Over 1 million tech questions and answers.

Search engine results redirect virus

Q: Search engine results redirect virus

Got a host of nasty viruses on my computer yesterday by clicking on an attachment in an e-mail that purportedly came from Twitter. Bottom line is I was able to get rid of all of the viruses, including the "System Security" virus, except a virus that redirects to random websites when I click on links in Google search results. The redirects occur in IE, FireFox and Opera. The redirects only seem to occur when I click on sites that are related to virus and malware removal. I have run Malwarebyte's Anti-malware, Avast virus removal, Ad-aware and AVG and none of them remove this virus. I have also run CCleaner and cleaned out the temp files, including the ones newer than 48 hours old. None of that helped. Below is the log file from my latest run of Hijack This:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:13:19 PM, on 6/19/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Sharp\Sharpdesk\SharpTray.exeC:\Program Files\SHARP\PCFAX2.0\PcfaxRcv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Sharp\Sharpdesk\IndexTray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\WLTRAY.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\WINDOWS\stsystra.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\PROGRA~1\Sharp\SHARPD~1\Indexer.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\HP\HP UT\bin\hppusg.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\NetWaiting\netWaiting.exeC:\Program Files\Microsoft Location Finder\LocationFinder.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exeC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Program Files\Sharp\Sharpdesk\sdFTP.exeC:\Program Files\Southwest Airlines\Ding\Ding.exeC:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXEC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\Program Files\Microsoft Office\Office10\WINWORD.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exeC:\DOCUME~1\SEANP~1.FOL\LOCALS~1\Temp\Adobelm_Cleanup.0001C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeC:\DOCUME~1\SEANP~1.FOL\LOCALS~1\Temp\Adobelm_Cleanup.0001C:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Sean P. Foley\Desktop\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2060923R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 134.87.141.69:80R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2.0\PcfaxRcv.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstallO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWndO4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe AutorunO4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /backgroundO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimizedO4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startupO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exeO4 - Startup: Microsoft Outlook.lnk = ?O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159445418031O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} (Active DJ Studio ActiveX Control) - http://www.christianrock2.net/amp3dj.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.255.127.85/AxisCamControl.ocxO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cabO16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.com//chatobject/launcher.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://12.52.69.124/activex/AMC.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...162/mcfscan.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Update Service (gupdate1c98e035d138058) (gupdate1c98e035d138058) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 15907 bytesAny suggestions on removal would be greatly appreciated.Thanks!

RELEVANCY SCORE 200
Preferred Solution: Search engine results redirect virus

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Search engine results redirect virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 2 answers
RELEVANCY SCORE 88

I've been trying to fix my computer. Whenever I use a search engine, redirects occur when I click on the search engine result (Google, Yahoo, and Bing is what I've noticed so far).

I'm guessing it's a rootkit issue. I've scanned with Malwarebytes and MS Security Essentials and have attempted to clean my computer. Nothing is working yet and I'd like to remove or fix this issue.

Here is my DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by johnp at 23:34:05.44 on Thu 03/31/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_19
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\TeamViewer\V... Read more

A:Search engine results - redirect

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachme... Read more

Read other 13 answers
RELEVANCY SCORE 88

Hey Guys.Got this nasty bug that keeps redirecting me when I click on the results of any search engine I use. It can be google or bing. It lets me search for anything I want and the results are perfectly valid but when ever I click on any result it sends me somewhere else. The only way I can bypass this is by opening the result in a new tab but sometimes it hangs when trying that.Before I came here, I have tried Malware, ComboFix, Kapersky, Trend Micro House Call. They all find some stuff and disinfect things but the problem still persists. Here are the logs from all the scans i have run.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:56:06 PM, on 8/19/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeN:\Program Files\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Progra... Read more

A:Search Engine Results Redirect

Hey guys just another update. Somehow, it corrupted both my IE and Firefox exe's. I have just decided to reformat. I am only reformatting my OS partition. I will post logs if the problem migrated to another partition.

Read other 2 answers
RELEVANCY SCORE 88

EDIT: Moved from AII topic http://www.bleepingcomputer.com/forums/top...ml#entry1678921Well I was able to finally resolve the issue, my NVSTOR32.sys had gotten infected. HitMan Pro 3.5 dug it out as the culprit. I am going to post my DDS log anyways, so that if this is obvious there and someone can point it out to me, I would appreciate it.My ultimate concern here is that none of the usual tools found this thing. AVG was crippled was the first and only obvious symptom, then the search engines started acting up, I ran all the standard removal tools, MBAM, SS&D, SuperAntiSpyware, Spyware Doctor, TrendMicros Online Scan, HJT, ComboFix, FixIEDef, Reset my hosts file, cleared the caches ATF, GMER, RootRepeal (still crashes, don't know why); but none of these tools detected anything what so ever. Now AVG did clean a trojan about the same time that this started happening, but still even a trace should be picked up. I do have an nVidia video card, so NVSTOR32.sys may be a legitimate file for that or just a cleverly disguised bug. I know the exe that brought it in and I have the NVSTOR32.SYS quarantined, so if there is someplace I should upload those files for people to review, just let me know. But my concern is all the other people who are experiencing the same symptoms and all the scanners coming up with nothing.DDS (Ver_10-03-17.01) - NTFSx86 Run by PowerUser at 16:26:35.96 on Wed 03/17/2010Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista... Read more

A:Search Engine Results Redirect

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 88

I'm having the same exact problem. It just started last night. I ran RootRepeal, can I post it here or do I need to start my own thread?

Thanks for any help you can provide.

A:Search engine results redirect

Hello Benjamin, I split you to your own topic. Please post the log.

Read other 6 answers
RELEVANCY SCORE 88

In both IE7 and firefox when clicking on a link from a search I get redirected to another website. REDIRECT or JUMP shows up in "history" and the tabs. common website names have GATHI. something or other That is about the extent of what I know... ***EDIT*** Cant runt GMER, PC reboots when attempting.DDS (Ver_10-03-17.01) - NTFSx86 Run by Marcus at 23:04:07.90 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.834 [GMT -8:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\rundll32... Read more

A:Uhh... redirect from search engine results

Hi,Please Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here. Post also contents of both dds.txt & attach.txtNote** you may get this warning it is ok, just ignoreRootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?

Read other 23 answers
RELEVANCY SCORE 88

Hello,

This computer has had some sort of browser hijack where search engine results get redirect through another site to ads. I don't remember exactly which ones because it has been a few months since we used this computer...it was just too irritating we bought another one.

It doesn't seem to be happening now but it has always come back and there are still traces of "something" when I run some scans...everytime I think the problem is fixed it resurfaced in a few hours or days. MalwareBytes Anti-Malware shows four registry entries that are never removed even when the computer reboots. They are in HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings, bf, bk, iu and mu if that means anything.

Thanks for your help, DDS logs are below!

-Donald
DDS (Ver_09-06-26.01) - NTFSx86
Run by compaq at 20:25:01.80 on Tue 06/30/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.239.108 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Pro... Read more

A:Search Engine Results Redirect to Ads

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 21 answers
RELEVANCY SCORE 88

I am not experiencing any other symptoms, (I don't believe). Is this a virus/malware etc?

What can I do?

Help!

A:Search Engine results redirect me

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to comp... Read more

Read other 1 answers
RELEVANCY SCORE 88

I downloaded some printable coupons the other day and thats when my problems started. Everytime I type in google search and click on the web results, it redirects to a different website, websites containing mostly ads. I am using Windows 7 and it happens in both chrome and firefox.

Read other answers
RELEVANCY SCORE 88

hello, this is my first post here on bleeping computer.com. i have used the forums in this site in the past for answers to my computer problems, and usually reading old forums and copying suggestions has worked for me in the past. however, i am having a problem that i feel i have done everything i can to fix, and it's still happening.i am on a windows xp, and i use IE7. this is not my main computer (it's my parents, i came home to fix it) so i am not sure how long this problem has been occuring. when i use search engines like yahoo or google, i see normal results but when i click on them i get redirected to completely unrelated websites. for example, texasroadhouse.com result turned into adultfriendfinder.com. this happened for almost every search result.then i came to this site and started looking at posts with the same problem. i particularly followed the advice of this recent thread: http://www.bleepingcomputer.com/forums/t/205129/google-redirecting-to-unwanted-sites/ . i ran malwarebytes, sas, atp cleanup, gooredfix, f-secure, everything. pretty much in the same order as that thread. the person who recieved the advice reported the issue was solved. for me, however, even though i had the same symptoms, the problem is still occuring. after following the advice, i am still being redirected. before i got redirected every single search result, but now it is only about 1 out of 5 (so it did some good). i'm not sure what else to do at this point. right now i am running malwareby... Read more

A:search engine results redirect to ads

Hi, swearbyit.

