symptoms, namely google and Yahoo searches taking longer than expected, and the results of those searches displaying only spam (typically bogus anti-virus sites). The discriptions of the sites are correct, however the links are being replaced by some type of malware. I ahve run spybot, as well as ad-aware with the normal culprits removed, but cannot seem to find, and or shake this bug. I have walked through many of the existing thrreads here, and while gaining a great amount of knowledge as to what's going on, I haven't been able to cure this thing. In addition, thinking that this may only affect IE, I dowloaded and installed Mozilla FF and still ahd the same issue. I would GREATLY appreciate any assistance that you may be able to give me. THANKS!!!

A:My Search Engines have been Hijacked!

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at th... Read more

Read other 4 answers
RELEVANCY SCORE 72

I work for a company that does internet rating. I often open 5 pages at a time in different tabs so I have no idea which was the malicious site. I had AVG and SuperAntiSpyware. AVG seemed to freeze up and there were pop ups that I knew were fake virus removals-I don't think I clicked 'yes' on any of them but there were pop ups from AVG and them and Firefox warnings. I ran SuperAntiSpyware and it removed some infections, mainly trojans. I then downloaded and ran Malwarebytes in safe mode and it removed more. I then downloaded avast! and it removed more as well.

When I reboot, I get a dll error and
AVG does not seem to block any sites any longer either. Now, I have a hijacked browse that I can not get rid of. I downloaded a fix on another forum which replaced a Google plug-in, (Google Antimalware fix by Chase)but all the search engines are hijacked, leading me to believe it is the browser itself. I am using Firefox.

If I copy and paste a link in the address bar, there is no redirect, but if I use a search engine and click a link-it takes me to: monstormarketplace . com from Yahoo.
pleasewaitfind TO samantasay. com TO //us.answerfinders.info/findx/fin from Bing
pleasewaitfind TO samantasay TO //www.mylocalhero. com/s for Google

Firefox closed with no warning twice today, and when it does, my computer will not open any programs, restart or shutdown. I have to hold the off button.
Even after running a virus program a day, today Malwarebytes removed 23 infected ... Read more

A:Hijacked search engines

Read other 16 answers
RELEVANCY SCORE 72

Help!I cannot use google or yahoo on my pc. All results show the title of the websites I'm looking for, but the links are all incorrect.Please assist.DDS (Version 1.1.0) - NTFSx86 Run by Talib at 20:13:48.26 on Tue 12/23/2008Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.471 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Verizon\VSP\VerizonServicepoint.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\Intel Matrix Storage Manager�... Read more

A:Search engines hijacked

When you say the text shows, but the links are incorrect. What does that mean? Please provide more detail.Download GMER Rootkit Scanner from here. Extract the contents of the zipped file to the desktop. Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes: Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Please post the contents of your ark.txt file as a reply to this topic.

Read other 3 answers
RELEVANCY SCORE 72

I recently got rid of quite a bit of Malware using SpyBot, MalwareBytes Anit-Malware and Symantec. I was able to bring back the computer to a usable state, but my search engines redirect any link clicked on and occasionally IE tries to open a hidden ad window as I can hear ads playing sometimes (these also occasionally generate script errors). I've seen lots of solutions on this but the seem to be specific to the infection, so I thought I'd start out from scratch.

Oh, and the other malware I removed set a lot of files to hidden. Is there any program I can run to unhide all my files again? I have Windows Explorer set to view hidden files as my preference, so I can see them, but it causes issues with some of my programs and I just want to batch unhide anything that's not read only.

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:28:02 PM, on 4/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\App... Read more

A:Search engines hijacked

Bump. If there's any other information I can provide, please let me know. I'm hoping not to do a fresh reinstall of Windows.
 

Read other 1 answers
RELEVANCY SCORE 72

This is in the hyjackthis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:26:01 PM, on 1/23/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\NOTEPAD.EXEF:\hijackthis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL... Read more

A:Search Engines have been hijacked

Hi,

If you still need help with this post a fresh hjt log, please.

Read other 2 answers
RELEVANCY SCORE 71.2

hi, having faithfully followed all the instructions on the site for a good few days now i still have a search engine issue despite the various virus scans (adaware, spybot, avg, etc.) all coming up clean.whenever i try to use a search engine (google and yahoo) with my copy of IE i get the results, but when i click a new window opens with a site that is not the result i was after. when this started i loaded the latest version of IE (i was running version 6) but this made no difference. i do however have an old yahoo bt/browser from 2006 that is unaffected so i'm guessing the problem is just with internet explorer.below is the hijackthis log, and if anyone can offer any advice it would be really greatly appreciated because at the moment i'm thinking that i may have to take my pc to a repair place and i really hate to be defeated like that.thanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:49:47, on 06/09/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\sy... Read more

A:Search Engines Hijacked And Driving Me Mad - Help!

aha, should've looked deeper before i posted.

found a thread with the same issues, loaded/ran combofix and 'fingers crossed' all is good again.

Read other 3 answers
RELEVANCY SCORE 71.2

Hi there,

Today my internet browsers (I use IE and Firefox) were hijacked by overclick.cn. I couldn't open any links from search engines (e.g. google) but it would redirect me to random unsafe sites.

I also had sdr64.exe and was being driven mad by Winpatrol continually asking me if I would allow it to install on restart. I just couldn't find the blasted file to stop the message. This little b....er was also deactivating my firewall!

Anyway, I ran scans with Malwarebytes, Spyware Doctor, Superantispyware, Lavasoft and AVG 8.5. Several hours and reboots later I seemed to have gotten rid of sdr64.exe, well at least the scans were not finding it anymore and Winpatrol stopped with the messages.

No amount of scans though would fix the overclick.cn problem. So I used Combofix. I followed bleepingcomputer instructions to the letter and can post the log file if wanted (it says not to in the forum guidelines unless asked). Combofix did it's thing and now my search engines appears to be working. Don't understand Combofix but it appeared to find some things in my system32 folder with odd names like vsfoceuwojdben.dll.

Did another spyware doctor intelliscan and it picked up a few problems related to Combofix (I think?). They were fixed ok with no reboot required and now spyware doctor and malwarebytes coming up clean whereas before they were find loads of stuff and didn't seem able to remove.

However, despite it appearing OK now, it says on guide to get the opinion of... Read more

A:Overclick.cn hijacked search engines

Hello supernaturalfanWelcome to Welcome to BleepingComputer =====================Your logs look clean to me are you having any issues?

Read other 1 answers
RELEVANCY SCORE 71.2

Hello-

I noticed just yesterday that all of the searches I run in Firefox 3 (3.0.4) or IE7 (7.0.5730.11) using Google, Yahoo, or others provide results that look valid and have topics listed related to my search. However, all the actual links go to "antivirus 2009" and other junk sites trying to sell things unrelated to search terms.

I have verified the searches work normally on numerous other PC's.

Overnight, my system rebooted by itself and displayed a message "Your computer was automatically rebooted after performing a Windows Update", which appears to also be a malware symptom.


I have had TrendMicro PC-cillin Internet Security 14 installed and always up to date. It finds no viruses or spyware upon full scans of my system.

Also, upon attempting to go to windowsupdate.com, I receive a message that says I must use a version of IE5 or later, which is nonsense since I am using IE7. I am unable to use Windows Update by any method.

Your help is appreciated. All logs are attached per your new instructions. The DDS.txt file is pasted below, as instructed:

----------------- DDS.txt follows -------------------------


DDS (Version 1.0.1) - NTFSx86
Run by Kevin at 11:09:16.53 on Sun 12/14/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1291 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch ... Read more

A:[SOLVED] Search engines hijacked on my PC.

I found a solution from another person experiencing the same problem. He recommended Malwarebyte's Anti-Malware software (v 1.31), which found the exact same malware (a Trojan.Agent disguised as a C:\WINDOWS\system32\sysaudio.sys file). It also found a Rogue.Installer in C:\Program Files\setup.exe and a Rootkit.Agent in C:\WINDOWS\Downloaded Program Files\UniPrintWebVC.inf

The problems stopped immediately after removing these malware files with the software, and rebooting.
I hope this helps some other users!

Read other 2 answers
RELEVANCY SCORE 71.2

For a couple weeks, my Google results have been directing me to the wrong pages. I stupidly ignored it, until whatever the problem is ended up downloading a "Security Tool" virus on my computer. I was able to remove the virus, and my computer seems clean but search engines are still being hijacked. Malwarebytes and Ad-Aware aren't finding anything, and I can't download Spybot S&D or anything else - the hijacker seems to be blocking those. Here's my Hijack This log, any help will be much appreciated!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:03:47 AM, on 4/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Captaris\Alchemy\CaptarisLicenseService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Captaris\Alchemy\LicenseServer.exe
C:\WIND... Read more

A:Having a problem with search engines being hijacked - here's my log

Hi,

Please do the following:
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.


[*]Disable any script blocking protection

[*] Double click dds.pif to run the tool.

[*]When done, two DDS.txt's will open.

[*]Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
NEXT

Download GMER Rootkit Scanner from here or here.


[*] Extract the contents of the zipped file to desktop.

[*] Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .

[*] If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
[*] In the right panel, you will see several boxes that have been checked. Uncheck the following ...
[*] Sections

[*] IAT/EAT

[*] Drives/Partition other than Systemdrive (typically C:\)

[*] Show All (don't miss this one)


[*] Then click the Scan button & wait for it to finish.

[*] Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
[*]Save it where you can easily find it, such as your desktop, and post it in your next reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

Read other 2 answers
RELEVANCY SCORE 71.2

About a week ago, I found some spyware on my system, that installed a toolbar into my IE, it was making my computer run ultra slow, and with the help of my brother and Safe Mode, we found the toolbar, EZsearch, deleted it and the computer has been running fine since then. However, whenever I try to search for something on Google, I get bogus results re-directing me to other search engines, and this happens when I use yahoo.com as well. I was only able to find this forum by using the search bar at netscape.com. I've been downloading and running SpyBot, Ad-aware, I've updated and ran Norton to no avail. I've been reading the topics in this forum and I've gone ahead and downloaded HijackThis and this is the log that I got. I really hope someone can help. I don't have time at the end of this school year to devote to reformatting my hard drive and I NEED my Google! Thanks for any help!

Logfile of HijackThis v1.99.1
Scan saved at 12:46:33 AM, on 4/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
... Read more

A:Google and other search engines appear to be hijacked.

HJT is running from a temp folder so we can't do anything with it

Download the Hoster from here . UnZip the file and run hoster then press "Restore Original Hosts" and press "OK". Exit Program.

reboot &

go to here and download 'Hijack This!' double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

Read other 2 answers
RELEVANCY SCORE 71.2

Windows XP Professional service pack 3

Whenever I search on bing, msn, yahoo, google once I get my search results and click on one of them it redirects the page to a totally different website. I have scanned with trend micro, spybot search and destroy, adaware and none of them have found anything on the computer. I do not know what to do and am very frustrated because it is not finding any malware and I know it's there. Here is myu hijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:18:09 AM, on 8/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe... Read more

A:Browser/Search Engines hijacked

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 71.2

Please help - I have been hijacked - This log is my bosses computer please help !
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:54:25 PM, on 3/14/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W5233
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W5233
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W5233
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\... Read more

A:Hijacked - Search Engines - I have hijackthis log

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

Read other 2 answers
RELEVANCY SCORE 71.2

Hi -I'm having a problem with searches in Firefox. The results come up fine, but when you click on the links, I'm redirected to other sites (some search sites, some not--none good). I've scanned using AVG, malwarebytes, spybot, ad-aware, ewido, and so on. Some of them come up with things to remove, but mostly it's just tracking/ad cookies.I was not able to run rootrepeal as it kept giving me errors and said to contact author. I'm running Windows 7. Thank you in advance for trying to help. Here is my DDS log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 22:31:07.62 on Wed 12/23/2009Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3061.1432 [GMT -5:00]SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows... Read more

A:Firefox Search Engines Hijacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 3 answers
RELEVANCY SCORE 71.2

Problem computer is running xp professional with SP3. In both Firefox and Internet Explorer, Google searches result in various marketing url's to appear beneath the blurb.See attached screenshot jpg. I have posted the dds.txt below and attached the zip file containing attach.txt and ark.txt. As you will see, I have Panda Internet security installed, but this was done after the problem showed up.
Online scan showed troj_malagent.fp
rootkit.win32.agent.fub
backdoor.win32.small.dlv

Allowing the scans to fix/quarantine/delete has not repaired the search engine problem. I'd sure appreciate help with this!


DDS (Version 1.1.0) - NTFSx86
Run by Owner at 9:01:52.07 on Sun 12/28/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.322 [GMT -5:00]

AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated)
FW: Panda Personal Firewall 2009 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spools... Read more

A:Hijacked browser search engines

Hello and welcome to TSF.

Sorry for the delayed response. If you haven't received help elsewhere and still need assistance, please post a fresh DDS.txt, and we'll take it from there.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 19 answers
RELEVANCY SCORE 71.2

Every search engine I visit has been hijacked. The search engine home page looks normal, but when I conduct a search no search results are displayed, and a new window opens up of a random website. It appears to have only impacted search engine as other sites appear to work normally. My home page has not been impacted. I have ran Norton, Window Defender, Spybot, and AOL tools without any success. I would appreciate any help that I can get to resolve this problem. I ran HijanckThis and this and the log is listed below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:52 PM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst... Read more

A:Solved: All Search Engines Hijacked

You can mark this reply inactive as I'm being assisted by TeMerc Internet Countermeasures at www.termec.com.

