Over 1 million tech questions and answers.

Search engine results redirect virus

Q: Search engine results redirect virus

Got a host of nasty viruses on my computer yesterday by clicking on an attachment in an e-mail that purportedly came from Twitter. Bottom line is I was able to get rid of all of the viruses, including the "System Security" virus, except a virus that redirects to random websites when I click on links in Google search results. The redirects occur in IE, FireFox and Opera. The redirects only seem to occur when I click on sites that are related to virus and malware removal. I have run Malwarebyte's Anti-malware, Avast virus removal, Ad-aware and AVG and none of them remove this virus. I have also run CCleaner and cleaned out the temp files, including the ones newer than 48 hours old. None of that helped. Below is the log file from my latest run of Hijack This:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:13:19 PM, on 6/19/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Sharp\Sharpdesk\SharpTray.exeC:\Program Files\SHARP\PCFAX2.0\PcfaxRcv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Sharp\Sharpdesk\IndexTray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\WLTRAY.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\WINDOWS\stsystra.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\PROGRA~1\Sharp\SHARPD~1\Indexer.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\HP\HP UT\bin\hppusg.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\NetWaiting\netWaiting.exeC:\Program Files\Microsoft Location Finder\LocationFinder.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exeC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Program Files\Sharp\Sharpdesk\sdFTP.exeC:\Program Files\Southwest Airlines\Ding\Ding.exeC:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXEC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\Program Files\Microsoft Office\Office10\WINWORD.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exeC:\DOCUME~1\SEANP~1.FOL\LOCALS~1\Temp\Adobelm_Cleanup.0001C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeC:\DOCUME~1\SEANP~1.FOL\LOCALS~1\Temp\Adobelm_Cleanup.0001C:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Sean P. Foley\Desktop\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2060923R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 134.87.141.69:80R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2.0\PcfaxRcv.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstallO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWndO4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe AutorunO4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /backgroundO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimizedO4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startupO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exeO4 - Startup: Microsoft Outlook.lnk = ?O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159445418031O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} (Active DJ Studio ActiveX Control) - http://www.christianrock2.net/amp3dj.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.255.127.85/AxisCamControl.ocxO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cabO16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.com//chatobject/launcher.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://12.52.69.124/activex/AMC.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...162/mcfscan.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Update Service (gupdate1c98e035d138058) (gupdate1c98e035d138058) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 15907 bytesAny suggestions on removal would be greatly appreciated.Thanks!

RELEVANCY SCORE 200
Preferred Solution: Search engine results redirect virus

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Search engine results redirect virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 2 answers
RELEVANCY SCORE 88.4

I downloaded some printable coupons the other day and thats when my problems started. Everytime I type in google search and click on the web results, it redirects to a different website, websites containing mostly ads. I am using Windows 7 and it happens in both chrome and firefox.

Read other answers
RELEVANCY SCORE 88.4

I am not experiencing any other symptoms, (I don't believe). Is this a virus/malware etc?

What can I do?

Help!

A:Search Engine results redirect me

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to comp... Read more

Read other 1 answers
RELEVANCY SCORE 88.4

I've been trying to fix my computer. Whenever I use a search engine, redirects occur when I click on the search engine result (Google, Yahoo, and Bing is what I've noticed so far).

I'm guessing it's a rootkit issue. I've scanned with Malwarebytes and MS Security Essentials and have attempted to clean my computer. Nothing is working yet and I'd like to remove or fix this issue.

Here is my DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by johnp at 23:34:05.44 on Thu 03/31/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_19
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\TeamViewer\V... Read more

A:Search engine results - redirect

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachme... Read more

Read other 13 answers
RELEVANCY SCORE 88.4

I'm having the same exact problem. It just started last night. I ran RootRepeal, can I post it here or do I need to start my own thread?

Thanks for any help you can provide.

A:Search engine results redirect

Hello Benjamin, I split you to your own topic. Please post the log.

Read other 6 answers
RELEVANCY SCORE 88.4

Hey Guys.Got this nasty bug that keeps redirecting me when I click on the results of any search engine I use. It can be google or bing. It lets me search for anything I want and the results are perfectly valid but when ever I click on any result it sends me somewhere else. The only way I can bypass this is by opening the result in a new tab but sometimes it hangs when trying that.Before I came here, I have tried Malware, ComboFix, Kapersky, Trend Micro House Call. They all find some stuff and disinfect things but the problem still persists. Here are the logs from all the scans i have run.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:56:06 PM, on 8/19/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeN:\Program Files\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Progra... Read more

A:Search Engine Results Redirect

Hey guys just another update. Somehow, it corrupted both my IE and Firefox exe's. I have just decided to reformat. I am only reformatting my OS partition. I will post logs if the problem migrated to another partition.

Read other 2 answers
RELEVANCY SCORE 88.4

In both IE7 and firefox when clicking on a link from a search I get redirected to another website. REDIRECT or JUMP shows up in "history" and the tabs. common website names have GATHI. something or other That is about the extent of what I know... ***EDIT*** Cant runt GMER, PC reboots when attempting.DDS (Ver_10-03-17.01) - NTFSx86 Run by Marcus at 23:04:07.90 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.834 [GMT -8:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\rundll32... Read more

A:Uhh... redirect from search engine results

Hi,Please Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here. Post also contents of both dds.txt & attach.txtNote** you may get this warning it is ok, just ignoreRootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?

Read other 23 answers
RELEVANCY SCORE 88.4

Hello,

This computer has had some sort of browser hijack where search engine results get redirect through another site to ads. I don't remember exactly which ones because it has been a few months since we used this computer...it was just too irritating we bought another one.

It doesn't seem to be happening now but it has always come back and there are still traces of "something" when I run some scans...everytime I think the problem is fixed it resurfaced in a few hours or days. MalwareBytes Anti-Malware shows four registry entries that are never removed even when the computer reboots. They are in HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings, bf, bk, iu and mu if that means anything.

Thanks for your help, DDS logs are below!

-Donald
DDS (Ver_09-06-26.01) - NTFSx86
Run by compaq at 20:25:01.80 on Tue 06/30/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.239.108 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Pro... Read more

A:Search Engine Results Redirect to Ads

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 21 answers
RELEVANCY SCORE 88.4

hello, this is my first post here on bleeping computer.com. i have used the forums in this site in the past for answers to my computer problems, and usually reading old forums and copying suggestions has worked for me in the past. however, i am having a problem that i feel i have done everything i can to fix, and it's still happening.i am on a windows xp, and i use IE7. this is not my main computer (it's my parents, i came home to fix it) so i am not sure how long this problem has been occuring. when i use search engines like yahoo or google, i see normal results but when i click on them i get redirected to completely unrelated websites. for example, texasroadhouse.com result turned into adultfriendfinder.com. this happened for almost every search result.then i came to this site and started looking at posts with the same problem. i particularly followed the advice of this recent thread: http://www.bleepingcomputer.com/forums/t/205129/google-redirecting-to-unwanted-sites/ . i ran malwarebytes, sas, atp cleanup, gooredfix, f-secure, everything. pretty much in the same order as that thread. the person who recieved the advice reported the issue was solved. for me, however, even though i had the same symptoms, the problem is still occuring. after following the advice, i am still being redirected. before i got redirected every single search result, but now it is only about 1 out of 5 (so it did some good). i'm not sure what else to do at this point. right now i am running malwareby... Read more

A:search engine results redirect to ads

Hi, swearbyit.

That's my thread you linked to. Did you run the programs in safe mode when rigel instructed? Apparently it is also important to disable your virus scan programs when running some of the AMW programs. I can look back at my notes to see exactly what I did and when the problems started to go away if it turns out you do have the same infection that I had and you think that would be helpful.

rd11

Read other 4 answers
RELEVANCY SCORE 88.4

EDIT: Moved from AII topic http://www.bleepingcomputer.com/forums/top...ml#entry1678921Well I was able to finally resolve the issue, my NVSTOR32.sys had gotten infected. HitMan Pro 3.5 dug it out as the culprit. I am going to post my DDS log anyways, so that if this is obvious there and someone can point it out to me, I would appreciate it.My ultimate concern here is that none of the usual tools found this thing. AVG was crippled was the first and only obvious symptom, then the search engines started acting up, I ran all the standard removal tools, MBAM, SS&D, SuperAntiSpyware, Spyware Doctor, TrendMicros Online Scan, HJT, ComboFix, FixIEDef, Reset my hosts file, cleared the caches ATF, GMER, RootRepeal (still crashes, don't know why); but none of these tools detected anything what so ever. Now AVG did clean a trojan about the same time that this started happening, but still even a trace should be picked up. I do have an nVidia video card, so NVSTOR32.sys may be a legitimate file for that or just a cleverly disguised bug. I know the exe that brought it in and I have the NVSTOR32.SYS quarantined, so if there is someplace I should upload those files for people to review, just let me know. But my concern is all the other people who are experiencing the same symptoms and all the scanners coming up with nothing.DDS (Ver_10-03-17.01) - NTFSx86 Run by PowerUser at 16:26:35.96 on Wed 03/17/2010Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista... Read more

A:Search Engine Results Redirect

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 87.2

Hey guys,Im new to this site, and I have no idea what is going on with my computer.When I go on google or yahoo or any search engine and click a link it redirects meto juggle.com, I have viewed a couple threads about this but Im still unsurehow to fix my computer. I have downloaded HijackThis, but I dont know where togo from there.Do you think you can help me out, pleaseThanksChelseaSo guys.I ran the Hijackthis, and this is what I gotLogfile of Trend Micro HijackThis v2.0.4Scan saved at 1:55:34 PM, on 08/11/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16671)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Users\Chelsea\Downloads\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnbR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnbR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1... Read more

A:Search engine results redirect to juggle.com

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 16 answers
RELEVANCY SCORE 87.2

When clicking on links generated by a search engine, I am redirected to sites other than those linked by the search results. Frequently, the redirect is performed by click.easilyfound.com. See log below. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 7:10:59 PM, on 1/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP... Read more

A:redirect when clicking on search engine results

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

This is but Round 1 in what could be several posts to help you clean your machine. Please follow it up to the end.

---------------------------------------------------------------------------------------------

Before you do anything else, create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then In... Read more

Read other 8 answers
RELEVANCY SCORE 87.2

Google search will return legit results and link to shown at the bottom of each result appears legit. When clicked however I am redirected to some BS ad site. I have tried to run my scanners ad-aware and malwarebytes oddly: Ad-aware returns nothing and malwarebytes wont wont start (tried uninstall and re-install to no avail) thought i would download spybot search & destroy but it won't allow me to complet the install because I can't download additional software (waited forever and got nowhere) I have symantec corporate antivirus loaded and its not finding anything (tried a deep scan) two hours later still nada. I disabled system restore and rescaned (no dice). as pursuant to your requested first steps i have included log files from HJT, DDS, and GMER. Please also note that whatever it is is not permitting me to update my anti-spyware. I will greatly appreciate any assistance.

A:Search engine results redirect to adsites

its also 3am and my brain no longer functions here are the logs for dds

Read other 2 answers
RELEVANCY SCORE 87.2

Hi, I turned my laptop on today and when I used google the font of the results are larger and when I click any of the results it opens a new window and it automaticaly redirects me to an ad site. I was able to run the DDS but the GMER Rootkit Scanner downloads however does not run, I dont know if this is related to my malware issue, please help...

My DDS.txt read as follows:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 21:43:34.67 on Thu 03/26/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.148 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AIM95\aim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wltrysvc.e... Read more

A:Search Engine Results Redirect Malware PLEASE HELP!

Hello Jasper33x. You still didn't tell me why you have no AV installed and running.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of Combo... Read more

Read other 10 answers
RELEVANCY SCORE 87.2

I need help trying to eliminate some malware which is redirecting me when I click on any of the search results. It will redirect me through a www.find-festive.com site then to somewhere random. I have tried spybot search and destroy, ad-aware and they are having no success.

I have downloaded Hijackthis and below are the results. I would be much appreciated if someone could help me out with what needs to be removed or fixed.

Thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:03 AM, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\... Read more

A:Search engine results redirect malware

Hello and welcome to TSF

Please follow the instruction outlined in our sticky entitled http://www.techsupportforum.com/secu...oval-help.html

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

If there is no response to this post within 72hrs, this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 87.2

I keep getting redirected when I search for things on the internet. Please help me as this is inconvenient and sometimes redirects to pages unsuitable for children.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:56:02 PM, on 6/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\VS... Read more

A:Search Engine results redirect web page

Alot of people seem to be having this problem with ToseekA and I'm sure this is malware. I can provide the combofix log also but I probably just need to do standard operations to get rid of malware.===========Hello Please don't do anything with Combo-fix unless a team member asks you to.While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us wa... Read more

Read other 4 answers
RELEVANCY SCORE 87.2

Hi, I turned my laptop on today and when I used google the font of the results are larger and when I click any of the results it opens a new window and it automaticaly redirects me to an ad site. I ran fixwareout and got this report:

Username "Owner" - 03/20/2009 21:33:11 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
&quo... Read more

A:Search Engine Results Redirect Malware PLEASE HELP!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 87.2

Recently i've noticed that about half the time I search for something on Google (or yahoo! for that matter) the result i click on does not take me to that site- but redirects me to another search engine or advertisement such as:
-ozonez.com
- searchfindsire.com
- shopica.com
- asterlinks.com
I've performed some of my basic malware searches and remove the infections only to find that it still occurs. I ran dds and gmer...

DDS (Ver_09-09-29.01) - NTFSx86
Run by Bryan at 17:02:30.43 on Thu 10/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.jmu.edu/jmuweb/students/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {a57ff8cf-c9db-407f-80c4-6f1ab3bca484} - c:\windows\system32\byXNgfFv.dll
BHO: Google Toolbar Helper: {aa58ed... Read more

A:Search Engine Results redirect to Advertisements

I know this is most likely an unrelated issue but I just received a blue screen error which I know is not a very good sign for my computer. But if anyone can help out with these problems i would be quite grateful

Read other 1 answers
RELEVANCY SCORE 87.2

When I use yahoo or google search and click on a subject on the results page I am redirected to another search engine or information collection page. Here is my DDS log:DDS (Ver_09-06-26.01) - NTFSx86 Run by Dennis at 17:25:49.89 on Thu 07/16/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.679 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\WINDOWS\system32\ct... Read more

A:Redirect from search engine results page

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 87.2

Hi there

My first time in this forum and hope one of the experts can assist. I can usually deal with these types of things but this one has me stumped and much Googling (on a clean computer ) has led to a myriad of ideas to clean but without much success.

BEHAVIOR: When search results in Google are clicked from either IE8 or Firefox 3.6.13 the browser is hijacked and redirected to unwanted sites on every occasion. The actual search result site is never displayed after the link is clicked.

ATTEMPTED REMEDIES: Thus far I have run Avast, Spybot & MAM but with no success in removing this little sucker.

Thanks in advance for you help!

DDS RESULTS:
DDS (Ver_10-12-12.02) - NTFSx86
Run by BJ at 15:06:28.84 on Thu 20/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3071.2497 [GMT 11:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: NVIDIA Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Documents and Settings\All Users\Application Data\EP... Read more

A:Search Engine Results Browser Redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 10 answers
RELEVANCY SCORE 87.2

I attempted to help a friend of a friend tonight with his computer problems. He has a 5 year-old Dell Inspiron Desktop tower running MS Windows Vista 64-bit, 2 GB RAM, IE 9.0. His main complaint is that when he clicks on a search result link from his Yahoo! home page, he gets redirected to a search bar that only pops up advertisements. The new search page looks like Google's, but the left side of the text box has a 4-petal/4-color spinner icon. I've seen this before, but I can't remember what to do about it.

I noticed that when I mouse-over the links in the search results, they show the correct URLs, but if I right- or left-click on any of them, the URLs permanently change to "[ search.yahoo.com/r/_ylt=A0oGd] [etc.]" (until I run a new search). Yahoo! and Altavista behave identically, but Google is unaffected.

I ran Malwarebytes (quick scan only) and Spybot S&D (quick scan only), which found and cleaned several infections. However, the problem persists.

Any ideas?

Thank you.

A:Browser Search Engine Results Redirect

Alta Vista was bought out by Yahoo about a year ago.
We recommend that you read this article…
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the Virus/Trojan/Spyware Help - Tech Support Forum section of the forum.
(Simply, click on the colored links to be re-directed.)

Please ensure that you create a new thread in the Virus/Trojan/Spyware Help - Tech Support ForumForum; not back here in this one.

When carrying out The Malware Removal Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to the Virus/Trojan/Spyware Help - Tech Support Forum Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Read other 1 answers
RELEVANCY SCORE 86.4

Hi, I'm having problems with my laptop (I have to use my desktop on here).

Today, both Firefox and IE have been giving me problems with my search engines. I try clicking a link and it sends me to some dirtball search site that only occasionally has something to do with what I'm looking for. My connection also seems slower than normal.

The scary part is that I can easily access my facebook, school homepage, etc, but when I try to go to anti-virus sites, it says the site seems legit, but won't connect.

Here is my HJT log from the laptop. Thanks for the help in advance.

-Andy

Logfile of HijackThis v1.98.2
Scan saved at 9:11:12 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\s... Read more

A:IE and Firefox redirect search engine results (HJT included)

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add or Remove Programs, and then delete your current version.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 86.4

Good Afternoon,

When I google, and google provides their list of search results the links redirect to bogus/spam like websites unrelated to my search query, what has happened and what can I do?

NOTE: this is not the go.google.com virus, I checked out the symptoms and they don't match. Also, this problem occurs with all other search engines as well, not only google.

A:Search Engine Results Redirect to Spam Like Sites

possibly ur atapi.sys file is infected !

Read other 3 answers
RELEVANCY SCORE 86.4

I've got some kind of bug that is causing all the major search engines to redirect any result I click on. No matter what the search engine, no matter Firefox or IE. I have ran the basic scans and all come up empty. These include AVG A\V, ComboFix, AVG Anti-Root Kit, Malwarebytes, Spybot S&D, etc. All come up negative, but I still have the re-direct. Any suggestions? I've even created new profiles in FF and it still has the issue. Created a new user account on the computer and it has the issue.

HELP!

Windows Vista Home Premium, 3Gb RAM, 200Gb HD, Firefox 3.0.11, IE7,

Update:
Cleaning the hosts file has no effect.
I have a screen shot of the temp redirect page, but cannot find a reference on another site. (yet)
Double clicking on a search result link takes me to that search result.

UPDATE II:
Renaming the firefox.exe to something else fixed it for FF, but IE still has the issue.

A:Search Engine Results Redirect FF and IE, no malware detected

Tried additional methods with FixIEDefs and still no result.

Read other 3 answers
RELEVANCY SCORE 86.4

Web browsers (both Firefox and IE) are redirecting to ad sites when I click on a search engine result (sems to do it with Google, Bing, and Yahoo at least). It doesn't happen every time, and if I hit the back button to go back to the search results and then click on the same result, it usually then goes to the correct page. When I click on a link, the browser indicates it is getting information from googleads.doubleclick.net or something similar. Blocking cookies from these sites did not solve the problem. Malwarebytes scan and Kaspersky TDSSKiller did not solve the problem.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Run by Ken at 15:03:59 on 2011-09-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1826 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Jav... Read more

A:Periodic browser redirect from search engine results

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418739 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 14 answers
RELEVANCY SCORE 86.4

Hello,AllWhen I search in IE8, or Firefox, using any search engine(bing, google, yahoo, ask), the links take me to random sites. I have Norton 360, the computer is running Windows XP -all up to date on patches.I have used Malwarebytes Anti-Malware.Nothing is found. What do I do now?Okay, Now the machine is running painfully slow and rebooting automatically. I am writing this post from another computer..I ran GMer and it said it didn't find anything.Attached DDS.txt, attach.txt and ark.txt as one zip file.Merged 3 posts. ~ OB

A:Search engine results redirect to random sites

I followed the instructions on this topic, and the search results are fine, and the computer seems to be okay too. Do I need to do more?http://www.bleepingcomputer.com/forums/t/279883/google-search-engine-hijacker-atapisys-rootkit/

Read other 10 answers
RELEVANCY SCORE 85.2

On every few google searches on firefox (I run Vista) "click find search" highjacks the search. I downloaded and ran malwarebytes program already. There was another search engine highjacker that no longer runs now, but "click find search" has taken its place.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_33
Run by BA at 13:58:23 on 2012-07-13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3998.1229 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Expl... Read more

A:click find search engine results malware redirect

Hy there and sorry for the delay.If you still need help, please re-run DDS and post both logs

Read other 16 answers
RELEVANCY SCORE 84.4

On @11/1 i would get redirected to sites that have nothing to do with the search engine result i clicked on. I would need to rerun the search and click on it again to get to it. BACK does not work on the site i'm redirected to, it just sends me to the main page that i'm redirected to.Happens with bot IE and Firefox.I have dwm.exe running from my temp directory and i can't delete it, even in safe mode. Also looks like shell.exe and svchost.exe are running from a wrong directory. Note: I downloaded GMER but the buttons that the instructions say to check are grayed out & uncheckable. Services, Registry & Files & c:/ & ADS are the only ones i'm allowed to check. I did not run it.Here are my logs as per http://www.bleepingcomputer.com/forums/topic34773.html .DDS.txt:DDS (Ver_10-11-03.01) - NTFS_AMD64 Run by John at 4:49:51.15 on Thu 11/04/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1630 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows&#... Read more

A:Browser redirect in Search Engine results (Yahoo, Bing, Google)

Moderator - please close this thread.
I followed boopme's 1st post in the below thread and i'm good now.
http://www.bleepingcomputer.com/forums/topic358309.html

THANK YOU!

Read other 2 answers
RELEVANCY SCORE 83.6

Okay everyone, here's what I'm dealing with...

This started two days ago, and I'm not sure why. It's similar to the winshield2009.com browser hijack except it only kicks on when I get search results via Google, Bing, etc and click on a result.

If I type a domain name in, it doesn't affect anything. Here's an example of what is happening:

I use google to search "z43523673.cn"

Google returns results (this forum being one of the first) so I click on it. I get redirected to a page URL starting with z43523673.cn, and sometimes it stops there as an undeliverable page. Other times it may cycle through several URLs before landing on a final page. I just did this again and here's where I ended up:

hxxp://www.apartmentfinder.com/landing.aspx?ecid=PS|MIV|21189S69683090]

It's apparently hijacking the browser to generate clicks to its affiliates. Real scumbags must be running this thing.

Things I've tried:

MalwareBytes - Runs it course, finds issues, cleans them, but the problem remains.
HijackThis - same as MalwareBytes

I realize this is a pretty new thing, and help may not come for a while, but I would like to avoid a complete reformat. Any help would be greatly appreciated.

A:Search engine results redirect to z43523673.cn + lots of scrambled numbers and letters

Update mbam and run a FULL scanPlease post the results----------------------------------We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr

Read other 2 answers
RELEVANCY SCORE 82.8

Redirects the page. This happens in both ie 8 and firefox latest version. Virus scans and housecall show no bugs. spybot and symantec endpoint protection show no issues, but everytime I click on the results of a search, aka goole, msn etc, I get a redirection via searclivestyle.info then it lands on a redirected page. If I type in the url, then no problem. below is the hijack file. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:21:56 AM, on 10/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program F... Read more

A:strange browser redirect both ie and firefox, when clicking on the results of any search engine, searclivestyle.info

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

Hi there,

I've been getting URL redirects on Firefox, IE and Chrome browsers (dont have any other browsers on this computer) whenever I use a search engine. Firefox seems to load pages very slowly, been using Chrome instead since its not affected.

Also, I'm unable to scan, update malware definitions or open up antivirus/antimalware programs, newly downloaded or not.

Can anyone help me?

Here's the DDS log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Brandon at 1:03:40.82 on Thu 07/16/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.646 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin... Read more

A:Anti-malware blocked/Browser running slow/Search engine results redirect

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Read other 9 answers
RELEVANCY SCORE 82

The virus redirects my google search results. My antivirus does not seem to find anything when I run it, but I know something is there. It also redirects other search engine results.

A:Help! I have a virus that redirects my search engine results

Welcome whitsouther We need some more info and some scan logs. What browser do you use? Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes: Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size. Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.   Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.   Please download AdwCleaner by Xplode onto your desktop.•Close all open programs and internet browsers.•Double click on adwcleaner.exe to run the tool.•Click on Delete.•Confirm each time with Ok.•You will be prompted to restart your computer. A text file will open after the restart.•Please post the contents of that logfile with your next reply.•You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>Now I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET Onl... Read more

Read other 1 answers
RELEVANCY SCORE 82

hi there. i posted about this same problem about a week ago but didn't get any response and i'm very much in need of help on this one. i have had the search engine redirect virus for some amount of time now with little success of getting rid of it. the virus first showed up on my main pc and after running a variety of programs including mcaffee scan, sas, combofix, atf cleaner, avast, gooredfix, f-secure scan, malwarebytes too, i finally rid my computer of the virus. apparently 2 trojans were found in the windows system files.

these are my parents computers, so i went back to school after i got rid of the virus. now a week later i've come home and the laptop which shares the home network with the main pc has got the same virus. i heard that this particular virus can spread through a network, so i was not surprised. i ran all the same programs on the laptop, followed similar steps i took to rid the virus on the main computer, but with no success. absolutely no files are showing up as infected on the laptop. i feel like i have exhausted all of my options here, and i am afraid it is going to spread back to the main pc to just double my problems.

both computers are windows xp, and i only use IE. not sure what other specifics would be helpful to know about this, but i do hope i get a reply on this one since my last post wasn't responded to. any help would be great. thanks so much in advance.

A:search engine results redirected virus

I please post the infected log so we can see exactly what and where it is,thanks.

Read other 10 answers
RELEVANCY SCORE 82

Thanks in advance for the help! This computer, running Windows XP, seems to have a virus or malware that causes it to redirect to different sites whenever any google, msn, or yahoo search results are clicked. It doesn't happen with some other search engines.

The message given during the redirect is:

"The document has been moved here (link). Wait..."

The back button no longer works once the redirect begins.

I have run fully updated Norton Anti-Virus and Lavasoft's AdAware. Both failed to fix the problem.

Edit: Additionally, Gmail won't load at all. A "Failed to Connect" message is shown.

The problem happens with both IE and Firefox. Both are fully up to date. Java is up to date. DDS log follows.




DDS (Ver_09-03-16.01) - NTFSx86
Run by Ralph at 23:59:30.64 on Fri 05/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.468 [GMT -5:00]

AV: Virus Sweeper *On-access scanning enabled* (Updated)
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Virus Sweeper *enabled*
FW: Norton 360 *enabled*

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\... Read more

A:Search Engine Results Redirection Virus

Hello -

It seems you may have attempted to run ComboFix recently. Is this correct? If so, is there a log at C:\ComboFix.txt?

Read other 19 answers
RELEVANCY SCORE 81.2

Last week my computer began popping up with a "Security Tool" warning, and my search engine links were being redirected. I downloaded AVG Anti-Virus Free Edition 2011 and got rid of the Trojan virus that was evidently responsible for it, but my search engine results continue to be redirected to merchant sites. Following are the requested logs:
DDS (Ver_10-11-10.01) - NTFSx86
Run by maklelan at 10:35:56.15 on Wed 11/17/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3000.1133 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:&#... Read more

A:Virus on my Computer Redirecting Search Engine Results

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 80

Hello, this is my first time posting. I've picked up a rather nasty virus on my computer that redirects google search results to random pages. I can usually click on one or two results and get the expected page, but after that it redirects. In addition:

- I can install Malwarebits, but the program will not run once installed. No error message, simply does not open.
- I can install Hijackthis only in safe mode, but it will not run in either safe mode or normal. No error message, simply does not open.
- I could not install a free trial of AVG (I'm sorry, I didn't write down the error message).
- I was able to install Avira.

Thank you in advance for your help!
DDS.txt log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Julia at 20:52:29.99 on Thu 07/16/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3034.1854 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k Local... Read more

A:virus hijacking google search engine results - "wareout"?

Hello elisethestranger,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. **************** If MBAM (Malwarebytes) will not install, please rename the installer mbam-setup.exe. Example: newtoolA.exeProceed installing the renamed installer of MBAM. If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtoolA.exe, double click newtoolA.exe to proceed in running a Full scan.Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply. Occasionally malware hides itself from HijackThis. Navigate to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe using My Computer or Windows Explorer and right-click o... Read more

Read other 2 answers
RELEVANCY SCORE 78.8

Hey all,I have a nasty redirect virus/malware on my computer that I have been trying to delete for 2 days now. The symptoms are as follows:-Google and Yahoo are in German (and therefore all websites I visit through those search engines are in German). For example, when I type "Yahoo" in my Google search bar it directs me to google.de, and then when I click Yahoo the entire website is in German. It does this with other sites such as CNET, etc. as well.-Clicking links often results in multiple redirects-I have Spybot and AVG 9 Free. Spybot has detected around 200 malicious files but when I attempt to remove them, I get an error saying something about the System32 host files.-I have checked for the TDSSServ.sys and didnt see one.I would appreciate ANY and ALL assistance. It is driving me crazy! I want to avoid wiping at all costs if I can, as it is a computer I received through college with a laptop lease program which I have since bought out and it has several programs on it thanks to the University which arent standard.THANK YOU! P.S. I have the DSS files below and attached. When I attempted to obtain the GMER file, my computer froze the first time and on the next two attempts I received the following blue screen with the message:"STOP: c000021a {Fatal System Error}The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000). The system has been shut down.=================================DDS (Ver_10... Read more

A:Possible Redirect Virus (in addition to all search engines/search results being in German)

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.====================================I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either AVG or McAfee.Important note: It is important to run the removal tool after you uninstall the AV that you wish to remove.AVG removal tool --> HEREMcAfee removal tool... Read more

Read other 20 answers
RELEVANCY SCORE 78.4

Few days ago, my computer got this "antispyware" virus (i am presuming) that rendered the internet explorer and any other files and programs useless. Everything I did directed me to pay to buy the antispyware. I am guessing to still my credit card info. Anyway, I did not fall for this. Took it to my school's IT who stopped the virus from attacking just long enough to run my malwarebyte. It caught some infections. I removed it and it worked fine for a day until it came back. Only this time, it seemed "weaker" in that I didn't need to take it to the IT to stop the virus now. When I rebooted, I opened malwarebyte as quickly as I could, ran it, found some more stuff and removed them. The pop up in the taskbar for antispyware and message about password stealing trojan stopped, and everything seemed to be working fine. Except two things started happening soon afterward. 1) google and yahoo searches are now being redirected. Started out infrequent. Now all searches are redirected. and 2) after working on my computer for a long time, in the taskbar, the red shield with X comes up saying my antivirus (Norton) is outdated. I would check and find it says antivirus is outdated. First time it happened, I thought maybe it needs updating. So I updated the antivirus. Message went away. I thought it was fixed. Then the very next day, again, after working on my computer for few hours, same thing. Now I know it is a problem because why would my antivirus become outda... Read more

A:Google search engine results redirected and anti virus made outdated

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 19 answers
RELEVANCY SCORE 77.2

Hello, all. After some lack of success with a few recommended anti-Malware programs, I've returned, armed with a HJ-This log.

It seems search engines are producing links which redirect to various advertisements, the most common of which, ironically, being anti-virus software.

One other possible symptom would be the inability to check email in Firefox, though an older version of IE seems unaffected. I am using a small, locally-based email server, so this could be unrelated to the Malware.
I have Malwarebytes and Ad-Aware installed, and have cleared some potential Malware locations with ATF-Cleaner.
I am running on XP, and keep things fairly updated.

I will be more than happy to provide any additional information. Thank you, sincerely, in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:22 PM, on 1/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C... Read more

A:Search Engine Redirect Virus

I might hazard just one bump. Thanks again, in advance.
 

Read other 1 answers
RELEVANCY SCORE 77.2

Hi, I have recently picked up something that causes the results of my search engine searches to be redirected to other sites. This happens in both Firefox and IE. I've been hesitant to test this out too much, but one site it redirected me to was "Theclickcheck.com", although I've gotten redirected to other weird sites, like real estate search engines, etc. The google results are redirected about 50% of the time; bing.com results are redirected maybe 25% of the time. I've run malwarebytes and AVG. AVG didn't detect anything. Malwarebytes found "heuristics.malware". I quaranteened and restarted my computer, but the problem persists. I've also looked at other forums describing the google redirect and don't have "TDSSserv.sys" under my device manager.

Suggestions for what this is and how to remove it?

A:search engine redirect virus

I am having the same problem. I started a topic last week and no one seems to be able to help.
Now im getting a blocked domain msg when trying to open certain websites.

Read other 2 answers
RELEVANCY SCORE 77.2

When clicking on some results from a Web search engine, I am being redirected to undesired sites. This does not happen all the time, but it has happened in both Firefox and Internet Explorer, with both Google and Yahoo. Two days ago, Malwarebytes Anti-Malware found 5 threats, but the problem is still occurring. Yesterday, a full Malwarebytes scan found no issues, but the problem is still occurring.

Among the sites I'm being redirected to/through are mdlinx, yunofindit, findwhat, ampnetwork, adknowledge, infomash, bidsystem, montessoricenters, newsfudge, argosy.edu, campuscorner, and get-answers-fast.

I did not run a GMER scan because I have a 64-bit operating system. Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Brian at 9:27:53 on 2012-07-12
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.6141.4326 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows ... Read more

A:Search engine redirect virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 20 answers
RELEVANCY SCORE 77.2

I have lost control of my computer. I have tried numerous virus scans but with no success. Everytime I do a search and click on the results it redirects me to a different page. I tried restoring but that option is not available, somehow I lost all restore points. Can someone help!

Below you will find the HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 1222 PM, on 9/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Progr... Read more

A:Search Engine Redirect Virus

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Kaspersky and AVG. While this may seem like better protection, they can actually conflict with on... Read more

Read other 2 answers
RELEVANCY SCORE 77.2

I have a search engine redirect virus. Have had no luck finding the infected file.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Administrator at 10:19:57 on 2012-08-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.1825 [GMT -5:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService... Read more

A:Search Engine Redirect Virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you... Read more

Read other 16 answers
RELEVANCY SCORE 77.2

I recently started getting redircts when using any search engine (Google, Yahoo, etc). When clicking on the desired link, I instead get redirected to sites such as shopica.com, couponmountain.com, toseeka.com, among others. Sometimes I'll also get a popup trying to get me to download some spyware protection program. I've tried running multiple programs to get rid of the infection: Ad-Aware, Super Anti-Spyware, Malwarebytes, and Spybot S&D, nothing has worked. I also tried doing a system restore to a date I thought was before I may have caught the virus, but that didn't work either. Below is my HJT log, please help, thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:20:16 PM, on 7/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:&... Read more

A:Search Engine Redirect Virus

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log

Read other 23 answers
RELEVANCY SCORE 77.2

Hi there

I have come to this site because my Google searches are being re-directed via 209.85.171.9. Internet Explorer (7.0) is running very slow and often crashing. I see that at least one other user (scotthk) has the same problem. I use AVG free. It has only found doubleclick.net spyware, which it removes, but which keeps coming back.

As requested, I checked that my XP Firewall is enabled - it is. Services which internet users can access were unchecked as they should be - except that there were around 300 services which were allowed. These services had names in the format "msmsgs XXXX UDP" or "msmsgs XXXX UDP" where XXXX is a four digit number. I have un-checked all of these but not deleted them. I am not sure if this is relevant to the virus.

I tried running the DDS.scr as requested. The Command window flashed up briefly and then nothing. Similarly, if I click Start-Run and type "cmd" - the taskbar goes blank for a moment, and then returns to normal - but the command window does not open. Again, I am unsure of the relevance of this.

Your help would be greatly appreciated.

Thank-you.

Sin2000

A:Search engine redirect 209.85.171.9 Virus

Hi,Please download DaonolFix from the link below and save it to your DesktopDownload Mirror #1Double-click DaonolFix.exe to run it. Select 1. Find Daonol (no fix) by typing 1 and pressing Enter. You will see a lot of files being listed - don't worry, they are just being scanned.A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called DaonolFix.txt).Download ComboFix by sUBs from here or hereNote: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.**Save it to your desktop**Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT logNotes:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually resto... Read more

Read other 12 answers
RELEVANCY SCORE 77.2

Hi

I think I've encountered a redirect virus. This situation only occurs half of the time though. When i click on certain links using the search engines, it'll redirect me to this "http://63.209.69.107". I have tried multiple solutions overcome this problem, but seems like nothing is working. I've ran Windows Essentials, Malwarebytes, Super Antispyware, TDSS Killer and Norton Power Eraser. I've even done is system restore to a previous restore point and still encounter this problem. I previously had a virus that hid all my files and pop up screen saying that my computer is infected and need to purchased virus protections but i have cleared those situation. I'm not sure if those infections are related to my current issue right now. I am currently using Windows 7 Professional and this problems only occurs when I'm using Firefox. When I use internet explorer I do not encounter this problem. Please help me find a solution to fix this.
Thanks

A:search engine redirect virus

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers