Over 1 million tech questions and answers.

Search Engine redirect issues issues! Virus? Malware?

Q: Search Engine redirect issues issues! Virus? Malware?

Everytime I do a search, I click on the links and am redirected to different nonsense websites. Most of these websites are about making money from home, entering a contest or telling me I am a winner of something. I also cannot download any new games from a gaming website. My computer is running very slow and it seems to be getting worse by the day. I have ran several programs to fix this and nothing is found. Can these logs tell anyone anything? Everytime I run the GMER program I get the blue screen so I do not have those logs, sorry.DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 17:54:49.51 on Sun 07/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.307 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cobian Backup 10\cbVSCService.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\SearchIndexer.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Cobian Backup 10\cbInterface.exeC:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Documents and Settings\Owner\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6438uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137uInternet Settings,ProxyOverride = *.localmSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6438uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dlluURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIOb1.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [{95CE456A-321E-B04C-FC11-D9FFBFF62FFF}] "c:\documents and settings\owner\application data\xodea\paaxc.exe"mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEmRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exemRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hidemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -servicemRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"dRun: [Power2GoExpress] NAIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllTrusted Zone: internetTrusted Zone: mcafee.comDPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/54.13/uploader2.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\e2owdce6.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.search.selectedengine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytffFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: keyword.url - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dllFF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dllFF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dllFF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_1.dllFF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: network.cookie.cookieBehavior - 0FF - user.js: privacy.clearOnShutdown.cookies - falseFF - user.js: security.warn_viewing_mixed - falseFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: security.warn_submit_insecure - falseFF - user.js: security.warn_submit_insecure.show_once - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-25 64160]R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-22 214664]R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-7-20 14336]R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-7-9 67584]R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-22 93320]R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-22 359952]R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-22 144704]R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-5-22 200576]R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-22 606736]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-22 79816]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-22 35272]R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-22 40552]S2 gupdate1c9ded08e3a0260;Google Update Service (gupdate1c9ded08e3a0260);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104]S2 svchost32;Windows Service Manager;c:\windows\system32\com\svchost.exe /service --> c:\windows\system32\com\svchost.exe [?]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-24 18560]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-22 34248]=============== Created Last 30 ================2010-07-09 21:54:28 0 d-----w- c:\program files\Seagate2010-07-09 21:54:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Seagate2010-07-09 21:31:18 0 d-----w- c:\program files\Cobian Backup 102010-07-09 21:21:10 0 d-sha-w- c:\windows\Repair2010-07-09 20:32:52 0 d-----w- c:\windows\system32\NtmsData2010-07-09 19:59:25 0 d-----w- c:\program files\Trend Micro2010-07-08 14:53:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-08 14:53:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-08 14:53:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-15 02:29:45 0 d-----w- c:\program files\SpywareBlaster2010-06-15 01:39:22 0 d-----w- c:\windows\49FA793C785E47E993DFBD442B0B45D1.TMP2010-06-12 22:41:02 0 d-----w- c:\docume~1\owner\applic~1\NevoSoft Games==================== Find3M ====================2010-07-05 15:03:01 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT============= FINISH: 17:59:23.34 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 5/22/2009 1:30:53 PMSystem Uptime: 7/11/2010 5:42:55 PM (0 hours ago)Motherboard: Gateway | | Processor: AMD Turion™ 64 Mobile Technology ML-32 | Socket 754 | 1794/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 68 GiB total, 27.645 GiB free.D: is FIXED (FAT32) - 7 GiB total, 4.33 GiB free.E: is CDROM ()==== Disabled Device Manager Items ================= System Restore Points ===================RP242: 6/14/2010 10:57:38 PM - System CheckpointRP243: 6/20/2010 2:51:03 PM - System CheckpointRP244: 6/21/2010 2:52:27 PM - System CheckpointRP245: 6/22/2010 3:53:41 PM - System CheckpointRP246: 6/24/2010 1:22:47 PM - System CheckpointRP247: 6/26/2010 12:05:37 PM - System CheckpointRP248: 6/28/2010 3:56:04 PM - System CheckpointRP249: 7/1/2010 11:55:37 AM - System CheckpointRP250: 7/6/2010 1:55:15 PM - System CheckpointRP251: 7/9/2010 5:54:01 PM - Installed Seagate Manager Installer==== Installed Programs ======================Ad-AwareAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 7.0Advanced SystemCare 3Akamai NetSession InterfaceAmazon MP3 Downloader 1.0.9Apple Application SupportApple Mobile Device SupportApple Software UpdateATI - Software Uninstall UtilityATI Control PanelATI Display DriverAvenue Flo™Belarc Advisor 7.2BonjourBroadcom 802.11 Network AdapterCarbonite Online Backup SetupCCleanerCCScoreCobian Backup 10Compatibility Pack for the 2007 Office systemConexant AC-Link AudioCooking Academy 2Coupon Printer for WindowsCritical Update for Windows Media Player 11 (KB959772)DVD SolutionESSBrwrESSCDBKESScoreESSguiESSiniESSPCDESSPDockESSTOOLSessvatgtFacebook Plug-InFarm Craft 2 - Global Vegetable CrisisFarm Frenzy 3Farm Frenzy 3 - American PieFarm Frenzy 3 - Ice AgeFarm Frenzy 3 - Russian RouletteFile UploaderFiona Finch and the Finest FlowersGameHousegetPlus® for AdobeGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHijackThis 2.0.2Horatio's TravelsHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB932716-v2)Hotfix for Windows XP (KB945060-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Incredible ExpressIntensity XS ReChargeIObitCom ToolbariTunesJ2SE Runtime Environment 5.0 Update 2Java Auto UpdaterJava™ 6 Update 20Jessica's Cupcake CafeKodak EasyShare softwareLeapFrog ConnectLeapFrog Tag PluginMalwarebytes' Anti-MalwareMcAfee SecurityCenterMcAfee Virtual TechnicianMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Digital Image Library 9 - BlockerMicrosoft Digital Image Starter Edition 2006Microsoft Digital Image Starter Edition 2006 EditorMicrosoft Digital Image Starter Edition 2006 LibraryMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft Money 2006Microsoft National Language Support Downlevel APIsMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft WorksMobileMe Control PanelMozilla Firefox (3.6.6)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 ParserMy Little PonyNapster Burn EnginenetbrdgNikon Message CenterNikon TransferOfotoXMIPizza ChefPlants vs. Zombies™Power2Go 4.0PowerDVDQuickTimeRanch Rush® 2 Premium EditionRealArcadeRealPlayer BasicRecovery Software Suite GatewayRoyal Envoy™SafariSeagate Manager InstallerSecurity Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB976321)Security Update for 2007 Microsoft Office System (KB978380)Security Update for Microsoft Office Excel 2007 (KB978382)Security Update for Microsoft Office Outlook 2007 (KB972363)Security Update for Microsoft Office PowerPoint 2007 (KB957789)Security Update for Microsoft Office Publisher 2007 (KB980470)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB969613)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB969604)Security Update for Step By Step Interactive Training (KB898458)Security Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB980232)SFRSHASTASimplz - Zooskin0001SKINXSDKSoft Data Fax Modem with SmartCPSpywareBlaster 4.3staticcrStrike Ball 2Synaptics Pointing Device DriverTexas Instruments PCIxx21/x515/xx12 drivers.TIPCITropix™ 2 - The Quest For the Golden BananaUpdate for 2007 Microsoft Office System (KB967642)Update for 2007 Microsoft Office System (KB981715)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office InfoPath 2007 (KB976416)Update for Microsoft Office OneNote 2007 (KB980729)Update for Outlook 2007 Junk Email Filter (kb981726)Update for Windows Internet Explorer 8 (KB971180)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB951978)Update for Windows XP (KB953356)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)Viewpoint Media PlayerVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01VPRINTOLWeb Games Player PluginWebFldrs XPWindows Backup UtilityWindows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Internet Explorer 7Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Format SDK Hotfix - KB891122Windows Media Player 11Windows Search 4.0Windows XP Service Pack 3Winkflash TransporterWIRELESSYahoo! Toolbar==== Event Viewer Messages From Past Week ========7/9/2010 5:10:13 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BASEMENT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9C609960-F2F2-4C7E-. The master browser is stopping or an election is being forced.
7/9/2010 3:08:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}7/9/2010 3:07:43 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding7/9/2010 3:05:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}7/9/2010 3:05:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}7/9/2010 3:03:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}7/9/2010 3:03:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BANTExt Fips mfehidk7/8/2010 11:28:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde7/7/2010 8:03:16 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)7/6/2010 8:58:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.7/6/2010 1:23:34 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.7/5/2010 3:34:58 PM, error: NetBT [4321] - The name "JEN :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.115 did not allow the name to be claimed by this machine.7/5/2010 3:31:54 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.7/5/2010 2:24:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.7/5/2010 2:24:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.7/5/2010 2:23:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.7/5/2010 2:23:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.7/5/2010 2:22:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.7/5/2010 2:20:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.7/11/2010 9:21:49 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.7/11/2010 10:38:21 AM, error: Service Control Manager [7000] - The Windows Service Manager service failed to start due to the following error: The system cannot find the file specified.==== End Of File ===========================