BThornbury
 

Read other 1 answers
RELEVANCY SCORE 71.2

Hello, when I search on google or yahoo and my search results come up I get redirected to spam pages when I click the link and not the page it's suppose to open. I also get random pop ups and computer is older but has been more sluggish then normal since this problem begin. I have ran malware bytes, adaware, spybot s&d, spyware doctor amongst others with no success. I'm running Windows XP. Any help would be appreciate! Thank you. My Hijackthis log is below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:19:18 PM, on 10/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
E:\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTune... Read more

Read other answers
RELEVANCY SCORE 70.4

I'm assuming these two problems are linked together, because they both happened within about 30 seconds of each other. I ran Malwarebytes and it said it found and fixed stuff, but it only lasted about two minutes before my browser went back to being all messed up. It happened about two weeks ago after my not-computer-savy brother opened some .exe file.

I'm running Vista on a Fujitsu Lifebook A series. I'm using FireFox, but the have tried IE. Sound and search engine is screwed up in both of them.

Let me know if there's anything else you need.

I've try doing everything I can find online to fix these two problems and t hasn't gotten me anywhere. Any help you could give me would be great!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Elizabeth at 13:30:47.86 on Fri 12/25/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3025.951 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Wi... Read more

A:Search Engines hijacked and no sound from browsers

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > and tick 'Display Run' box > OK > OK.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.Open Spybot Search & Destroy.
In the Mode menu click ... Read more

Read other 19 answers
RELEVANCY SCORE 70.4

The results page from the Google and Yahoo search engines on the FireFox and Internet Explorer toolbar is being hijacked so that each link from the page goes to another ad or search page. Searches from the Google or Yahoo web pages are not affected nor is Opera - it's toolbar search works fine. I have run (in the following order): Avira AntiVir Personal Malwarebytes' Anti-Malware SuperAntispyware AdAware Spybot Search & DestroyGMER shutsdown the computer.DDS (Ver_09-12-01.01) - NTFSx86 Run by Peter at 11:08:13.93 on Tue 02/09/2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1709 [GMT -5:00]AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\s... Read more

A:Results page from the search engines hijacked

Closed

Read other 2 answers
RELEVANCY SCORE 70.4

- Ran Malwarebytes- ran ad-aware- ran SDFix-ran TDSSKiller-Chrome doesn't appear problematic yet, but IE has issues with google search results being hijacked to random other sites.-ran defogger- ran RKUnhooker- Computer reboot by self several times when trying to run GMER, else it ended up getting hung up and freezing computer- Has this computer been backdoor compromised? - Thanks!DDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Administrator at 4:02:43.53 on Wed 09/08/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.764 [GMT -3:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeD:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program... Read more

A:Search Engines Hijacked. Assuming Rootkit?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 24 answers
RELEVANCY SCORE 70.4

everytime i try to run a search it wont pen the link i want and it opens another websiteLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:31:11 AM, on 1/10/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Error Nuker\bin\ErrorNuker.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\Motive\McciCMService.ex... Read more

A:Yahoo and Google search engines Hijacked

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

Hi. First and foreost,thanks so much to anybody who tries to assist me. I was going to be short and to the point to try and avoid any profound boredom, but since the posting instructions request as much information as possible, that's what I'll try to provide.
A couple weeks back my computer got REAL slow (about a half hour to boot up, the DDS scan took like 20 minutes). It started whenever doing a scan with my antivirus (Avira). I was able to get the speed back by going back to earlier restore points, but when I tried to remove what Avira found, the computer crashed and wouldn't start up again, even in safe mode.

I did a system recovery, and from the get-go, the slow motion was STILL in effect. I switched to Adaware, it found some things, did another scan, said the computer was clean. Yet the superslowmotion remained. I tried another system recovery and that did the trick, things appeared solved.

This last Saturday however, the problem returned, bringing the new feature of search engine hijacking along with it (ads when you click-- also occurs when trying to click on an item from your web history or favorites). Adaware detected these three items:

1) Trojan.Win32.Wimpixo.e (v)
2) Trojan.Win32.Generic!BT
3) Trojan-Droppe\Wimpixo.e(v)

This time it restarted the machine to delete files during bootup, but that didn't work either. I've run many other scans, then did another full Adaware scan which found nothing ... Read more

A:Computer in superslowmotion, search engines hijacked

Hello virusmarathoner, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to ch... Read more

Read other 18 answers
RELEVANCY SCORE 70.4

Hello,

My IE browser and Firefox both redirect me to unwanted sights when I click links from search engines.
Links in other websites are fine or when I enter the address directly in the address bar.
I have done Spyware/Virus scans using three different programs and none have fixed my problem.
I have downloaded HijackThis and have created a log files which I will attach.

Thank you in advance for any assistance.
Todd

A:Browser is hijacked from search engines - Google

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 2 answers