That's my thread you linked to. Did you run the programs in safe mode when rigel instructed? Apparently it is also important to disable your virus scan programs when running some of the AMW programs. I can look back at my notes to see exactly what I did and when the problems started to go away if it turns out you do have the same infection that I had and you think that would be helpful.

rd11

Read other 4 answers
RELEVANCY SCORE 87.2

When I use yahoo or google search and click on a subject on the results page I am redirected to another search engine or information collection page. Here is my DDS log:DDS (Ver_09-06-26.01) - NTFSx86 Run by Dennis at 17:25:49.89 on Thu 07/16/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.679 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\WINDOWS\system32\ct... Read more

A:Redirect from search engine results page

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 87.2

Google search will return legit results and link to shown at the bottom of each result appears legit. When clicked however I am redirected to some BS ad site. I have tried to run my scanners ad-aware and malwarebytes oddly: Ad-aware returns nothing and malwarebytes wont wont start (tried uninstall and re-install to no avail) thought i would download spybot search & destroy but it won't allow me to complet the install because I can't download additional software (waited forever and got nowhere) I have symantec corporate antivirus loaded and its not finding anything (tried a deep scan) two hours later still nada. I disabled system restore and rescaned (no dice). as pursuant to your requested first steps i have included log files from HJT, DDS, and GMER. Please also note that whatever it is is not permitting me to update my anti-spyware. I will greatly appreciate any assistance.

A:Search engine results redirect to adsites

its also 3am and my brain no longer functions here are the logs for dds

Read other 2 answers
RELEVANCY SCORE 87.2

I keep getting redirected when I search for things on the internet. Please help me as this is inconvenient and sometimes redirects to pages unsuitable for children.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:56:02 PM, on 6/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\VS... Read more

A:Search Engine results redirect web page

Alot of people seem to be having this problem with ToseekA and I'm sure this is malware. I can provide the combofix log also but I probably just need to do standard operations to get rid of malware.===========Hello Please don't do anything with Combo-fix unless a team member asks you to.While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us wa... Read more

Read other 4 answers
RELEVANCY SCORE 87.2

Hi there

My first time in this forum and hope one of the experts can assist. I can usually deal with these types of things but this one has me stumped and much Googling (on a clean computer ) has led to a myriad of ideas to clean but without much success.

BEHAVIOR: When search results in Google are clicked from either IE8 or Firefox 3.6.13 the browser is hijacked and redirected to unwanted sites on every occasion. The actual search result site is never displayed after the link is clicked.

ATTEMPTED REMEDIES: Thus far I have run Avast, Spybot & MAM but with no success in removing this little sucker.

Thanks in advance for you help!

DDS RESULTS:
DDS (Ver_10-12-12.02) - NTFSx86
Run by BJ at 15:06:28.84 on Thu 20/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3071.2497 [GMT 11:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: NVIDIA Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Documents and Settings\All Users\Application Data\EP... Read more

A:Search Engine Results Browser Redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 10 answers
RELEVANCY SCORE 87.2

Hey guys,Im new to this site, and I have no idea what is going on with my computer.When I go on google or yahoo or any search engine and click a link it redirects meto juggle.com, I have viewed a couple threads about this but Im still unsurehow to fix my computer. I have downloaded HijackThis, but I dont know where togo from there.Do you think you can help me out, pleaseThanksChelseaSo guys.I ran the Hijackthis, and this is what I gotLogfile of Trend Micro HijackThis v2.0.4Scan saved at 1:55:34 PM, on 08/11/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16671)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Users\Chelsea\Downloads\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnbR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnbR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1... Read more

A:Search engine results redirect to juggle.com

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 16 answers
RELEVANCY SCORE 87.2

Hi, I turned my laptop on today and when I used google the font of the results are larger and when I click any of the results it opens a new window and it automaticaly redirects me to an ad site. I was able to run the DDS but the GMER Rootkit Scanner downloads however does not run, I dont know if this is related to my malware issue, please help...

My DDS.txt read as follows:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 21:43:34.67 on Thu 03/26/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.148 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AIM95\aim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wltrysvc.e... Read more

A:Search Engine Results Redirect Malware PLEASE HELP!

Hello Jasper33x. You still didn't tell me why you have no AV installed and running.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of Combo... Read more

Read other 10 answers
RELEVANCY SCORE 87.2

Hi, I turned my laptop on today and when I used google the font of the results are larger and when I click any of the results it opens a new window and it automaticaly redirects me to an ad site. I ran fixwareout and got this report:

Username "Owner" - 03/20/2009 21:33:11 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
&quo... Read more

A:Search Engine Results Redirect Malware PLEASE HELP!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 87.2

When clicking on links generated by a search engine, I am redirected to sites other than those linked by the search results. Frequently, the redirect is performed by click.easilyfound.com. See log below. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 7:10:59 PM, on 1/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP... Read more

A:redirect when clicking on search engine results

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

This is but Round 1 in what could be several posts to help you clean your machine. Please follow it up to the end.

---------------------------------------------------------------------------------------------

Before you do anything else, create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then In... Read more

Read other 8 answers
RELEVANCY SCORE 87.2

I attempted to help a friend of a friend tonight with his computer problems. He has a 5 year-old Dell Inspiron Desktop tower running MS Windows Vista 64-bit, 2 GB RAM, IE 9.0. His main complaint is that when he clicks on a search result link from his Yahoo! home page, he gets redirected to a search bar that only pops up advertisements. The new search page looks like Google's, but the left side of the text box has a 4-petal/4-color spinner icon. I've seen this before, but I can't remember what to do about it.

I noticed that when I mouse-over the links in the search results, they show the correct URLs, but if I right- or left-click on any of them, the URLs permanently change to "[ search.yahoo.com/r/_ylt=A0oGd] [etc.]" (until I run a new search). Yahoo! and Altavista behave identically, but Google is unaffected.

I ran Malwarebytes (quick scan only) and Spybot S&D (quick scan only), which found and cleaned several infections. However, the problem persists.

Any ideas?

Thank you.

A:Browser Search Engine Results Redirect

Alta Vista was bought out by Yahoo about a year ago.
We recommend that you read this article…
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the Virus/Trojan/Spyware Help - Tech Support Forum section of the forum.
(Simply, click on the colored links to be re-directed.)

Please ensure that you create a new thread in the Virus/Trojan/Spyware Help - Tech Support ForumForum; not back here in this one.

When carrying out The Malware Removal Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to the Virus/Trojan/Spyware Help - Tech Support Forum Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Read other 1 answers
RELEVANCY SCORE 87.2

Recently i've noticed that about half the time I search for something on Google (or yahoo! for that matter) the result i click on does not take me to that site- but redirects me to another search engine or advertisement such as:
-ozonez.com
- searchfindsire.com
- shopica.com
- asterlinks.com
I've performed some of my basic malware searches and remove the infections only to find that it still occurs. I ran dds and gmer...

DDS (Ver_09-09-29.01) - NTFSx86
Run by Bryan at 17:02:30.43 on Thu 10/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.jmu.edu/jmuweb/students/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {a57ff8cf-c9db-407f-80c4-6f1ab3bca484} - c:\windows\system32\byXNgfFv.dll
BHO: Google Toolbar Helper: {aa58ed... Read more

A:Search Engine Results redirect to Advertisements

I know this is most likely an unrelated issue but I just received a blue screen error which I know is not a very good sign for my computer. But if anyone can help out with these problems i would be quite grateful

Read other 1 answers
RELEVANCY SCORE 87.2

I need help trying to eliminate some malware which is redirecting me when I click on any of the search results. It will redirect me through a www.find-festive.com site then to somewhere random. I have tried spybot search and destroy, ad-aware and they are having no success.

I have downloaded Hijackthis and below are the results. I would be much appreciated if someone could help me out with what needs to be removed or fixed.

Thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:03 AM, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\... Read more

A:Search engine results redirect malware

Hello and welcome to TSF

Please follow the instruction outlined in our sticky entitled http://www.techsupportforum.com/secu...oval-help.html

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

If there is no response to this post within 72hrs, this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 86.4

Good Afternoon,

When I google, and google provides their list of search results the links redirect to bogus/spam like websites unrelated to my search query, what has happened and what can I do?

NOTE: this is not the go.google.com virus, I checked out the symptoms and they don't match. Also, this problem occurs with all other search engines as well, not only google.

A:Search Engine Results Redirect to Spam Like Sites

possibly ur atapi.sys file is infected !

Read other 3 answers
RELEVANCY SCORE 86.4

I've got some kind of bug that is causing all the major search engines to redirect any result I click on. No matter what the search engine, no matter Firefox or IE. I have ran the basic scans and all come up empty. These include AVG A\V, ComboFix, AVG Anti-Root Kit, Malwarebytes, Spybot S&D, etc. All come up negative, but I still have the re-direct. Any suggestions? I've even created new profiles in FF and it still has the issue. Created a new user account on the computer and it has the issue.

HELP!

Windows Vista Home Premium, 3Gb RAM, 200Gb HD, Firefox 3.0.11, IE7,

Update:
Cleaning the hosts file has no effect.
I have a screen shot of the temp redirect page, but cannot find a reference on another site. (yet)
Double clicking on a search result link takes me to that search result.

UPDATE II:
Renaming the firefox.exe to something else fixed it for FF, but IE still has the issue.

A:Search Engine Results Redirect FF and IE, no malware detected

Tried additional methods with FixIEDefs and still no result.

Read other 3 answers
RELEVANCY SCORE 86.4

Hi, I'm having problems with my laptop (I have to use my desktop on here).

Today, both Firefox and IE have been giving me problems with my search engines. I try clicking a link and it sends me to some dirtball search site that only occasionally has something to do with what I'm looking for. My connection also seems slower than normal.

The scary part is that I can easily access my facebook, school homepage, etc, but when I try to go to anti-virus sites, it says the site seems legit, but won't connect.

Here is my HJT log from the laptop. Thanks for the help in advance.

-Andy

Logfile of HijackThis v1.98.2
Scan saved at 9:11:12 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\s... Read more

A:IE and Firefox redirect search engine results (HJT included)

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add or Remove Programs, and then delete your current version.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 86.4

Web browsers (both Firefox and IE) are redirecting to ad sites when I click on a search engine result (sems to do it with Google, Bing, and Yahoo at least). It doesn't happen every time, and if I hit the back button to go back to the search results and then click on the same result, it usually then goes to the correct page. When I click on a link, the browser indicates it is getting information from googleads.doubleclick.net or something similar. Blocking cookies from these sites did not solve the problem. Malwarebytes scan and Kaspersky TDSSKiller did not solve the problem.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Run by Ken at 15:03:59 on 2011-09-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1826 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Jav... Read more

A:Periodic browser redirect from search engine results

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418739 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 14 answers
RELEVANCY SCORE 86.4

Hello,AllWhen I search in IE8, or Firefox, using any search engine(bing, google, yahoo, ask), the links take me to random sites. I have Norton 360, the computer is running Windows XP -all up to date on patches.I have used Malwarebytes Anti-Malware.Nothing is found. What do I do now?Okay, Now the machine is running painfully slow and rebooting automatically. I am writing this post from another computer..I ran GMer and it said it didn't find anything.Attached DDS.txt, attach.txt and ark.txt as one zip file.Merged 3 posts. ~ OB

A:Search engine results redirect to random sites

I followed the instructions on this topic, and the search results are fine, and the computer seems to be okay too. Do I need to do more?http://www.bleepingcomputer.com/forums/t/279883/google-search-engine-hijacker-atapisys-rootkit/

Read other 10 answers
RELEVANCY SCORE 85.2

On every few google searches on firefox (I run Vista) "click find search" highjacks the search. I downloaded and ran malwarebytes program already. There was another search engine highjacker that no longer runs now, but "click find search" has taken its place.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_33
Run by BA at 13:58:23 on 2012-07-13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3998.1229 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Expl... Read more

A:click find search engine results malware redirect

Hy there and sorry for the delay.If you still need help, please re-run DDS and post both logs

Read other 16 answers
RELEVANCY SCORE 84.4

On @11/1 i would get redirected to sites that have nothing to do with the search engine result i clicked on. I would need to rerun the search and click on it again to get to it. BACK does not work on the site i'm redirected to, it just sends me to the main page that i'm redirected to.Happens with bot IE and Firefox.I have dwm.exe running from my temp directory and i can't delete it, even in safe mode. Also looks like shell.exe and svchost.exe are running from a wrong directory. Note: I downloaded GMER but the buttons that the instructions say to check are grayed out & uncheckable. Services, Registry & Files & c:/ & ADS are the only ones i'm allowed to check. I did not run it.Here are my logs as per http://www.bleepingcomputer.com/forums/topic34773.html .DDS.txt:DDS (Ver_10-11-03.01) - NTFS_AMD64 Run by John at 4:49:51.15 on Thu 11/04/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1630 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows&#... Read more

A:Browser redirect in Search Engine results (Yahoo, Bing, Google)

Moderator - please close this thread.
I followed boopme's 1st post in the below thread and i'm good now.
http://www.bleepingcomputer.com/forums/topic358309.html

THANK YOU!

Read other 2 answers
RELEVANCY SCORE 83.6

Okay everyone, here's what I'm dealing with...

This started two days ago, and I'm not sure why. It's similar to the winshield2009.com browser hijack except it only kicks on when I get search results via Google, Bing, etc and click on a result.

If I type a domain name in, it doesn't affect anything. Here's an example of what is happening:

I use google to search "z43523673.cn"

Google returns results (this forum being one of the first) so I click on it. I get redirected to a page URL starting with z43523673.cn, and sometimes it stops there as an undeliverable page. Other times it may cycle through several URLs before landing on a final page. I just did this again and here's where I ended up:

hxxp://www.apartmentfinder.com/landing.aspx?ecid=PS|MIV|21189S69683090]

It's apparently hijacking the browser to generate clicks to its affiliates. Real scumbags must be running this thing.

Things I've tried:

MalwareBytes - Runs it course, finds issues, cleans them, but the problem remains.
HijackThis - same as MalwareBytes

I realize this is a pretty new thing, and help may not come for a while, but I would like to avoid a complete reformat. Any help would be greatly appreciated.

A:Search engine results redirect to z43523673.cn + lots of scrambled numbers and letters

Update mbam and run a FULL scanPlease post the results----------------------------------We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr

Read other 2 answers
RELEVANCY SCORE 82.8

Hi there,

I've been getting URL redirects on Firefox, IE and Chrome browsers (dont have any other browsers on this computer) whenever I use a search engine. Firefox seems to load pages very slowly, been using Chrome instead since its not affected.

Also, I'm unable to scan, update malware definitions or open up antivirus/antimalware programs, newly downloaded or not.

Can anyone help me?

Here's the DDS log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Brandon at 1:03:40.82 on Thu 07/16/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.646 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin... Read more

A:Anti-malware blocked/Browser running slow/Search engine results redirect

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Read other 9 answers
RELEVANCY SCORE 82.8

Redirects the page. This happens in both ie 8 and firefox latest version. Virus scans and housecall show no bugs. spybot and symantec endpoint protection show no issues, but everytime I click on the results of a search, aka goole, msn etc, I get a redirection via searclivestyle.info then it lands on a redirected page. If I type in the url, then no problem. below is the hijack file. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:21:56 AM, on 10/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program F... Read more

A:strange browser redirect both ie and firefox, when clicking on the results of any search engine, searclivestyle.info

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 82

hi there. i posted about this same problem about a week ago but didn't get any response and i'm very much in need of help on this one. i have had the search engine redirect virus for some amount of time now with little success of getting rid of it. the virus first showed up on my main pc and after running a variety of programs including mcaffee scan, sas, combofix, atf cleaner, avast, gooredfix, f-secure scan, malwarebytes too, i finally rid my computer of the virus. apparently 2 trojans were found in the windows system files.

these are my parents computers, so i went back to school after i got rid of the virus. now a week later i've come home and the laptop which shares the home network with the main pc has got the same virus. i heard that this particular virus can spread through a network, so i was not surprised. i ran all the same programs on the laptop, followed similar steps i took to rid the virus on the main computer, but with no success. absolutely no files are showing up as infected on the laptop. i feel like i have exhausted all of my options here, and i am afraid it is going to spread back to the main pc to just double my problems.

both computers are windows xp, and i only use IE. not sure what other specifics would be helpful to know about this, but i do hope i get a reply on this one since my last post wasn't responded to. any help would be great. thanks so much in advance.

A:search engine results redirected virus

I please post the infected log so we can see exactly what and where it is,thanks.

Read other 10 answers
RELEVANCY SCORE 82

The virus redirects my google search results. My antivirus does not seem to find anything when I run it, but I know something is there. It also redirects other search engine results.

A:Help! I have a virus that redirects my search engine results

Welcome whitsouther We need some more info and some scan logs. What browser do you use? Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes: Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size. Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.   Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.   Please download AdwCleaner by Xplode onto your desktop.•Close all open programs and internet browsers.•Double click on adwcleaner.exe to run the tool.•Click on Delete.•Confirm each time with Ok.•You will be prompted to restart your computer. A text file will open after the restart.•Please post the contents of that logfile with your next reply.•You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>Now I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET Onl... Read more

Read other 1 answers
RELEVANCY SCORE 82

Thanks in advance for the help! This computer, running Windows XP, seems to have a virus or malware that causes it to redirect to different sites whenever any google, msn, or yahoo search results are clicked. It doesn't happen with some other search engines.

The message given during the redirect is:

"The document has been moved here (link). Wait..."

The back button no longer works once the redirect begins.

I have run fully updated Norton Anti-Virus and Lavasoft's AdAware. Both failed to fix the problem.

Edit: Additionally, Gmail won't load at all. A "Failed to Connect" message is shown.

The problem happens with both IE and Firefox. Both are fully up to date. Java is up to date. DDS log follows.




DDS (Ver_09-03-16.01) - NTFSx86
Run by Ralph at 23:59:30.64 on Fri 05/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.468 [GMT -5:00]

AV: Virus Sweeper *On-access scanning enabled* (Updated)
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Virus Sweeper *enabled*
FW: Norton 360 *enabled*

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\... Read more

A:Search Engine Results Redirection Virus

Hello -

It seems you may have attempted to run ComboFix recently. Is this correct? If so, is there a log at C:\ComboFix.txt?

Read other 19 answers
RELEVANCY SCORE 80.8

Last week my computer began popping up with a "Security Tool" warning, and my search engine links were being redirected. I downloaded AVG Anti-Virus Free Edition 2011 and got rid of the Trojan virus that was evidently responsible for it, but my search engine results continue to be redirected to merchant sites. Following are the requested logs:
DDS (Ver_10-11-10.01) - NTFSx86
Run by maklelan at 10:35:56.15 on Wed 11/17/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3000.1133 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:&#... Read more

A:Virus on my Computer Redirecting Search Engine Results

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 80

Hello, this is my first time posting. I've picked up a rather nasty virus on my computer that redirects google search results to random pages. I can usually click on one or two results and get the expected page, but after that it redirects. In addition:

- I can install Malwarebits, but the program will not run once installed. No error message, simply does not open.
- I can install Hijackthis only in safe mode, but it will not run in either safe mode or normal. No error message, simply does not open.
- I could not install a free trial of AVG (I'm sorry, I didn't write down the error message).
- I was able to install Avira.

Thank you in advance for your help!
DDS.txt log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Julia at 20:52:29.99 on Thu 07/16/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3034.1854 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k Local... Read more

A:virus hijacking google search engine results - "wareout"?

Hello elisethestranger,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. **************** If MBAM (Malwarebytes) will not install, please rename the installer mbam-setup.exe. Example: newtoolA.exeProceed installing the renamed installer of MBAM. If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtoolA.exe, double click newtoolA.exe to proceed in running a Full scan.Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply. Occasionally malware hides itself from HijackThis. Navigate to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe using My Computer or Windows Explorer and right-click o... Read more

Read other 2 answers
RELEVANCY SCORE 78.8

Hey all,I have a nasty redirect virus/malware on my computer that I have been trying to delete for 2 days now. The symptoms are as follows:-Google and Yahoo are in German (and therefore all websites I visit through those search engines are in German). For example, when I type "Yahoo" in my Google search bar it directs me to google.de, and then when I click Yahoo the entire website is in German. It does this with other sites such as CNET, etc. as well.-Clicking links often results in multiple redirects-I have Spybot and AVG 9 Free. Spybot has detected around 200 malicious files but when I attempt to remove them, I get an error saying something about the System32 host files.-I have checked for the TDSSServ.sys and didnt see one.I would appreciate ANY and ALL assistance. It is driving me crazy! I want to avoid wiping at all costs if I can, as it is a computer I received through college with a laptop lease program which I have since bought out and it has several programs on it thanks to the University which arent standard.THANK YOU! P.S. I have the DSS files below and attached. When I attempted to obtain the GMER file, my computer froze the first time and on the next two attempts I received the following blue screen with the message:"STOP: c000021a {Fatal System Error}The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000). The system has been shut down.=================================DDS (Ver_10... Read more

A:Possible Redirect Virus (in addition to all search engines/search results being in German)

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.====================================I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either AVG or McAfee.Important note: It is important to run the removal tool after you uninstall the AV that you wish to remove.AVG removal tool --> HEREMcAfee removal tool... Read more

Read other 20 answers
RELEVANCY SCORE 78.4

Few days ago, my computer got this "antispyware" virus (i am presuming) that rendered the internet explorer and any other files and programs useless. Everything I did directed me to pay to buy the antispyware. I am guessing to still my credit card info. Anyway, I did not fall for this. Took it to my school's IT who stopped the virus from attacking just long enough to run my malwarebyte. It caught some infections. I removed it and it worked fine for a day until it came back. Only this time, it seemed "weaker" in that I didn't need to take it to the IT to stop the virus now. When I rebooted, I opened malwarebyte as quickly as I could, ran it, found some more stuff and removed them. The pop up in the taskbar for antispyware and message about password stealing trojan stopped, and everything seemed to be working fine. Except two things started happening soon afterward. 1) google and yahoo searches are now being redirected. Started out infrequent. Now all searches are redirected. and 2) after working on my computer for a long time, in the taskbar, the red shield with X comes up saying my antivirus (Norton) is outdated. I would check and find it says antivirus is outdated. First time it happened, I thought maybe it needs updating. So I updated the antivirus. Message went away. I thought it was fixed. Then the very next day, again, after working on my computer for few hours, same thing. Now I know it is a problem because why would my antivirus become outda... Read more

A:Google search engine results redirected and anti virus made outdated

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 19 answers
RELEVANCY SCORE 77.2

Hello everyone,

I have developed a search engine redirect.

I have ran several programs to detect this and none have been sucessfull.

1. Avast
2. Malwarebytes
3. Super Antispyware
4. Hitman Pro
5. Esas
6. TDSKiller (it wouldn't run on my system for some reason) never would open, I double clicked and got an hourglass for about 10 seconds and that's where that ended.

Also I have reset my IE to factory default,have checked the windows/system32/drivers/etc/host folder and it looked as all the examples I saw.

I'm kinda at a deadend here and need some advice on what should my next step should be.

Thanks

A:Search Engine redirect virus

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

Read other 48 answers
RELEVANCY SCORE 77.2

Sorry for being such a newbie, but I am looking at the previous entries dealing with this issue and I have already downloaded ComboFix onto my desktop, but I have not run that program so far. I am unsure how to create the "logs" that I have seen posted from other users who have suffered from my problem. It appears that the responders to this problem seem to have the right answer to eliminate the infection, but I will need somebody to hold my hand because my tech security skills are reasonably close to non-existent. Please help me somebody!!!

A:Search engine redirect virus

I have also now downloaded DDS.scr and Gmer.zip onto my desktop and I have not run either of those applications until directed to do so.

Read other 8 answers
RELEVANCY SCORE 77.2

I cant figure out how to remove this virus when i first got it it came with 2 random virus scanners that i know were fake so i removed them the fakes were av2010 and avira, then when i thought i had removed it i went to search and when i searched for the common letter "A" and the word "pick" it gave me a list and i went to wiki and webesters respectively and as i clicked on them i was redirected to 2 random search engines and when i tried to go back it took me to a pornographic advert, I have been trying to get rid of it for 2 days and usually im very good at this but as of right now ive drawn a blank and im in need of assistance DDS (Ver_10-03-17.01) - NTFSx86 Run by Valued Customer at 20:22:56.92 on Wed 09/08/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.449 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\StacSV.exeC:\WINDOWS\s... Read more

A:search engine redirect virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

Read other 5 answers
RELEVANCY SCORE 77.2

Hello,I am having trouble finding away to fix the search engine redirect virus. I am using Kaspersky 2011 anti-virus but it does not detect the problem. I have tried using google, bing, yahoo and firefox search engines and they all do the same thing when clicking a search link. Can you please help me fix this?DDS (Ver_10-11-10.01) - NTFS_AMD64 Run by Owner at 20:06:37.38 on Tue 11/23/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2324 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ArcSoft\Connection S... Read more

A:search engine redirect virus

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 3 answers
RELEVANCY SCORE 77.2

I have been getting redirected from search engines (Google, Bing, Yahoo). I am redirected to random pages from norton anti-virus to a Scour search engine. I have run full scans using Malware Bytes and Microsoft Security Essentials. They find issues and I clean them but the problems persist. I have disabled all Internet Explorer Add-ons and reset the browser using the Reset under the Internet Options menu. Thanks for any help!
Log file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Joseph at 12:50:18 on 2012-07-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.726 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\... Read more

A:Search engine redirect virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 3 answers
RELEVANCY SCORE 77.2

Hello,I've been looking for some help for my dad's laptop - it seems to have a search engine redirect virus on it, but I don't know how long its been there. Just tonight we removed some 'XP Security 2012' fake antivirus bug and everything seemed fine, but when I opened Firefox or IE the very first result I clicked after a Google/Yahoo search redirected me to some other site, sometimes "get-answers-now" but not always; other times it's a video or picture site. Also, I don't know if this is related, but my dad can't get into his Yahoo email account from this computer or any other computer, though other email accounts besides his own are accessible.There will usually be an IP address in front of the redirected site. It doesn't happen when I click on a second result from the same search, only the very first one I choose. Then the same thing happens for every new search I start. I can see that the site I'm about to click is legitimate, because I can see the address in the results. For example, I can get this result in Google:www.imfbookstore.org/But when I right click the link and copy the address, this is what I get:http://www.google.com /url?sa=t&rct=j&q=imf%20bookstore&source=web&cd=1&ved=0CCMQFjAA&url=http%3A%2F%2Fwww.imfbookstore.org%2F&ei=0IbuTtn8JaH40gHltr3OCQ&usg=AFQjCNErE3-7I4VMMlmiMCF4ePv3PwdZ1A&cad=rjaI deleted all Firefox and IE cookies, restarted, still having the problem. Malwarebyt... Read more

A:Search engine redirect virus

Hi,Please do the following:Please download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
Only if Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)NEXTDownload ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Win... Read more

Read other 2 answers
RELEVANCY SCORE 77.2

I'm getting redirected when I click on a search engine result listing. It happens in both firefox and ie and across multiple Search Engines (Google, Yahoo, etc.)

Address bar briefly shows the domain www.searchhereiam.net along with an id number for the redirect, before redirecting to another website.

I have avgfree as virus protection and I have run malwarebytes, superantispyware, and tdsskill since noticing the infection. None of these programs found anything.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_20
Run by Cantonbait at 11:56:46 on 2011-07-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.1673 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ActiveBooks\ActiveBooksServer.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
svchost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C: ... Read more

A:Search Engine Redirect Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 13 answers
RELEVANCY SCORE 77.2

I am having issues with google searches redirecting to odd sites. It started 2 days ago when my wife had our laptop on a business trip at a hotel. Mcafee doesn't come up with anything on a scan. I also had adaware on this computer and it found some trojans. I got rid of the trojans but didn't note their names. I know one had redirect in the title. My computer has windows 7 64bit Service Pack 1. Thanks for any help.

I managed to find this site today after I searched for "search engine redirect trojan" instead of "search engine redirect virus"

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by BeckyJacob at 9:57:56 on 2011-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5981.4105 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\wind... Read more

A:Search Engine redirect virus

Well it appears to be gone now. Windows just downloaded some updates and rebooted. I hope it stays gone.

Read other 9 answers