RELEVANCY SCORE 200
Preferred Solution: Search Engine redirect issues issues! Virus? Malware?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Search Engine redirect issues issues! Virus? Malware?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear: DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"information and logs:In your next post I need the following1.logs from DDS2.RKUnHooker3.let me know of any problems you may have hadGringo

Read other 3 answers
RELEVANCY SCORE 111.2

I've been having really annoying issues when i use any of my browsers (IE, Mozilla, Chrome) on a search engine (google, yahoo, etc) every time i do a search i click on a link and it immediately takes me to some random website, often an advertisement. However for the time being to get around this i've been opening up the link in a new tab and it goes to the correct site. i don't want to do this forever as it's annoying and i have obviously have some sort of a virus / maleware.

I've done a bunch of scans with my anti virus (anitvir) and it has picked up a few trojan warnings, i've quarantined them and deleted them off the computer. As well my malwarebytes has found a bunch of malware files and also deleted them. I've done scans in both regular and safe mode but i still keep having this issue. I went to msconfig to make sure no weird programs were starting during my start up phase, sure enough there were all kinds of weird programs listed there that i did not recognize. I have disabled them, however i still have this search engine re direct issue.

Other then this issue my computer is working fine.

Below are is my dds log file the ark.txt and attach are both zipped and attached to this thread.


DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 16:59:19.27 on 11/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.618 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-4... Read more

A:Search Engine Redirect Virus / Issues

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 10 answers
RELEVANCY SCORE 98.8

After googling around trying to find solutions for my problems, I stumbled on this forum. Hopefully someone here can help me with my Vaio VGN - AR825E.

My problems started with a seach engine redirect problem, where clicking on links on seach results sent me to random sites. I tried doing a system restore to two weeks prior, but that didn't work. Now, my computer is acting really weird... all the windows on any application look like the old school windows from Windows ME or something, and most of my programs (iTunes, Mozilla) are either messed up to the point of crashing immediately upon opening (as is the case with Mozilla) and reverting to as if I hadn't even installed them in the first place (iTunes.)

Let me know what I need to do on my part to get this solved. I'd much rather try and solve this myself than go to Geek Squad or some other computer repair place.

Thanks in advance.

A:Search engine redirect and other issues

My computer encountered a blue screen while trying to run the GMER rootkit scanner. Also, I cannot zip the Attach file... when I right click the file, and go to "Send To," there's not an option to compress it. Please advise as to what to do next.


DDS (Ver_10-03-17.01) - NTFSx86
Run by SYSTEM at 3:02:49.91 on Mon 05/24/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1980 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Win... Read more

Read other 16 answers
RELEVANCY SCORE 98.8

Frequently when I attempt to click on a link from Google, I am redirected to some sort of ad page. I have tried scanning with Malwarebytes, Adaware and Spybot, but so far I've had no luck. Here's my Root Repeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 16:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF35CA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BB5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF018F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{05FE1E09-7CB8-4984-9D07-B2D95CE44CE7}\RP1968\A0305304.rbf:{F344058A-7158-D71F-21AA-C31D6B24AD2F}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: ... Read more

A:Search engine redirect issues

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 21 answers
RELEVANCY SCORE 96.8

When i get on Google, Yahoo, or Bing and use their search engine, the links i click either redirect me to search.imesh.com or to adpages.com. Sometimes the links i click on other sites redirect me to these sites too. Also(rarely) Google randomly pops up in a new window, usually when i am on mangafox.com. I have other Internet Explorer issues: tabs randomly closing; when i open yahoo mail the tab closes itself; internet explorer not responding A LOT(usually when I'm on mangafox.com) . But i don't know if these other issues have anything to do with my current problem of redirecting. I tried to generate a log on GMER but my computer always restarted itself when it reached C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\random letter number combinationOne time it actually went to a blue screen that said d0000144 Unknown Hard Error. I attached a text file of the GMER log before it restarted. I don't know if it will help. I really don't know what to do. Please help.Also right now McAfee just said that it removed a trojan. It said that yesterday too, so I don't know what's going on.DDS (Ver_10-10-10.03) - NTFSx86 Run by User at 0:06:40.04 on Sat 10/16/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.206 [GMT -5:00]AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McA... Read more

A:Search Engine Redirect and other Internet Explorer Issues

I managed to fix the problems. Please take my post off the forums. Thank you.

Read other 2 answers
RELEVANCY SCORE 96.8

Hey guys,
Hoping you could help me with the remnants of a virus that is driving me absolutely crazy because I dunno if its still serious or not. My browser redirects me to random sites after clicking on a search result, happens with all my browsers and search engines. Below is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:43 PM, on 10/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files... Read more

A:Browser Search Engine Redirect Issues after Antivirus2010

Here is my gmer log as well....
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 09:52:03
Windows 5.1.2600 Service Pack 2
Running: fwpg5f68.exe; Driver: C:\DOCUME~1\Steven\LOCALS~1\Temp\uxtdypob.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA1466B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA146574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA146A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA14614C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA14664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA14608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA1460F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA14676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA14672E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA1468AE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\driv... Read more

Read other 2 answers
RELEVANCY SCORE 96.8

Bleeping Computer Gurus please help.

I have a persistent search engine redirect issue. I have been trying to remove it since it first popped up over a week ago. It started as a fake virus scan software that changed my internet connection settings so that only it would work & and a rootkit (I think it was called TLD4). Using various anti-virus/spyware software I seemed to have gotten rid of the rootkit and fake virus scan, but the redirect issue isn?t going away.

Thank you in advance for fighting the good fight and for your help with my issue.

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:57:02 PM, on 2/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTr... Read more

A:Search engine redirect persists after fixing other issues

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: ... Read more

Read other 22 answers
RELEVANCY SCORE 94.4

Hi everyone,
 
I am struggling with browser search engine redirect issues and I may have been infected with Trojan horse. I am way over my head with this stuff so I have decided to get help from wonderful folks at bleepingcomputer.com
 
So, here is what happened:
 
My system information:
HP laptop with Intel Core 2 duo processor
Windows 7 home premium Service Pack 1
Paid subscription for Norton 360
Additional Virus tracking software: AVG Free edition, MawareBytes Free edition
 Browsers: Internet Explorer 9.0 and Google Chrome
 
I was visting a recent movie streaming site with Internet Explorer and I got infected.
Norton 360 immediately blocked this infection attempt  with following message:

Threat: Trojan.Tracur
Threat type: Virus.
File Actions
File: c:\users\<username>\appdata\local\google\chrome\user data\default\default\aadbddgddggcdadfgddjddgddegfgbda\contentscript.js
Blocked
 
Even though the infection was blocked for Google Chrome, it infected Internet Explorer.
After this, every time I went to run a search engine query in google in Internet Explorer, no matter whatever result link I clicked on, I was always redirected to some other garbage websites and never to actual link. However, Google Chrome wasn't infected and worked every time correctly when I used a search engine.
 
I ran full scans in Norton 360, AVG, and MalwareBytes and none of them could fix this infection for couple of days. Later, I updated the definitio... Read more

A:Windows 7 Internet Explorer search engine redirect issues. Am I still infected?

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

Read other 15 answers
RELEVANCY SCORE 94

When using my search engine, no matter which I use, the search results come up but if I try and go to one of the links it redirects me to whatever site it wants to. I've run my spyware (Avast! Antivirus version 5.0.545) and also Malwarebytes version 1.46 to no avail. I've also tried switching from Explorer to Firefox and swithcing through all known search engines. None of those attempts helped either.

A:search engine redirect malware/virus

Good evening. When you ran DDS there should have been two logs that were created. You have attached the second, attach.txt, but not pasted the first. Will you run DDS again and let me have the contents of DDS.txt

Read other 7 answers
RELEVANCY SCORE 94

Hi,I have a problem with search engines. When I goto search for something in google, (and notice on bing too) click on a link it will take me to another search engine page or some random webpage, It doesn't happen with everylink, I can get around the problem by copying the shortcut and pasting it into the address bar.I searched around on the net and found people with same problems but couldn't see any solution, also noticed a few people had left logs from combofix. I've downloaded and scanned with zonealarm extreme, malwarebytes, spyware terminator, AVG 8, Hitman 3.5 and used RegTweaker.I did have a load more problems than this before but got them all under control apart from this search enegine redirect virus.thanks very muchMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4080Windows 5.1.2600 Service Pack 2Internet Explorer 8.0.6001.1870209/05/2010 18:21:23mbam-log-2010-05-09 (18-21-23).txtScan type: Full scan (C:\|)Objects scanned: 151427Time elapsed: 1 hour(s), 54 minute(s), 39 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders ... Read more

A:Search Engine Redirect Virus/Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 4 answers
RELEVANCY SCORE 94

So whenever I click on a search result link, it redirects me to a random site. I don't think the search engine matters - I've tried them all - google, msn, aol, yahoo etc with the same results. If I copy and paste the url into the address bar i can get to the site. Also links will work once in a while seemingly randomly. I have tried to research the problem myself and have tried many programs (avg, superantispyware, MBAM, Hijackthis). I have tried everything in my knowledge and am at the point where Im ready to just reinstall windows. I'm going to post the hijack this log. If anyone can help me it would be much appreciated. Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:39:39 PM, on 11/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java&#... Read more

A:search engine redirect virus/malware??

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 23 answers
RELEVANCY SCORE 94

Hi Everyone,

I have tried many of the suggestions I have seen whilst googling (having to copy link addresses and not clicking them!)but decided to stop short of using combofix without some guidance! I have Sophos always installed and the other day (was after installing Hard Drive recovery software) everytime I click on a google or Bing link it redirects. The initial redirect seems to be to "www.greatsearchsystems.com" (i also had a blinx.com) and then goes to varirous sites including Stopzilla.

I tried a recovery point from a few months ago and unfortunately it did not help either. I have used Spybot, Sophos, Malbytes and a couple of others. I have also noticed my PC has been noticeably slower than normal, in particularly on boot up.

Whilst it may mean nothing, when I purposely clicked a google link and waited for the redirection to happen (it has become slower than usual in redirecting) my external hard drive (F:) purred into action. I don't know if that is any help but thought may be worth mentioning!

I have attached the attach.txt file and please find the contents of the DDS.txt below.

Many thanks for any help.

Stefan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Holmeside at 23:07:34 on 2011-10-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8183.5743 [GMT 1:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Win... Read more

A:Search Engine Redirect Malware/Virus

Just an additional note, on my taskmanager I have noticed that javaw.exe *32 is using 49,944k of memory which seems a bit strange!

Hope that helps. Many thanks once again,

Stefan

Read other 16 answers
RELEVANCY SCORE 92.8

Hey folks! I got a nasty virus about a week ago that I thought I was dead. Unfortunately, it seems to be still alive and kicking, although not as nasty as it first was. I had a bunch of viruses that Avast identified as Win32: Trojan Gen and Win32: Malware Gen. They were popping up like crazy, and avast seemed to be grabbing most of them, but enough slipped through for things to get ugly. A great friend helped me mostly kill it via combofix and malware bytes. The only remnant seemed to be the search engine redirector that seems to bring me to flurrysearch and other random sites maybe 1 in 5 times using both bing and google.

Today, however, Avast found two more viruses: A trojan gen (cliconfig4.dll, which was in windows\system32) and a malware gen (wsaeconrmx.tmp, which was in my local settings). I haven't done any weird surfing at all and I'm pretty sure these are leftovers from last week's debacle. Before I found this place, I tried malwarebytes, advanced systemcare and hitman pro to see if they might find anything, but no dice. I'll post the stuff that the site tells me to, let me know if you need any additional info. Thanks in advance for the help! I wish I knew more about how to fix these things myself. I love fixing things myself but I know when I'm over my head!

-- Mike

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Shibo at 15:51:52.70 on Sun 03/13/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows... Read more

A:Search Engine Redirect Virus, Malware Gen, Trojan Gen

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 12 answers
RELEVANCY SCORE 92.8

All of my search engine searches are being redirected to advertisements. This happens in both Firefox and IE. I've scanned my computer w/Spybot, SpywareBlaster, SuperAntiSpyware, AdAware, Windows Defender, Avast, AVG, and McAfee and nothing has been able to detect the problem.DDS (Ver_09-12-01.01) - NTFSx86 Run by Jennifer at 13:34:12.71 on Sun 01/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1333 [GMT -6:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA... Read more

A:Infected w/search engine redirect virus/malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 92.8

Hi Everyone

Windows XP SP3
AntiVirus: NOD32
Windows Firewall: Turned ON

I also have been hit with the search engine malware\virus !! When I was doing an inital search - i recieved a pop up window that flashed and went away, it was too fast to read. I then clicked on another link and it went to a porn site. Before finding this forum I have run Malwarebytes Anti Malware, Kaspersky Anti Virus Removal Tool, Super Anti Spyware. On one of the scans the following Trojan's were found and removed:
HEUR:Trojan.Win32.Generic (C:\Documents and Settings\David\Templates\memory.tmp)
Trojan-Downloader.Win32.Injecter.ajz (C:\Program Files\ESET\cache\FND2.NFI/PE-Crypt.XorPE/UPX)
Trojan-Spy.Win32.Agent.eug (C:\Program Files\ESET\cache\FND1.NFI/PE-Crypt.XorPE/)

After a restart the whole process seemed to happen again, I did another search but this time I managed to get a print screen. The pop up said: Do you want to allow this websie to open a program on your computer?
From: kezamzk
Program: Microsoft Help & Support Centre
Address: I have this in a screenshot but it doesn't show the entire site.
I selected Cancel but in the background the website tab had base64 Encoding/Decoding - i'm not sure if this is revelent.

I have since then run different Malware removal programs but nothing has fixed it. I got all the details required to post in the forum but when opening IE (the pc was not connected to the internet it crashed and will not boot. I really need some help. I have tr... Read more

A:Search Engine Redirect Malware\Virus - Now PC Won't Boot

Bump
 

Read other 1 answers
RELEVANCY SCORE 92.8

Hi all,

I have some sort of malware that is redirecting to other sites when clicking on search engine links (both in IE and Firefox). I am using XP Professional SP3. This malware also randomly creates a new browser tab for a site from time to time. I have run MBAM, Symantec Antivirus, CCleaner, and Combofix to no avail. Below are the logs requested (DDS & Gmer). Thank you for your time and help with this matter, it is appreciated.

DDS (Ver_09-11-29.01) - NTFSx86
Run by IWU at 9:46:46.37 on Sun 11/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.402 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec A... Read more

A:Search engine redirect malware / virus infection

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------


Quote:




and Combofix to no avail




Who instructed you to run ComboFix? As stated in the disclaimer you had to pass when running ComboFix, it is not intended for unsupervised use.

As you also should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\ComboF... Read more

Read other 19 answers
RELEVANCY SCORE 90.4

Good afternoon.I am working on a problem on an older Dell. So it's a Dell, Dimension 8200 Windows XP Version 5.1 Service Pack 3, if that makes sense. We use it as a second computer, and used it infrequently. We had no virus software on it. Our primary computer died, so we began using the Dell (without an anti-virus), and then one day it was invaded and began to have multiple issues. 1. Runs insanely slow.2. Google searches are redirected if I use the toolbar or search automatically in the main web address box. 3. Spybot would not run, or would fail to update.4. Malware bytes would get stuck updating5. Bitdefender (not installed when problems began) will not install. It freezes about 3/4 of the way through. Or, twice in the past month, the stars aligned, and my fingers were crossed at the same time and it did install, but the firewall would not work. I did run a deep system scan on both those occasions. But shortly after the system scan would complete, I would have the system crash - blue screen. I would then have to uninstall Bitdefender in safe mode. Over the past month, I have been able to run spybot, Malwarebytes, and bitdefender at various times. But they will not work consistently. At present, malwarebytes and bitdefender are both uninstalled. In addition, after trying to run spybot, or malwarebytes, I could no longer access the internet through a web browser or email. To get around that, and regain internet access, I would create a new user acc... Read more

A:Seach engine redirect, spyware, virus software issues

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Let's try Gmer instead of RootRepealPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open t... Read more

Read other 6 answers
RELEVANCY SCORE 89.6

I am positive I have malware of some kind. I get the google redirect thing and some anti-virus programs like malwarebytes or spybot search & destroy won't open up when i double click on them. I first noticed this when i restarted my computer when it froze. My My Documents folder was deleted (or something else, its just not there) and i had the viewmgr error on startup. Google also takes a long time to load and 80% of the time when i search for something and click on a link, i go to a random website. As i said, most of the antivirus programs won't install/start. The hour glass shows up for a split second then nothing happens. No error or anything. I was able to remove the viewmgr through my AIM folder and add/remove programs. Now im coming to you guys .

Anyway, here is my DDS log


DDS (Ver_09-06-26.01) - NTFSx86
Run by test at 16:46:43.89 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1452 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe ... Read more

A:Search's redirect, running issues, malware

Hello, and welcome to the forums.

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

==========================

If that doesn't work....

Go here, scroll down and download RootRepeal.zip to your Desktop. Unzip that, and then click RootRepeal.exe to open the scanner. Next click on the Report tab, and then click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click Ok.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

You will then be asked which drive to scan. Check C: and click Ok again. The scan wil... Read more

Read other 2 answers
RELEVANCY SCORE 86

Hello,

Over the past several days, I used Malwarebytes' uninstall guides to remove a couple viruses; however my computer is still having some lingering issues:

1) When I click on search results from Google and Yahoo, I get redirected to other sites. The most common sites are scour.com, overdubs.us, gimmeanswers.org, and happili.com.

2) There is no sound when I try to listen to live streaming (NPR) or watch videos over the internet. The system sounds are still working.

3) I cannot enable the MBAM Protection Module. I get error message, "[Start Service] Failed to perform desired action. Error Code: 1068"

I don't know if my Windows system is 32-bit or 64-bit so I did not create the GMER log. (I tried to run that scan a few days ago and it stopped before it completed. Sorry I didn't note the message it gave me when it stopped.)

Thank you for your help in solving these issues.

Jaci

 attach.txt   4.42KB
  1 downloads
Here is my DDS log.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jaci Stanton at 11:22:17 on 2011-06-13
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm080YYUS&fl=0&ptb=szWiKRJIROdCDjKfvg983A&ind=2007021415&url=http:/... Read more

A:Search redirect and other issues after virus removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 29 answers
RELEVANCY SCORE 85.2

Good Afternoon,
 
 
Recently I made the mistake of hitting a bad download link and now I have some issues with my PC.
 
A few fuax programs like PC cleaning software and crossbrowse was installed. Macafee seemed like it took care of all problems in the PC itself, but as soon as I log into the internet, I get redirected to various websites that are definitely not legitimate.
 
I used your services years ago, and I'm hoping you can help me out once again. Thanks in advance.

A:Having some issues with a redirect virus/malware on my PC.

 Hello Bluefin13 and welcome back,
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
------------
 
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.
 
§  Double-click m... Read more

Read other 0 answers
RELEVANCY SCORE 84.4

Good Evening,

My PC (running Windows Vista) has been slow for some time but nothing to worry about but it has become much slower since the Google Redirect problem appeared yesterday. I can enter a search in Google but when I click on the link it goes to another search site or web site. I can get around it by copying and pasting the URL from Google but not really a long term solution.

In addition, I am having problems as below:

1. Seem to be stuck in Windows Classic mode
2. The Internet Explorer back button is not working (can use the drop down box to go back, but not the arrow)
3. Unable to load Windows Updates
4. Takes 3 to 4 tries before I can get IE to open correctly without seizing up - and if it does seize up I am unable to close.

I have scanned with Microsoft Security Essentials more than once and have located and deleted Trojans, however it has not remedied the problems as above.

I would really appreciate any assistance or advice you can provide after reading my logs as below and attached. Please also feel free to tell me if any of the programs I might have installed deliberately are causing me problems/are dodgy.

I have pasted the DDS.txt below and attached the Attached and Ark documents. Totally unsure of whether my Windows is 32 or 64 bits but managed to get a ark.txt file to attach just in case.
Thanks very much for your assistance.

Susan

DDS (Ver_10-12-12.02) - NTFSx86
Run by Susan Myers at 17:41:02.84 on Sun 23/01/2011
Internet Explorer: 8.0.... Read more

A:Google Redirect malware/virus - and other issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 21 answers
RELEVANCY SCORE 84.4

OS: Windows xp
CPU: Dell inspiron E1505 labtop

Ok here is the deal. My cpu got infested gave me a blue screen and would not even load windows. I sent it to the shop and it got cleaned and i get it back today and now i still have the redirect issues. The only other thing on the network is my ps3 and that has seemed to be infected as well (even though no one believes it is possible; like im too stupid to realize what it is i clicked) i have tried to use malwearbytes but it refuses to update i get the error MBAM_ERROR_UPDATING (12007 , 0, winhttpsendrequest). I have run scans with super anti spyware (free), eset online antivirus symantac antivirus full version 10.1.7.7000 spybot search an destroy; i have high jack this downloaded but i wont dare use it without guidance and finally ccleaner. A couple programs picked up small things but nothing that fixes any of my main problems with redirect virus or malwarebytes not being able to update. im beat any help would be highly appreciated because i know this is a subject being beaten to death at this time

A:Redirect virus and malware update issues

Hi -Try this with your Malwarebytes program first -To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read CarefullyWindows XP:Click on Start and select Control PanelOpen Add/Remove ProgramsUninstall Malwarebytes' Anti-MalwareRestart your computer very important !Download and run mbam-clean.exe from hereIt will ask to restart your computer, please allow it to do so, very importantAfter the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from hereNote: You will need to reactivate the program using the license you were sent via email if using the Pro version only -Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Read other 2 answers
RELEVANCY SCORE 83.2

My older Mother has issues with browser redirect, very slow computer system, possible virus/malware?. She keeps rebooting but her computer freezes up and won't shut down. Below are the various logs:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 Processor 3800+, x86 Family 15 Model 95 Stepping 2
Processor Count: 1
RAM: 446 Mb
Graphics Card: NVIDIA GeForce 6150 LE , 256 Mb
Hard Drives: C: Total - 143846 MB, Free - 125707 MB; D: Total - 8762 MB, Free - 568 MB;
Motherboard: ASUSTek Computer INC., NAOS, 1.05, MS1C6AS00302402
Antivirus: AVG Anti-Virus Free, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:40 PM, on 12/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C... Read more

A:Browser redirect/virus/malware issues that I can't solve on my own

Read other 16 answers
RELEVANCY SCORE 83.2

Hi there, I have a redirect virus issue plus other malware problems and hoping someone can help? It's defeating me! My boyfriend first noticed when clicking on a search result in google, instead of the search result displaying, a new window opens which redirects to 'results5.google.com' - usually showing the google homepage (or another search engine) instead of the correct search result. Closing this new window and repeating the process 3 or 4 times tends to eventually get to the correct search result. Really annoying! Also clicking on a link (eg. in the bleepingcomputer forums) will eventually take me to the link but also opens a new window 'http://search.google-analytics.com'.Then the pc dumped its graphics drivers, so he turned it off and plugged in our other pc - which behaved in the same way as the 1st pc, except it didn't dump its graphics drivers. Same redirect issue.So we turned back on the 1st pc, reinstalled graphics drivers and have run Malwarebytes several times - it finds and removes more bugs each time we run it! (Please see below) Run tdsskiller and it finds nothing.Followed instructions online to reset the router and flush the dns cache. Still got this redirecting issue.I've run out of things to try and hoping someone can help? As we have the same issues on 2 computers which are never on at the same time, is this a router virus? I'm not a total novice computer user, but I'm in way over my head with this... Read more

A:Redirect virus - results5.google.com - plus other malware issues

Here's the GMER log, hope this helps.Lucie

Read other 8 answers
RELEVANCY SCORE 82.8

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

A:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 13 answers
RELEVANCY SCORE 81.6

My computer is running Windows XP. I previously had Symantec Antivirus and on Tuesday (July 20) when I went to use my computer I received the BLUE screen twice. I was just checking email and surfing the web. Later that night I was surfing the web again and all of the sudden my screen became bombarded with Symantec email proxy pop ups. They took over machine whenever I was connected to the Internet. I removed Symantec Antivirus and the pops up stopped. I installed the free version of AVG Anitvirus which completed a scan of my computer and found 6 infections. They are:

C:\WINDOWS\system32\mcvup.exe
C:\WINDOWS\p3dens.dll
C:\Documents and Settings\me\Local Settings\Temp\qodigx.exe
C:\Documents and Settings\me\Local Settings\Temp\bxwn.exe
C:\Documents and Settings\me\Local Settings\Temp\5F.tmp
C:\Documents and Settings\me\Local Settings\Temp\5D.tmp

They have all been moved the the "virus vault".

The next day AVG found c:\System Volume Information\_restore{F22ECDBF-07FD-48E2-8346-7D4E4D9E57A8}\RP29\A0006724.dll and moved it to the virus vault.

The day after that AVG found c:\System Volume Information\_restore{F22ECDBF-07FD-48E2-8346-7D4E4D9E57A8}\RP29\A0006725.exe and moved it to the virus vault.

Now when I do a google search and select a link I get redirected to somewhere else. I primarily use Chrome but I have Internet Explorer installed as well and have run into the same problem regardless of browser or search engine (I tried yahoo too and I get redirected.)

I d... Read more

Read other answers
RELEVANCY SCORE 81.2

My comp is infected with malware, I am getting redirected to a bunch of different sites.

I have already run Malwarebytes, as I noticed similar topics list that as a first step. Here is my log file, though it says no malicious items detected.

I also attempted to run TDSSKiller.exe but my computer aborted the program.

Any help is appreciated!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6472

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

4/29/2011 12:09:41 PM
mbam-log-2011-04-29 (12-09-41).txt

Scan type: Quick scan
Objects scanned: 208280
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

A:Search Engine Redirect Malware

I suppose I should just throw my comp out of the window? Can anyone help?

Read other 4 answers
RELEVANCY SCORE 81.2

Just today my computer was infected with a virus (antivirus plus) so I removed it using a malware remover that was suggested on this site. Now however I'm having trouble with my internet's search engines. When I attempt to click on a link that is in the search results (on Internet Explorer) it redirects to an unwanted (and sometimes virus filled) site. I tried using Spybot-Search and Destory which deleted about 13 files that I think were associated with this problem but the problem still hasn't been fixed. Websites work fine when typed directly into the location bar and otherwise I'm having no problems. I'm not really tech sauvy but I'm hoping to get easily understood help so I can fix this without taking my computer to the shop.

Thanks so much!

-Andromeda

A:Search Engine Redirect Malware?

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 1 answers
RELEVANCY SCORE 81.2

Hi, I'm in what appears to be a depressingly common situation. Late in december, Avast! detected a virus, Win32:Hilot. I shifted the affected file to the chest, ran (clean) spyware checks and nothing much more seemed to happen. However, through January, I have been suffering from redirects in Google in 3 browsers (Chrome, FF and IE) when accessing search engine results. The redirects tend to bounce through a couple of sites before landing me at a vaguely related search page. Subsequent Avast! scans revealed another infection, Win32:Hilot and Win32:trojan-gen. Both had infected/generated .dll files in the WINDOWS directory, which were just random character strings. I unregistered and quarantined the files, and checked my registry and processes for signs of untoward behaviour, but have been unsuccessful finding any problems. Spyware scans with MalwareBytes and SUPER-Anti Spyware also come up clean even though the redirecting still occurs.

Here are the requested logs; I recently switched off System Restore on some generic advice from another website for dealing with malware, but it hasn't helped, so please let me know if I should reactivate it. Also, I have uploaded the two other txt files in .rar format, if it needs to be in .zip I can do that also.

As my OS came preinstalled, I do not have an original Windows install CD or a prepared boot disk.

Thanks in advance for any help.

DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 14:22:37.57 on Mon 01/02/2010... Read more

A:(Another) Search Engine Redirect Malware

Hi,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it ... Read more

Read other 11 answers
RELEVANCY SCORE 81.2

Hello,My computer has recently been infected with the annoying Yahoo/Google search result links being redirect to various sites. I ran the defogger and I was able to run the DDS and saved the logs from it however when I ran the gmer my computer restarted during the scan the 2 times I attempted it. Let me know what I can do to resolve this. Thanks.DDS (Ver_10-03-17.01) - NTFSx86 Run by CentanAV at 15:53:50.67 on Mon 05/24/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2436 [GMT -5:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\ActivIdentity\ActivClient\accoca.exeC:\WINDOWS\System32\svchost.exe -k Akamaic:\centenn.ial\audit\CAgent32.exec:\centenn.ial\audit\xf... Read more

A:Search engine redirect malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 16 answers
RELEVANCY SCORE 81.2

Hey, just recently my computer started redirecting me to ads on google and bing. I thinks its a rootkit but cant be sure. Here's my Hijack report.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:04 PM, on 4/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Managed VirusS... Read more

A:Search engine redirect malware

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool. It is not detailed enough for today's infections.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


As stated in our pre-posting sticky topic...

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




If you have more than one antivirus software installed, leave only ONE and uninstall the others




While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may c... Read more

Read other 1 answers
RELEVANCY SCORE 81.2

Hello everyone,

I have never posted on here before so if more information is needed please let me know. I have had this reoccuring problem for a few months where I mostly get redirected during search engine queries, but also sometimes when I open a random website. It is never the same website that get redirected. I have tried a number of anti-virus and anti-malware programs, but i can't seem to root out the problem. I have went thru the prep guide so here is the DDS log. Any assistance would be much appreciated.

Thanks Matt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Christopher at 10:21:36.29 on Mon 01/24/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.481 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sch... Read more

A:Search Engine Redirect Malware

Good evening. Please download MBRCheck.exe by a_d_13 from here and save it to your Desktop. Double click the file to begin the scan. A Command Window will open and after the scan has completed you will be prompted to select further action - please exit in the stated manner. A text file called MBRCheck_date/time.txt can be found on the Desktop. I'd like you to post the contents in your next reply.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Download Preformat.zip from here and save it to your Desktop. You will need to extract the file.Right click on the zipped folder and from the menu that appears, click on Extract All...In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on FinishYou should now see a folder with a .vbs file in it. Double click Preformat.vbs to run it and a text file called Preformat.txt should be created in the same folder - either that or you'll get an error message.Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

Read other 27 answers
RELEVANCY SCORE 81.2

Hello, I am trying to get rid of Malware on a co-worker's computer and I believe she still has some on it. I've ran Malwarebytes' program, Spybot S&D, Combofix, SDfix. Everytime I goto search for something on Google, the search goes through fine, but when I click on the link, it redirects me to a random search engine. I've run the above programs multiple times and most of them did pick up malware on the initial run, but nothing after that.Here's my logs:Malware Bytes:Malwarebytes' Anti-Malware 1.32Database version: 1653Windows 5.1.2600 Service Pack 31/14/2009 7:27:34 PMmbam-log-2009-01-14 (19-27-34).txtScan type: Quick ScanObjects scanned: 64516Time elapsed: 4 minute(s), 17 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)SDFixSDFix: Version 1.240 Run by Administrator on Wed 01/14/2009 at 06:50 PMMicrosoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :AUTOEXEC.NT Restored from backupsRestoring Default Security ValuesRestoring Default Hosts FileRebootingCh... Read more

A:Search Engine Redirect Malware

Hello JSeiler and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please download OTViewIt to your desktop.Close all windows and double click OTViewItPlace a tick in the Scan all Users boxIn the File Age drop down box select 90 daysClick Run Scan and let the program run uninterruptedOn completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.Please download ComboFix from one of these locations:BleepingcomputerForoSpywareGeeksToGo* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree ... Read more

Read other 7 answers
RELEVANCY SCORE 81.2

Hi there!

First of all, I wanted to say thank you so much for making such an easy-to-follow tutorial about what to do before posting on here.

Now, I've had this malware for a couple of weeks, and really don't know what to do about it. When I use Google or any other popular search engine, on any browser, I am redirected to spam sites and other nasty things. Also, whenever I attempt to use firefox, it crashes within a few minutes of being open, and gives me a crash report window - this does not happen with Google Chrome or Safari.

The current anti-virus program I use is McAfee Security Center, which I did multiple full scans with recently. It came up with 4 trojan viruses which it was able to delete, but I still have the search engine redirect problem, and my spam folder is getting swamped on my e-mail with scam and phishing links, so I'm really concerned about my personal information and passwords.

Earlier today I tried to use "Malwarebytes' Anti-Malware" program, but after installing it, it would not run or open at all. I also tried to use "RootRepeal", but was also unsuccessful with that, as it became unresponsive when I attempted to use it. So now I'm here! I have included the DDS report below, and attached the .txt files that were requested in the tutorial.

Thanks a whole ton in advance! This seems like a great site, and I really hope I can get my issue resolved.

- Lindsay

-----
DDS (Ver_10-11-10.01) - NTFSx... Read more

A:Search engine redirect malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 7 answers
RELEVANCY SCORE 81.2

Hi, I have expended my knowledge in how to remove this malware. First of all let me tell you want happened and what I've done. In short, my computer was infected through Java from a article on Yahoo. It "removed" all my personal files, removed my background, etc. I realized it had just "hidden" all my files instead. I had a lot of system restore files dating before when I received the virus, and I chose the farthest one I could go back. That cleared most of the problems I was having, after that I ran Avira, Spybot and MalwareBytes to clear anything remaining. Spybot is the only one that found anything and it was just cookies. Thinking all was fixed, I was doing some searches to reinstall and update some programs because of the system restore and noticed that I was getting redirecting for a good 4-5 times then it would stop intermediately and allow me to go to the page I wanted. Also, I have noticed that IE will start by itself and start playing what sounds like ADs but IE isn't viewable and I can only see it running in Windows Task Manager.

So far I have ran complete scans with Avira, Spybot, MalwareBytes, Ad-aware, Hitman 3.5 and Avast. I downloaded TDSSKiller but that refuses to run. I just downloaded HiJackThis but the log isn't working, it's not saving anything even though I tell it to. Also, Avira's system scan didn't pick this up but its' Guard did, "ADSPY/AdSpy.Gen3". It showed the location of the file but it w... Read more

Read other answers
RELEVANCY SCORE 81.2

My comp is infected with malware, I am getting redirected to kdirectory.co.uk, mydealmatch.com, askslots.com, etc.

I have already run Malwarebytes, as I noticed similar topics list that as a first step. Here is my log file:

Any help is appreciated!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4378

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

8/1/2010 8:29:35 PM
mbam-log-2010-08-01 (20-29-35).txt

Scan type: Quick scan
Objects scanned: 158312
Time elapsed: 13 minute(s), 15 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
C:\WINDOWS\temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\mobclret.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hjevamava (Trojan.Hiloti) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\972076858 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows�... Read more

A:Search Engine Redirect Malware

Hello and welcome. Please run the tool here How to remove Google RedirectsWhen it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key... Read more

Read other 9 answers
RELEVANCY SCORE 81.2

I have ran virus scans and spyware scans using cyberdefender. The spyware found two high risk items (forgot the names), but still have search engine redirect problems. Thank you for helping.DDS (Ver_09-12-01.01) - NTFSx86 Run by Brian Brinkman at 4:25:39.81 on Sat 01/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.34 [GMT -6:00]AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {36B28EEF-2CD3-4ECB-B4B7-7C7A2B8359E3}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEsvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.ex... Read more

A:Search Engine Redirect Malware (do not know name)

nevermind i think i have it handled.

Read other 2 answers
RELEVANCY SCORE 81.2

Hello all. I am using Windows Vista Business with Firefox as my primary browser. I recently got infected with some kind of malware/trojan after visiting an infected web page two days ago. It was caught by Symantec AntiVirus, which identified it as "Downloader", and was cleaned by deletion. The next morning, upon starting up my computer, Windows Defender detected another risk, identified as "Trojan:Win32/Hiloti.gen!D" which was also removed. I also deleted a suspicious registry entry that was flagged by Windows Defender (but permitted): HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Crozayejuhediq.

Since then, I haven't had any detections of harmful software by either Symantec Auto-Protect or Windows Defender. I also ran scans with both Symantec and MalwareBytes Anti-Malware, with nothing detected.

However, I noticed that today, when I am using Firefox and click on a Google search result, it occasionally redirects to an unrelated page. The browser status bar reads "http://feed.bizzclick.com/click.php?id=....." or "http://meta.7search.com/click/click.aspx?=....." for a few seconds before redirecting. This has only happened several times today, so it is too sporadic to tell whether it occurs on Internet Explorer or on other search engines. Again, nothing was detected by Symantec or MalwareBytes.

Any help would be greatly appreciated. Thanks.

A:Search engine redirect malware

Hello and welcome. Let's run these and see how we are after.Clear the temp files. TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Now an Online scan.Please perform a scan with Eset Online Antiivirus Scanner.This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.Click the green button.Read the End User License Agreement and check the box: Check .Click the button.Accept any security warnings from your browser.Check Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quaranti... Read more

Read other 3 answers
RELEVANCY SCORE 81.2

Hello,

I am currently experiencing a problem in which the links in Google and Bing search results are redirected to other websites, often first going through an intermediary such as thefindfinder.com or aimsearcher.net. These searches were done on Firefox 13.0 Beta and Internet Explorer. I am currently running on Windows 7.

Interestingly, I also tried the Google-powered search on Toshiba.com and those links did not experience the redirect problem. Also of interest is that the problem appears to be intermittent, in that sometimes links work fine and other times they redirect.

I figured it was a long shot, but I went ahead and checked my Hosts file. Nothing extra was there.

Any assistance is greatly appreciated. I see from searching this forum and elsewhere that this problem is not uncommon, but also that the solutions tend to vary greatly. I figured that it was best that I seek individualized help.

A:Search Engine Redirect Malware

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 13 answers
RELEVANCY SCORE 81.2

Sir/Ma'am,
Like many others on this site, I have been infected with search engine re-direct malware and am unable to identify or clean it. I have run spy-bot search & destroy, adaware, etc. My OS is Windows 7 Home Premium. If we can't fix it through this forum, I am going to wipe the hard drive and start again. Thanks ahead of time for your help.

A:Search Engine Redirect Malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 21 answers
RELEVANCY SCORE 80.4

My internet connection is running very slow. In addition to this, when I do a search on Yahoo, the first 10 results never have anything to do with my search, they are always some sort of advertisements or something. Can you please examine my Analyzed log file to see if there is anything I should take care of? I have already done AdwareSE. Thanks very much for your help.

=========================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:51:08 AM, on 3/23/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\EloSrvce.exe
C:\WINNT\System32\EloLnchr.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINNT\System32\EloDkMon.exe
C:\WINNT\system32\LxrJD31s.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - ... Read more

A:Search Engine Issues

Hello sorrells97 and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when a reply has been made.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 80.4

I'm having issues with my search engine. When I search for an item ongoogle,yahoo etc, the results take me to a completely different sitethan the one stated. I ran all kinds of antivirus and such but it's nohelp.
ILogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:17 PM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Linksys EasyLink Advisor\L... Read more

Read other answers
RELEVANCY SCORE 80.4

When using the google search engine 2 things are happening. I am constantly getting search results from the .co.uk and other foreign countries, not the usual .com. When I do get results for websites I am looking for and click on the a page pops up saying I am being redirected and then another page pops up that has nothing to do with my search. I have run malware to no avail. I am also running McAfee. I ran hijackthis and can provide a log if needed. Am I under any type of security risk (id theft ect...)?

Thanks in advance for any help.
 

Read other answers
RELEVANCY SCORE 80.4

Hey guys I really need some help. I am not real computer smart, so I really need some patience too. I am having all kinds of issues when using IE. It takes several (4-6) double clicks for IE to even open. I have run CCleaner, adaware, Ewido, and Mcafee, and deleted everything it found, but I am still having issues. My major problem is, I am getting re-directed from every search engine I use. For example, if I search "Ebay" in Yahoo, google, or dogpile and I click on it, it will re-direct to a different search engine or porn site or some ebay forum, etc....What am i missing, thank you for all the help? I am about to throw this thing out the window.Logfile of HijackThis v1.99.1Scan saved at 7:29:20 PM, on 10/26/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program ... Read more

A:Ie Search Engine Issues, Help.

Sorry for the delay. If you still need help with your log please post a brand new HJT log as a reply to this topic and I will help you clean it up as necessary.

Read other 9 answers
RELEVANCY SCORE 80

Hi, I turned my laptop on today and when I used google the font of the results are larger and when I click any of the results it opens a new window and it automaticaly redirects me to an ad site. I ran fixwareout and got this report:

Username "Owner" - 03/20/2009 21:33:11 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\System32\\WLTRAY"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
&quo... Read more

A:Search Engine Results Redirect Malware PLEASE HELP!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 80

When I run a search, using any search engine (not just google) I am redirected to random ad pages. I am also unable to download upload files to my virus scanner (Zone Alarm) or Ad-Aware. An alert pops up saying "unable to connect to update server."

A:Search engine redirect malware infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers