Computer Support Forum

Search Engine Redirects, Trying To Solve Problem Made It Worse

Question: Search Engine Redirects, Trying To Solve Problem Made It Worse

For the past six weeks, I've had a simple search engine redirecting virus on my Windows 7. For five weeks, I tried running typical anti-virus software such as MalwareBytes, AVG 2013, and Microsoft Security Essentials. It wasn't too harmful, and I pretty much just needed to click a search engine result a second time and I would get to where I needed to go. However, this past week during a long holiday break, I tried running new antivirus software such as Super Anti-Spyware, Spybot, ComboFix, and TDSSKiller. The last two seemed successful at finding problems, but at the cost of the virus reacting viciously and deleting files and cutting off access to the internet.
 
I tried system restore, and was able to get it mostly back to the way it was before trying to install the new antivirus software, except that I now need to grant permission to allow Adobe Flash videos to work every time I wish to view one. This problem mostly occurred on Firefox, so I swapped to Internet Explorer. However, IE seemed to just recently develop a new problem of its own called Sweetpacks, and the homepage and searches are redirected to this obvious virus page. Checked back on Firefox, which I had uninstalled and reinstalled, and noticed that Firefox was able to disable this Sweetpacks add-on because it detected the security risk.
 
But right now, I'm trying to figure out how I might be able to solve this problem without backing up everything, as I have some student software that has a limited two installs per user, and I'd like to avoid using the second unless absolutely necessary.
 
I'm currently taking a class that requires lots of computer use, and this virus has really started to get in the way. If anyone can help me as soon as possible , I would very much appreciate it! Thank you!
 
Edit: I ran Security Check, Farbar Service Scanner, and MiniToolBox, based on a suggestion on another topic dealing with a redirect virus.
 
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  ``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Microsoft Security Essentials     
 Antivirus up to date!   `````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Deal Spy    
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
  Adobe Flash Player 11.3.300.265 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (22.0)````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  ````````````````````End of Log``````````````````````
Farbar Service Scanner Version: 08-07-2013
Ran by Kelsey (administrator) on 09-07-2013 at 02:35:29
Running from "C:\Users\Kelsey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP4XJFY0"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
 
 
 
 
 
MiniToolBox by Farbar  Version: 16-06-2013
Ran by Kelsey (administrator) on 09-07-2013 at 02:42:46
Running from "C:\Users\Kelsey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BCXH8AC"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
ProxyServer: localhost:21320
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
There are 15379 more lines starting with "127.0.0.1"
========================= IP Configuration: ================================
Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
   Host Name . . . . . . . . . . . . : Kelsey-LP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : mshome.net
Wireless LAN adapter Wireless Network Connection 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 70-F1-A1-FB-DE-FB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 5C-AC-4C-D3-2E-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
   Connection-specific DNS Suffix  . : mshome.net
   Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
   Physical Address. . . . . . . . . : 70-F1-A1-FB-DE-FB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ccc9:e24b:a863:db7a%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, July 09, 2013 1:18:11 AM
   Lease Expires . . . . . . . . . . : Wednesday, July 10, 2013 1:18:10 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 225505697
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-E9-29-36-F0-4D-A2-7E-12-6B
   DNS Servers . . . . . . . . . . . : fe80::9896:c35e:969c:bd05%11
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       mshome.net
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : F0-4D-A2-7E-12-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{61E026A7-DAD7-40EA-948A-264BAD36B164}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{7162B6DD-9C6C-4363-ADCE-ECEA57CF5E40}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{673AF8CD-699B-4CA2-9AF3-E2D90AD0DAD2}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:866:3167:b3a0:fbf9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::866:3167:b3a0:fbf9%14(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{95484305-ADA5-4FC1-B7AB-B3CEEB6A5BB9}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : mshome.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fe80::9896:c35e:969c:bd05
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Pinging google.com [74.125.239.37] with 32 bytes of data:
Reply from 74.125.239.37: bytes=32 time=22ms TTL=53
Reply from 74.125.239.37: bytes=32 time=28ms TTL=53
Ping statistics for 74.125.239.37:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 28ms, Average = 25ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fe80::9896:c35e:969c:bd05
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=84ms TTL=46
Reply from 98.138.253.109: bytes=32 time=80ms TTL=46
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 80ms, Maximum = 84ms, Average = 82ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms
===========================================================================
Interface List
 19...70 f1 a1 fb de fb ......Microsoft Virtual WiFi Miniport Adapter
 13...5c ac 4c d3 2e 30 ......Bluetooth Device (Personal Area Network)
 11...70 f1 a1 fb de fb ......Dell Wireless 1397 WLAN Mini-Card
 10...f0 4d a2 7e 12 6b ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    286
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    286
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    286
===========================================================================
Persistent Routes:
  None
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:4137:9e76:866:3167:b3a0:fbf9/128
                                    On-link
 11    286 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::866:3167:b3a0:fbf9/128
                                    On-link
 11    286 fe80::ccc9:e24b:a863:db7a/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 10 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 10 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (07/09/2013 01:17:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 141025
Error: (07/09/2013 01:17:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 141025
Error: (07/09/2013 01:17:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/09/2013 01:15:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32526
Error: (07/09/2013 01:15:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32526
Error: (07/09/2013 01:15:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/09/2013 01:15:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15647
Error: (07/09/2013 01:15:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15647
Error: (07/09/2013 01:15:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/09/2013 00:57:00 AM) (Source: Microsoft-Windows-RestartManager) (User: Kelsey-LP)
Description: Application or service 'Internet Explorer' could not be shut down.
System errors:
=============
Error: (07/09/2013 01:19:18 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (07/09/2013 01:17:26 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (07/09/2013 01:17:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
Error: (07/09/2013 00:01:05 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
Error: (07/08/2013 11:21:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (07/08/2013 11:19:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (07/08/2013 11:19:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (07/08/2013 11:18:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (07/08/2013 11:18:26 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
Error: (07/08/2013 10:49:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Microsoft Office Sessions:
=========================
Error: (07/09/2013 01:17:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 141025
Error: (07/09/2013 01:17:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 141025
Error: (07/09/2013 01:17:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/09/2013 01:15:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32526
Error: (07/09/2013 01:15:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32526
Error: (07/09/2013 01:15:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/09/2013 01:15:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15647
Error: (07/09/2013 01:15:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15647
Error: (07/09/2013 01:15:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/09/2013 00:57:00 AM) (Source: Microsoft-Windows-RestartManager)(User: Kelsey-LP)
Description: 1C:\Program Files (x86)\Internet Explorer\iexplore.exeInternet Explorer01117118520
CodeIntegrity Errors:
===================================
  Date: 2013-07-09 02:40:41.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-09 02:12:09.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-09 01:55:28.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-09 01:18:16.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-09 00:56:07.579
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-09 00:29:56.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-08 23:59:54.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-08 23:37:14.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-08 23:23:50.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-07-06 12:05:55.174
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
=========================== Installed Programs ============================
Adobe AIR (Version: 3.5.0.600)
Adobe Community Help (Version: 3.5.23)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Media Player (Version: 1.8)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.04)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Advanced Audio FX Engine (Version: 1.12.05)
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
AnimatorDV Simple+
Any Video Converter 3.0.7
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.10)
ASPCA Reminder by We-Care.com v4.1.22.1 (Version: 4.1.22.1)
Audacity 1.2.6
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
Autodesk Maya 2013 64-bit (Version: 15.0.0.0)
AV Voice Changer Software DIAMOND 7.0 (Version: 7.0.32)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 13.0.3349)
AVG 2013 (Version: 2013.0.3349)
Bamboo (Version: 5.2.5-5)
Bamboo Dock (Version: 4.0)
Bamboo Dock (Version: 4.0.0)
Bamboo Tablets Tutorial (Version: 3.0.20)
Banctec Service Agreement (Version: 2.0.0)
Blaine's Custom Speed Effects (Version: 2.0.1)
Bonjour (Version: 3.0.0.10)
Carbonite (Version: 5.4.7 build 3239 (Jun-13-2013))
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco WebEx Meetings
Cozi (Version: 1.0.4323.24051)
Deal Spy (Version: 1.27.153.7)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 7.1107.115.102)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Download Updater (AOL LLC)
Dropbox (Version: 2.0.22)
eReg (Version: 1.20.138.34)
EuroTalk Talk Now Plus! (Version: 1.6.8.1)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FL Studio 10
Free NaturalReader (Version: 9.0)
Google Update Helper (Version: 1.3.21.149)
GoToAssist 8.0.0.514
Hauppauge WinTV 7
HitmanPro 3.7 (Version: 3.7.6.201)
IL Download Manager
IL Shared Libraries
iLivid (Version: 1.92.0.118480)
InfoSeeker (Version: 2.6.17)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1994)
Intel® Rapid Storage Technology (Version: 10.5.0.1029)
Intel® Matrix Storage Manager
Internet Explorer Toolbar 4.8 by SweetPacks (Version: 4.8.0000)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Junk Mail filter update (Version: 14.0.8089.726)
KeyScrambler (Version: 2.9.2.0)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Logitech SetPoint 6.15 (Version: 6.15.25)
Logitech Vid HD (Version: 7.2 (7259))
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Morphine
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Little Pony
NewBlue Cartoonr for Vegas
Origin (Version: 8.4.1.210)
PDF Settings CS5 (Version: 10.0)
PowerDVD DX (Version: 8.3.6029)
PxMergeModule (Version: 1.00.0000)
Quickset64 (Version: 9.6.6)
QuickTime (Version: 7.72.80.56)
Roxio Burn (Version: 1.01)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.117)
Roxio Update Manager (Version: 3.0.0)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.107)
Sonic Activation Module (Version: 1.0)
Sound Blaster X-Fi MB (Version: 1.0)
Spybot - Search & Destroy (Version: 2.1.19)
SweetPacks Updater Service (Version: 3.0.5.5)
swMSM (Version: 12.0.0.1)
The Sims™ 2 Double Deluxe
Unity Web Player (Version: )
Unity Web Player (Version: 2.5.5b4_50)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Updater By SweetPacks 2.0.0.586 (Version: 2.0.0.586)
Vegas Movie Studio Platinum 9.0 (Version: 9.0.92)
Veoh Giraffic Video Accelerator (Version: 0.86.412.230)
Veoh Web Player (Version: 1.1.2.0000)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 1.0.1 (Version: 1.0.1)
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
WildTangent Games (Version: 1.0.0.71)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Movie Maker (Version: 6.0.6002.18005)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
ZoneAlarm Do Not Track Add-on 2.2.5.1213 (Version: 2.2.5.1213)
ZoneAlarm Firewall (Version: 11.0.000.054)
ZoneAlarm Free Firewall (Version: 11.0.000.054)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (Version: 11.0.000.054)
ZoneAlarm Security Toolbar
========================= Devices: ================================
========================= Memory info: ===================================
Percentage of memory in use: 80%
Total physical RAM: 4056.36 MB
Available physical RAM: 792.12 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 3824.63 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.14 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:244.31 GB) NTFS
========================= Users: ========================================
User accounts for \\KELSEY-LP
Administrator            Guest                    Kelsey                   
**** End of log ****
 
 

Relevance 100%
Preferred Solution: Search Engine Redirects, Trying To Solve Problem Made It Worse

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Search Engine Redirects, Trying To Solve Problem Made It Worse

Since you ran Combofix... Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies
Relevance 122.38%

Hello! I was asked to post here with DDS logs
 
For the past six weeks, I've had a simple search engine redirecting virus on my Windows 7. For five weeks, I tried running typical anti-virus software such as MalwareBytes, AVG 2013, and Microsoft Security Essentials. It wasn't too harmful, and I pretty much just needed to click a search engine result a second time and I would get to where I needed to go. However, this past week during a long holiday break, I tried running new antivirus software such as Super Anti-Spyware, Spybot, ComboFix, and TDSSKiller. The last two seemed successful at finding problems, but at the cost of the virus reacting viciously and deleting files and cutting off access to the internet.
 
I tried system restore, and was able to get it mostly back to the way it was before trying to install the new antivirus software, except that I now need to grant permission to allow Adobe Flash videos to work every time I wish to view one. This problem mostly occurred on Firefox, so I swapped to Internet Explorer. However, IE seemed to just recently develop a new problem of its own called Sweetpacks, and the homepage and searches are redirected to this obvious virus page. Checked back on Firefox, which I had uninstalled and reinstalled, and noticed that Firefox was able to disable this Sweetpacks add-on because it detected the security risk.
 
But right now, I'm trying to figure out how I might be able to solve this problem without backing up everything,... Read more

Answer:Search Engine Redirects, Trying To Solve Problem Made It Worse

Hello Aurum, I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

3 more replies
Relevance 81.18%

For about 2 weeks now I've been experiencing search engine and browser redirects - it started when Trend Micro expired and I was left unprotected for only a day. I ran a scan with MBAM and it found 4 instances of spyware.passwords.xgen, which I removed. I installed Trend Micro Titanium Internet Security and everything seemed okay for a couple of days, until pages started redirecting again, in one of two ways - either I would get to a Trend Micro warning page telling me that it was a dangerous page, or pages would not load and I would have to refresh them, making me think it was trying to redirect but had been stopped.I've scanned with Trend Micro and MBAM (however that was a while ago as when installing Trend Micro it forced me to uninstall MBAM) but nothing came up, however the redirects are still happening. The only thing that has come up is the atdmt cookie.Just additionally:- Around 2 or 3 weeks ago my gmail account was compromised and used to send spam, I'm not sure if this is related or not.- For a while, my wireless internet connection would stop working about 20 minutes after boot (giving me the 'windows cannot configure...' message). This seems to have stopped now, however I can't recall whether I did anything to fix it or not :/- Trend Micro has reported 1318 web threats stopped since it was installed - I would include a screenshot but I don't know how >_>XP Home Edition

Answer:Search engine redirects, removed malware but problem persists.

Hello. please change your email password as it's compromised. Please run the tool here How to remove Google Redirects Let me know if it finds something.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please ask any needed questions,post logs and Let us know how the PC is running now.

9 more replies
Relevance 81.18%

Sunday, I had a rather interesting evening. My Norton 360 subscription fell past due a while ago. Sunday, I finally had enough extra change lying around to update it. My computer has been fine this entire time without it. The SECOND I forked over the money, BAM! Virus, or something.

-A little shield icon called Security Tools, showed up on my task bar, and told me all about how there were critical errors and infections running. Any and every program I tried to run, Security Tools would shut down. After restarting, Security Tools was one of the first icons up, and even made the shortcuts on my desktop, and my wallpaper disappear. I couldn't even run Task Manager.

-Around this time, my google toolbar searches began to get redirected. I could type it in, and it would bring up relevant entries, but if I clicked on the links to those sites, it would redirect. Eventually requiring me to either copy/paste the address myself, or just keep back-paging and trying again, until it works.

-This lead me to think back to when I heard about HJT, and did some work on my computer 2 years ago, thanks to the wonderful guide and sites set up by merijn and the helpful database at CastleCops. Unfortunately, the bookmark I have for those sites is no longer valid, and I'm not going to play with fire twice, hoping that I don't kill a vital process using HJT.

-This was the first place I came, while it was happening. Interestingly enough; this site didn't get redirected. At least,... Read more

Answer:Security Tools Problem 3 days ago. Search Engine Redirects.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

12 more replies
Relevance 80.36%

Hello,

New to the forum and clueless about computers. My problem is that Internet explorer is not functioning correctly and the computer and connectivity is slowed way down. Search engine results (mostly from google) send me to other sites when I click on the results. If i reload the search page or click back, I can then access the results as normal. I have run updated scans with both Norton Anti-Virus and Spyware Doctor. Both found stuff, including Downloader(s) and cookies to be infected. The problem is not resolved, although Norton keeps finding cookies to be a problem almost every time I restart. I am running XP with a recent Service Pack 3 download on an HP laptop. The problem started happening with service pack 2 however, if that means anything. Thank you in advance for any help on the matter.

Scott

Answer:IE Hijacked, Search engine redirects, Anti-virus not fixing problem

Welcome to BC.Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Ma... Read more

6 more replies
Relevance 80.36%

Hi Everyone,

I'm sure you've seen plenty of threads asking to help resolve this "Mozilla Firefox / Google Redirect" issue, so I'm sorry that I'm posting yet another thread about it. Whenever I search for something using Google in Firefox, I will sometimes get redirected to another website when I click on the search results. For example, if I search for "GPLGS" in Google, the first search result (which is a link to a discussion on this forum) will be directed to another site. However, there are times when the search results will not be redirected.

I have not experienced this problem when using Google Chrome on this machine. In addition, I haven't experienced this problem at all on other machines that are linked to the same internet connection. This leads me to believe that the situation is isolated to my laptop, but I don't know much about computers.

I've read all of the instructions listed here, but I've been having trouble running the GMER Rootkit Scanner. The program usually runs fine, but whenever I try to start scanning after I uncheck the IAT/EAT box in the right panel, the process never finishes. I often get a blue screen with a message before my laptop reboots. I did notice a surge in CPU usage when this occurred.

Here is the DDS.txt file:

----------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Eddy at 20:03:37.60 on Tue 07/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft... Read more

Answer:Mozilla Firefox / Google Search Engine Redirects Links Problem

Welcome to TSF :)

Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

6 more replies
Relevance 79.54%

Hi, everyone. My computer has been afflicted with something that redirects search engines (Google, Bing, and Yahoo) in all three web browsers (Firefox, IE and Chrome) for about 10 days to 2 weeks now, though I am not sure when "it" actually got in. Kaspersky Internet Security 2011 let it through and can't find it, and updating to Kaspersky 2012 did't do anything either. Malwarebytes didn't stop it and can't find it, Hitman 3.5 didn't get it, and SuperAntiSpyware found a whole bunch of cookies and stuff the others didn't but couldn't fix the problem either. It may have exploited a Java weakness, because I was behind on Java updates; bad, I know. A curious detail that might mean something-for the last week linked pictures and linked vids have been failing to come through, but embedded pix and vid were ok. A new wrinkle this evening is that my web browser was/is just flat-out jamming and freezing the entire computer (no access to task manager, etc) after a few minutes of vanilla internet browsing. After four in a row I decided to restart in safe mode and bite the bullet by bringing my problem here. DDS, SuperAntiSpyware and Hijack This logs are below, DDS ATTACH is attached and I have run defogger, fwiw. Thanks in advance, E

DDS scan log=>
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by Erik at 21:43:14 on 2011-10-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.... Read more

Answer:Google/search engine hijack-getting worse

ello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.:multiple Anti Virus programs:It looks like you are operating your computer with multiple Anti Virus programs running in memory at once: AV: Lavasoft Ad-Watch Live! Anti-Virus AV: Kaspersky Internet Security> Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.Please remove all but one of them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to b... Read more

16 more replies
Relevance 76.67%

Okay,For the past 4 days I have been trying to get rid of malware that redirects my searches. It redirects searches links from google, yahoo, ding, etc. It may also be turning off my MacAfee when MacAfee updates at night. I have done all steps to cleaning this up as according to several forums I have seen posted. I'm running on an older hp that I have upgraded with more RAM, etc over the years. I run on XP. I need to try to keep this computer running for the next 6 months until I'm done with school, then I'm tossing this an buying new. Here is what I have done:updated Javaupdated Adoberun CC cleanerturned off real time scan on MacAfeerun malbytes anti-malware scanrun super anti-spy warerun hijack thisI just finished a full scan of MacAfee and it comes up clean.This is the last log from hijack this. Is there still something in here I should delete?Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:05:41 PM, on 1/1/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS&#... Read more

Answer:search engine redirects, website redirects

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

2 more replies
Relevance 75.85%

My problem started Sunday when I kept getting the screen which gives you the "Safe Mode" option, but no matter what I clicked I kept getting the "Safe Mode" screen. I called tech support and after I followed his suggestions I got a screen that said " Load needed DLLs for kernel" etc. The tech guy said I'd have to reinstall and would probably lose everything.
Monday I went and googled the error message to see if I could find more options, and which brought me to this forum. I followed the directions for the guide to reinstalling windows, however it set up a new Windows directory on my H drive (Before it was on my C drive).

1. Are my files still on my computer or did I screw up and erase everything? If my files are still on my computer how can I access them?
2. When I start my computer I get a menu giving me a choice of several Windows systems to choose from, one will get me to the new installation the other choices I will still get the same error message.
3. I could not find the Windows CD that came with my PC so I used a Windows XP professional edition that I had on my last computer. The PC I have now has XP home edition. Would this cause a problem?

Anything you can do to help will be greatly appreciated.

Matt
 

More replies
Relevance 75.85%

(For example: h t t p://www.pa-kua-chang.com)I've run AVG, Spybot, and Malwarebytes to no avail. Please help!Edit: Moved topic from XP to the more appropriate forum. Also deactivated URL from being a clickable link to avoid accidental clicking and possible malware infection for our members. ~ Animal

Answer:Any search engine on any browser I use redirects to other search engines and websites

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.===============================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

22 more replies
Relevance 75.03%

I don't even know where to begin with this. I've never been defeated so horribly. I cannot make any sense of this problem. I'm having the problems on the system shown below. Beginning about six months ago I started having these problems.
I would get blue screens once inawhile and there would be different error messages every time. Finally the o.s. hard drive started making a horrible buzzing and so I swapped it out for a different one. Alright... things seem to be going alright.
I leave my computer on for a week or so and there's no problems...until something causes me to have to restart. Half the time the drives aren't recogonized upon boot-up and if they are windows freezes mid boot. Usually after an hour of tinkering.. reorganizing the drives, shouting profanities and putting my fist through a wall it will reboot again.. until another week goes by and the same process repeats itself.
Now the o.s. drive I swapped out before is making excessive clicking sounds when booting. So I think maybe this one is bad.. just like the last one was bad.. I'm really burning through the drives here.. but that's alright, i've got drives laying all over. So today I pull out my seagate drive that i bought new a month ago. Naturally my motherboard doesnt recogonize the seagate...but in only 1 configuration... three drives have to be hooked up including the clicky one with the o.s. on it now and the jumper settings have to... Read more

Answer:6 months and I've only made the problem worse.

You bought a new seagate ....have you tried removing all the other drives (hard) and booting up with the seagate setup utility ...then try install os in it?

Have you run Everest on it to look at what it reports or run memtest?
Everest:
http://www.majorgeeks.com/download.php?det=4181
Memtest
http://www.majorgeeks.com/MemTest_d350.html

What is the exact error code on the BSOD?

How are all your three drives hooked up? Assuming master on last primary IDE/ slave on middle connection and....third on the secondary IDE along with the cd rom?

Have you run a disk check on the master?
 

18 more replies
Relevance 75.03%

Hello,

I recently had some sort of virus/malware attack my laptop which meant I was unable to access the internet. Its not a problem with the wireless as far as i'm aware as other people have been able to connect. The windows connection diagnostics said there was a winsock catalog error but sometimes it gives me different messages.

I attempted to try and fix it, firstly by running norton goback and then attempting to use DrWeb but think I've made it alot worse (did that before reading the first 'DO NOT FIX YOURSELF' page on the forum - schoolboy error).
A few virusy type things that have come up in the scan are 'trojan.swizzor' and 'adware.xbarre' and 'tool.killproc.3' - Think they are quarantined but not entirerly sure. i have the scan results saved if you require them at a later date.
i'm writing this from another pc as the laptop cannot connect to the internet.

Here are the reports of the scans as requested:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Tim Abraham at 0:23:39.92 on 27/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.583 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtSe... Read more

Answer:Virus problem... made worse

Bump, please.

6 more replies
Relevance 75.03%

Google Search Redirects to Gala Search Engine. Also a second window opens everytime i open IE. I have ran everything from Hijack This, Malware Bytes, Norton, etc everything comes back fine with no issues however something is obviously on the machine and i dont know how to prevent these redirects. I even tried to install Firfox but had teh same redirect issues. Anyone have any ideas? Thank you

Answer:Google Search Redirects to Gala Search Engine

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

1 more replies
Relevance 73.39%

Few days ago, my computer got this "antispyware" virus (i am presuming) that rendered the internet explorer and any other files and programs useless. Everything I did directed me to pay to buy the antispyware. I am guessing to still my credit card info. Anyway, I did not fall for this. Took it to my school's IT who stopped the virus from attacking just long enough to run my malwarebyte. It caught some infections. I removed it and it worked fine for a day until it came back. Only this time, it seemed "weaker" in that I didn't need to take it to the IT to stop the virus now. When I rebooted, I opened malwarebyte as quickly as I could, ran it, found some more stuff and removed them. The pop up in the taskbar for antispyware and message about password stealing trojan stopped, and everything seemed to be working fine. Except two things started happening soon afterward. 1) google and yahoo searches are now being redirected. Started out infrequent. Now all searches are redirected. and 2) after working on my computer for a long time, in the taskbar, the red shield with X comes up saying my antivirus (Norton) is outdated. I would check and find it says antivirus is outdated. First time it happened, I thought maybe it needs updating. So I updated the antivirus. Message went away. I thought it was fixed. Then the very next day, again, after working on my computer for few hours, same thing. Now I know it is a problem because why would my antivirus become outda... Read more

Answer:Google search engine results redirected and anti virus made outdated

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

19 more replies
Relevance 72.98%

I am having a problem getting rid of this search engine redirect bug. I have run both malwarebytes and spybot both have found items and removed them, but I am still getting redirected. Here are my latest Malware and hijack this logs. I already have the latest version of combofix download so if you need that log i can provide it also. thanks in advanced for the help. Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4154Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187025/29/2010 11:11:24 PMmbam-log-2010-05-29 (23-11-24).txtScan type: Full scan (C:\|)Objects scanned: 241592Time elapsed: 47 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\Owner\Application Data\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Informat... Read more

Answer:Search engine redirects

Here are a few more logs to help out.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-05-30 11:34:07Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwtiakog.sys---- System - GMER 1.0.15 ----SSDT sppf.sys ZwCreateKey [0xF743A0E0]SSDT sppf.sys ZwEnumerateKey [0xF7457CA2]SSDT sppf.sys ZwEnumerateValueKey [0xF7458030]SSDT sppf.sys ZwOpenKey [0xF743A0C0]SSDT sppf.sys ZwQueryKey [0xF7458108]SSDT sppf.sys ZwQueryValueKey [0xF7457F88]SSDT sppf.sys ZwSetValueKey [0xF745819A]INT 0x62 ? 898A8BF8INT 0x63 ? 896BCBF8INT 0x73 ? 896BCBF8INT 0x82 ? 898A8BF8INT 0xA4 ? 896BCBF8INT 0xB4 ? 896BCBF8---- Kernel code sections - GMER 1.0.15 ----? hpbbfpic.sys The system cannot find the file specified. !? sppf.sys The system cannot find the file specified. !.text USBPORT.SYS!DllUnload B92718AC 5 Bytes JMP 896BC1D8 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8BDC360, 0x372FAD, 0xE8000020]init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7782760]---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\Explorer.EXE[96] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A .text C:\WINDOWS\Explorer.EXE[96] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A .text C:\WINDOWS\Explorer.EXE[96] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000... Read more

11 more replies
Relevance 72.98%

I am running Win7 32bit OS ad have recently been having problems with my search engine results redirecting me to other sites. I did a search of the forums and have found that others have had the same problems that were resolved. I wanted to post here before running any of the advanced programs mentioned.
 
I have run Microsoft Security Essentials which found a problem with the version of Java that was on my computer. I have since updated Java to the latest version.
I also have run Malwarebytes in normal mode and also in safe mode, but it has never detected any problems.
When I run Spybot S&D it gives me a popup that says there are a 'x number of temporary files in use and cannot be removed' (The number deviates each time I run it.) I suspect that these files are the culprit.
 
The redirects don't always occur and when they do I can use the back button to return to the search engine list page and will generally be able to go to the proper site when I click on the link again. I have tried Google, Bing and Yahoo! search engines and all experience redirects. I have even tried using Chrome (now my default browser) as my browser instead of IE with the same results.
 
Thank you in advance for your assistance.

Answer:Search Engine Redirects

Welcome Vinnie, lets do these...  Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well. Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it ... Read more

2 more replies
Relevance 72.98%

For the last few days, I have had my search engine result links redirected to random shopping sites.I have run spybot, malwarebytes, and superantispyware several times. I did have Antispyware soft but it seems to have been successfully removed. However, I still get redirects.I am running Windows XPThe search engine redirects occur in firefox using any search engine.I have google chrome, but I cannot use it as keep getting things like: "The webpage at http://www.yahoo.com/ might be temporarily down or it may have moved permanently to a new web address." Internet explorer also does not display pages.I am not sure what to do next.

Answer:Search Engine redirects

yes that is happening to me too and i also have gotten antivirus soft and other anti virus viruses sept a bunch of other stuff is hapening to me as well like i cant play any games downloaded i pretty much have to re download everything if i cant fix this

3 more replies
Relevance 72.98%

Hi, Regardless of what search engine (Yahoo, Bing, Google) or browser I'm using (IE or Firefox), when I click on a link from a search result, I get redirected to a different website about 90% of the time. I would very much appreciate any help you can give me. I use McAfee, Lavasoft Adaware and Spybot Search and Destroy and none have helped with this problem. HEre is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:53 PM, on 11/22/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16890)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Windows\System32\rundll32.exeC:\Program Files\M... Read more

Answer:Search Engine Redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 72.98%

Hi - I'm turning to you guys in desperation. I got something nasty and I've been fighting it for about a week without any success. My problem happened early last week, I believe the evening of the 14th, while browsing the web through Google searches (either mobile Sid Meier's pirates app or 2010 world cup / soccer stuff, I can no longer remember which). I hit a google link, and my payware McAfee popped up that it detected and removed several files with Alureon in them. Everything seemed okay, but the next morning I noticed that any links from big search sites like Google or Yahoo or Bing began frequently (not always, but often) redirecting to other search sites, new sites, or ad sites. For an example, I've attached two JPEG images --- one of a google response page, and then one when I clicked the ESPN link showing the site history, with two history pages labeled "redirect".I get similar results through IE. Both also occasional spawn new tabs or windows with ad sites. I also have Chrome on the machine, and interestingly enough it fails to work at all --- it times out trying to get to any site. If I leave Firefox up on a page, occasionally it suddenly exits and the machine blue-screens.I'm running Windows XP Pro, SP2. My antivirus is McAfee Security Center, it is up to date and licensed. I've had other home PCs hit with something similar, but was always able to find changes, usually bogus DNS settings, through Hijack This. This time,... Read more

Answer:Search Engine Redirects

Hi lanzecki,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer. No need for logs or screen-shots at this time.

11 more replies
Relevance 72.98%

I have an issue with my son's PC, when I click on a link in Google or Yahoo, I am redirected to other sites. I have tried McAfee, Malawarebytes in safe mode, TDSS killer all to no avail.
I need some help please

More replies
Relevance 72.98%

Hi am a new member and I am seeking help with a confusing problem on my desktop computer.

I have recently encountered problem while using a search engine. Every time i click on a link I am redirected to a website that is not the link i clicked or associated in any way with it. I have ran malwarebytes anti-malware numerous times along with my avg 2011 virus software and have been unable to eliminate the problem. I currently use Windows XP but no longer have original disks available for re-install(which would have been my next option). Any assistance would be greatly appreciated.

Answer:Search engine redirects

Hello and welcome Please post your MBAM scan log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to th... Read more

3 more replies
Relevance 72.98%

Another post with the popular google redirects. Plus a side of the odd pop-up. Affects IE and Firefox. The computer in question is a Gateway laptop with Windows XP Pro SP3. It's not my main, mostly used for work and such. I probably have access to an install disc with SP2 on it. I say probably because, well, I'd have to find the darn thing. My office space has been moved around and rearranged by a certain someone.

I also have a problem booting into safe mode, though I don't know if it's related. After getting the redirects, I booted into safe mode to try running MBAM, which found nothing. The next time I tried booting to safe mode, the drivers started loading and boom, it rebooted after hitting agpcpq.sys. That issue seems to pop up with non-virus related issues but I thought I would mention it.

It took me several tries to get GMER to run, because it would lock up sometimes while trying to save the file, but I did finally manage to make things work.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 15:07:04.45 on Tue 01/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.377 [GMT -6:00]

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System3... Read more

Answer:Search Engine Redirects, Pop-ups.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

19 more replies
Relevance 72.98%

Currently, I am being redirected to several different web pages after trying to view a search result within google.

I tried a few times just for giggles and got redirected to "Toseeka" "findadditional.info" and got the actual page i wanted after the third try.

I have seen several other postings made to the forum with this same issue, and didnt want to make a new post regarding this.
I have tried several scans using malwarebytes in both normal and safe modes. I dont see anything out of the ordinary in my start up items either.
However, I dont want to break my computer further, so I'll post my logs.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Ned Teroo at 20:06:41.99 on Fri 07/10/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3006.1846 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsv... Read more

Answer:Search Engine Redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

4 more replies
Relevance 72.98%

Continue to get links redirected using Google and Yahoo search engines. Happening in IE, Firefox and Chrome browsers. Redirects include sites such as:
findsoul.info
internetsitefind.info
searchindicates.info
affiliatenetworks.biz

MY PC uses Windows XP and has TrendMicro Antivirus/Antispyware. I have also run AdAware, Spybot, AVG, Malwarebytes. I would greatly appreciate some assistance with this. Here is my DDS Log (I have also attached a HijackThis log file):
DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 23:53:17.98 on Sun 07/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.216 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\Internet S... Read more

Answer:Search Engine Redirects

Hello RD3,I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove one of these. AVG Anti-Virus or Trend Micro AntiVirus *****************Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( ... Read more

16 more replies
Relevance 72.98%

My search engines (google, yahoo, bing) all redirect to ads when I search for different sites. Please help! I've ran a quick scan and here is what it found.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7654

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/8/2011 8:59:16 PM
mbam-log-2011-09-08 (20-59-16).txt

Scan type: Quick scan
Objects scanned: 223409
Time elapsed: 20 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Answer:search engine redirects

Hello and welcome. Run these post the logs and yell me how it is.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal InstructionsIf it finds something make sure Cure is selectedNext click Continue then Reboot nowA log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the applic... Read more

1 more replies
Relevance 72.98%

everytime i click on a link in a search engine it redirects to excellentsearching.com or businessite.com. below is my hijackthis log. help please?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:14 AM, on 12/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:&... Read more

Answer:search engine redirects

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

2 more replies
Relevance 72.98%

I am having problems fixing this search engine redirecting problem. Sometimes when I hit links in an engine, it will redirect me to another website. I have run CCleaner, Malwarebytes (can't find anything), and Nod32 which finds Win32/Olmarik but cannot Clean it.

Here is the requested information.


DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 19:23:10.41 on Thu 12/23/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.478.75 [GMT -6:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
svchost.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k... Read more

Answer:Search Engine Redirects

Hello gregsama and welcome to TSF. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

15 more replies
Relevance 72.98%

I see all these other post of people having the same problems but these haven't seemed to work for me. All search engines redirect to random sites, most links do not work, and i am unable to download from most websites (like malware removers). The only way i am able to post this is from my adjacent computer. I was able to download superantispyware from the uninfected computer and transferred it to the infected with updates as well as mbam-setup.exe and combofix.exe. I try to run combofix.exe and i receive a date error check settings message. I am usually able to fix most problems by reading through posts but for some reason this one is a stickler. Here are my hijackthis reports is this will help. Any help would be greatly appreciated. Thank you.

Logfile of HijackThis v1.99.1
 

Answer:Search Engine Redirects (Tried Everything)

Welcome to Major Geeks!

Please uninstall HJT as it will be properly installed when you do the following:

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

5 more replies
Relevance 72.98%

your help would be apreciated

i have used adaware, malwarebytes and have mcafee virus protection and firewall etc

Answer:search engine redirects

Please post the results of your MBAM scan for review.To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

6 more replies
Relevance 72.98%

Hi,The computer had suffered from a virus a while back. After removal, and WIN7 SP1 installation, everything seems fine except for the DNS.The computer cannot reach google.com, search.yahoo.com, or bing.com. Doing an nslookup reveals, that the local DNS server will timeout on those addresses (except for bing), and from external DNS servers, a false answer of 87.125.87.103, will always be achieved. The HOSTS file is clean, the registry to the HOSTS is correct.Please advise. All help is gretly appreciated.Thank you!Leibtek.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421Run by danielle at 8:36:55 on 2012-03-27Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2792.1605 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSy... Read more

Answer:Search engine redirects

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===If you did not set this proxy remove it. ( Check with your Internet Provider is not sure)uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:9421 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.===The computer cannot reach google.com, search.yahoo.com, or bing.com. Doing an nslookup reveals, that the local DNS server will timeout on those addresses (except for bing), and from external DNS servers, a false answer of 87.125.87.103, will always be achieved. The HOSTS file is clean, the registry to the HOSTS is correct.Click the button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.at the cursor type:ipconfig /flushdns <-- (A space between g and / is needed)repeat withipconfig /renewThen hit Enter, type Exit, hit the Enter key.You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privileg... Read more

28 more replies
Relevance 72.98%

Hi,Everytime I use any search engine (Google, Yahoo) and select one of the results, I get redirected to a different ad. Sometimes, just using IE or Mozilla results in a pop-up ad. I've tried usinf Adware, Spybot, Avast, EVT and Malwarebytes in safe mode. Sometimes they have found a trojan (e.g. adware.trymedia) which they then claim to remove, but it does not remove the problem. The problem even occurs in safe mode.I appreciate any help you can offer.Here's my DDS log###################DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Dad at 18:40:36.26 on Fri 06/11/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.574 [GMT -4:00]AV: avast! antivirus 4.8.1368 [VPS 100611-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Expl... Read more

Answer:Search engine redirects and pop-ups

You can close this topic. Since the forum appears flooded with problems and no one's had a chance to get to me yet, I decided to run Combo fix and that solved my problem. Thanks.

4 more replies
Relevance 72.98%

Hello!! I am here to see if y'all can help me find what it is that is causing my search to redirect to all these advertisements.I found Runningjumpers post http://www.bleepingcomputer.com/forums/ind...amp;mode=linearwhich was very similar to my issues and have read your response to them, but I wanted to be sure. OK here's the deal: Around the first of the month I got this monstrous display on my computer "INFECTED! Your personal information could be at risk!"...blah blah. It turned out to be the antiviruspro2009 thingee, and it got really crazy! Regedit was disabled and task manager was disabled, supposedly by administrator (which is me!) and it was really out of whack. I stayed in safemode w/networking for about a week. Finally I got some help, and MUCH of it was straightened out, but I still have this problem with my searching. Here's what I am using on my pc:At the time of infection I had McAfee...I have changed to avast!I have installed Malwarebytes and have run it almost every day here lately. (I will post some of my logs below)I have SUPERantispyware installed and running.ATF Cleaner is installed on my computer and I ran it this morning.I ran CCleaner yesterday.Well, check it out: On the SUPERantispyware log I created yesterday it found ONE file threat: It's called Rogue.FakeAlert/Wallpaper C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5&... Read more

Answer:Search Engine Redirects

Combofix should never be used without the supervision of an expert.Download and Run FlashDisinfectorYou may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.Please download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warningsThe utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan w... Read more

21 more replies
Relevance 72.98%

I seem to have the same problem as many other here.

clicking on search engine results redirects me to other locations.

I ran rkill and Malawarebytes - found some trojans and removed them but problem persists
ran Ad-ware and Spybot - both found and removed things but problem persists.

running windows xp on IBM laptop

thanks in advance for any help

Answer:search engine redirects

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller

2 more replies
Relevance 72.98%

HI I have been having trouble with my search engine being redirected. I thought I had it cured but its back after a week with a vengance. at first it was only loading spam search engines when I clicked on google results. Now it is opening new tabs and trying to download trojans. When I reboot my computer spy sweeper warns me that it has blocked access to Z0G7YAI0.com a site on a list of sites known to be related to spyware. It also appears that this virus is periodically blocking my internet connection as I somtimes have a message that I have limited or no connectivity. While preparing this post a new tab was opened and my antivirus warned me that a trojan had been blocked. attached is my dds log. I have tired to run gmer twice and both times my system has crashed after about 2 hours.DDS (Ver_10-03-17.01) - NTFSx86 Run by me at 8:07:01.67 on Sun 05/23/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.106 [GMT -4:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\... Read more

Answer:Search Engine Redirects and more

Hello gsetWelcome to BleepingComputer ==========================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKEDIAT/EATDrives/Partition other than Systemdrive (typically only C:\ should be checked)Show All (don't miss this one)Then click the Scan button & wait for it to finish.Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entriesClick OK and quit the GMER program.Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.Post that log in your next ... Read more

21 more replies
Relevance 72.98%

This is a continuation of a previous thread... http://www.bleepingcomputer.com/forums/topic376264.htmlOn my desktop computer, the vast majority of search entries redirect me to ad pages. This happens regardless of what browser I use, or which search utility. One suggestion was that my wireless router---which my desktop is hardwired into---might be the problem, but the redirects did not affect my wireless laptop, and they continued to happen even when I ran the desktop directly into my cable modem.As directed by Blade Zephon, I've followed steps 6 through 9 in the Preparation Guide. The following is the DDS.txt log...DDS (Ver_10-12-12.02) - NTFSx86 Run by Jeremy & Mary at 20:37:10.21 on Mon 02/14/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.116 [GMT -6:00]AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\BCMSMMSG.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Java&... Read more

Answer:Search Engine Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

10 more replies
Relevance 72.98%

As per the sticky, instead of simply following directions from other threads (I have found a total of 3 in my simply scanning on the forum) I am making my own thread with this issue. When I search with Google, Firefox Google, or Yahoo I get redirected search results to anti-spyware sites and search engines which seems awefully fishy to me.

I have run HijackThis, and had issues getting DDS to run (told me how to disable script blocking services which I am unsure of how to do) so attached is my GMER files and pasted is my HijackThis. Thank you for any and all assistance in this matter.

And an apology for my massive log list... it's an old computer so there might be more than just this one issue with it ^_^ I ran AVG and nothing turned up and have Spybot installed as well...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:00 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Fi... Read more

Answer:More Search Engine Redirects...

Hello and welcome to TSF.


Quote:




had issues getting DDS to run




Let's try another tool then and see if you can run that.
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

Please note that the forum is very busy, and if I don't hear from you in three days this thread will be closed.

2 more replies
Relevance 72.98%

Hello, i'm new here, and i've been having the infamous search redirect happening on my computer. my operating system is Windows XP, and is dell computer.

what should i do?

Answer:Search engine redirects

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 72.98%

Windows XPWireless connectionWhen I search with google/yahoo/msn and others, I get "Document has moved" after a while a site that I did not want to go to appears. sometimes it is a virus loading site. Other times, it is low quality search engine. I have a HIJACKTHIS printout:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Sy... Read more

Answer:Search engine redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

9 more replies
Relevance 72.98%

Whenever I search something in search engines,be it google,yahoo,or bing. It redirects me to some other page.I tried using malwarebytes to clean my computer it cleans some viruses but the search engines still redirect me.I also get bluescreens from time to time and i also experience random restarts.Logfile of HijackThis v1.99.1Scan saved at 12:38:09 PM, on 2/20/2011Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16700)Running processes:C:\Windows\SysWOW64\rundll32.exeC:\Users\VJ\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Razer\DeathAdder\razerofa.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\HP\Digital Imaging\smart... Read more

Answer:Search Engine redirects

Hi ValSic, and welcome to Bleeping Computer.Follow our Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, and post the logs requested...

2 more replies
Relevance 72.98%

I went in yesterday and did a google search and when I clicked on a result, I was redirected. I have Norton through comcast, ran Malwarebytes, Spybot, and AdAware, and nothing found. It happens in yahoo as well, and in FF and IE.

Thanks,

Doc

Here are the DDS.scr results and attached is the zipped file with ark.txt and attach.txt.


DDS (Ver_10-03-17.01) - NTFSx86
Run by STEVE at 0:04:03.09 on Sat 06/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2134 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\palmOne\HOTSYNC.EXE
svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Progra... Read more

Answer:search engine redirects...

BUMP, please ... 72 hours

Thanks

Doc

19 more replies
Relevance 72.98%

I'm running XP Home. I primarily use Firefox 3.6.3

Symptoms are google searches are being randomly redirected. It doesn't always happen, but maybe every other time I click on the results of a google search. At least once the redirect led me to a site that downloaded malware. Volume control disappears and reappears. Sometimes all programs won't open until I reboot. Firefox randomly crashes.

I've run mbam a couple times, both full searches, both times with a fully updated database, with no results.

Answer:Search engine redirects

No reply so did a little research and ran TDSSkiller. It found something and deleted it and everything seems to be fine. One problem, my volume control is still missing. I've messed with all the properties in the taskbar properties nothing seems to work. Any ideas? Here's the log:

14:20:45:189 1772 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:20:45:189 1772 ================================================================================
14:20:45:204 1772 SystemInfo:

14:20:45:204 1772 OS Version: 5.1.2600 ServicePack: 3.0
14:20:45:204 1772 Product type: Workstation
14:20:45:204 1772 ComputerName: REDOCTOBER
14:20:45:204 1772 UserName: Red October
14:20:45:204 1772 Windows directory: C:\WINDOWS
14:20:45:204 1772 Processor architecture: Intel x86
14:20:45:204 1772 Number of processors: 1
14:20:45:204 1772 Page size: 0x1000
14:20:45:282 1772 Boot type: Normal boot
14:20:45:282 1772 ================================================================================
14:20:46:048 1772 Initialize success
14:20:46:048 1772
14:20:46:048 1772 Scanning Services ...
14:20:47:173 1772 Raw services enum returned 371 services
14:20:47:189 1772
14:20:47:189 1772 Scanning Drivers ...
14:20:49:517 1772 aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\aavmker4.sys
14:20:50:267 1772 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
14:20:51:220 1772 ACPI ... Read more

2 more replies
Relevance 72.98%

Hello,

It seems I have contracted some sort of virus. This virus, or whatever the problem is, redirects some of the links in search engines. It redirects them to some adware sites. I have done some looking around, and this seems to be a common problem, meaning I have read a lot of threads where people are experiencing the same issues. However, I cannot seem to fix my issue. I have run Norton Anti-Virus, MalwareBytes, Spyware Doctor, and SuperAntiSpyware. None of these programs find anything. I have run them before and they found quite a lot, and subsequently did the repairs.... however my redirect problem still exists. Although it does not seem to be as bad, it is still quite annoying, hinting there is still something on my computer and troubling that no software is able to detect anything. I will run any program and posts the logs. Please let me know. Any help would be greatly appreciated. Thank you.

-Brent

Answer:Search Engine Redirects

Are they various site or the sane one?Is it with alll searchines or just one?XP/Vista etc,,??Please run an online scan.Please perform a scan with Kaspersky Online Virus Scanner.-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.Read the "Advantages - Requirements and Limitations" then press the ... button.You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the ... button.Make sure these boxes are checked. By default, they should be. If not, please check them and click on the ... button afterwards:Detect malicious programs of the following categories:
Viruses, Worms, Trojan Horses, Rootkits
Spyware, Adware, Dialers and other potentially dangerous programsScan compound files (doesn't apply to the File scan area):
Archives
Mail databasesClick on My Computer under the Scan section. OK any warnings from your protection programs.The scan will take a while so be patient and do NOT use the computer while the scan is running. Kee... Read more

22 more replies
Relevance 72.98%

It seems like a rather popular topic, but unfortunately, all the basic fixes I've found online haven't worked on my computer, and searching on these forums, all the responses I've found said they were specific to that one computer, so I didn't feel comfortable using them. So here's mine:

I run Windows Vista Home Basic, Service Pack 1. My Hijack This log is attached. Both Google and Yahoo search results randomly send me to other "search engines" that display ads as results, ad sites, and even that one "your computer has a virus" web page that appears as if it's scanning your computer. Despite the fact that my computer doesn't SEEM to be running slower, searching online for stuff has become horribly tedious. Avast and Malwarebytes both found a couple things that needed to be taken care of, but neither could fix this problem in particular.

I appreciate any help that you guys can give me!
 

More replies
Relevance 72.98%

Hello BleepingComputer,From looking at your site, redirecting search engines appears to be common problem and I would be very grateful for any help you can offer with this issue.Backstory:The computer in question is at my works office running Windows XP Profesional and it has been trouble since I started working here (May 2010). I would have formatted but I do not have access to a legitimate version of Windows XP to reinstall. Outside of internet browsers everything appears to be fine. The system has what appears to be an expired Norton antivirus which periodically scans but does not cure any infections. It was set up with IE with numerous toolbars installed which I removed fairly quickly. I installed an up to date AVG (free version). When opening new windows and tabs with IE the system would often not load any page - leaving just a white screen. I switched to Firefox which seemed to perform slightly better.After some time the system became infected with what I assume is a Trojan, however I am not knowledgable about infections. This particualar infection runs a fake virus scan and informs you that you need to purchase software to remove certain fake processes. There was also a fake disc check scan which would pop up and ask for a similar payment. The infection also prevented me from running internet browsers and the anti-virus software I had installed - it would run the scan when I attempted to run AVG for example.It then began to remove all the links in the Start Menu and ch... Read more

Answer:Search Engine Redirects

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

14 more replies
Relevance 72.98%

My girlfriend used my computer. Now when I use a search engine I get a legitimate looking list of links. But, when I click on one I get sent to something totally unrelated to what I wanted. I can still get to things okay by typing in the address. I have installed Spybot S&D which found and removed some other problems but this one remains. Installed and ran Hijackthis but when I tried the automatic analyzer windows said the page could not be displayed. Thankyou for your help.

racefan

Answer:Search Engine Redirects

Hello ,using HJT on your own or with an auto tool can be dangerous to PC stability.Can you run MBAm??Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in pr... Read more

3 more replies
Relevance 72.98%

Hello,I recently developed a problem which caused my Firefox to stop working and also I get spam pages opening up in new tabs at random times which are more frequent when I am using a search engine. I was still able to use Internet Explorer.In the past couple of days I have also had some 'WIN32' errors. The error message reads "Generic Host Process for Win 32 Services has encountered a problem and needs to close". Afterwards my appearance settings had been altered and I was unable to change back to XP styles until after restarting the computer.Also, I am not sure if this is relevant to my problem but I can not view windows media player and other video players in full screen. I am also unable to watch BBC iplayer videos from the BBC website.I have run several anti-malware/antivirus programs which have so far been unable to resolve the redirecting problem but the scans I did removed some problems which got my Firefox working again. The prgrams I have used so far are: Malwarebytes anti-malware, Mcafee virus scanner, Spyware Terminator and Windows Live Onecare.Also, information which may be relevant: A couple of months ago I had a problem which stopped me from connecting to the internet using any applications and prevented me from running any anti-virus/anti-malware software. I used system recovery and when I started the computer again afterwards the problem had seemingly gone.When I was running the GMER scan first time round it crashed, then second time the who... Read more

Answer:Search engine redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

17 more replies
Relevance 72.98%

Whenever I use yahoo or google my browser redirects to some link different from the one I was looking for. I tried using ad-aware, scanned with norton anti-virus, and none of them have done the job.


So I scanned with hijack this and this is the log it gave me. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:04 AM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files... Read more

Answer:Search engine redirects

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

14 more replies
Relevance 72.98%

When I use a search engine it only will take me to antivirus.com and other simular web sites. I am not sure what to do. Please help me

DDS (Ver_09-02-01.01) - NTFSx86
Run by Brian at 10:27:27.17 on Mon 02/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.140 [GMT -6:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROG... Read more

Answer:search engine redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 72.98%

search engine redirects to other search page or add also computer freezes i have a Dell xp reinstallation DVD
DDS (Ver_09-12-01.01) - NTFSx86
Run by Dad at 23:15:24.79 on Fri 12/18/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1484 [GMT -5:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmo... Read more

Answer:search engine redirects

Hi Markwun and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread (if you haven't already) to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

4 more replies
Relevance 72.98%

Thanks in advance for any help!
My DDS.txt file:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Robert at 10:19:27.92 on Mon 07/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.488 [GMT -4:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {804E5358-FFA4-010D-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Rogers Online Protection Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}
FW: Rogers Online Protection Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS... Read more

Answer:Search engine redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 72.98%

All of the search engines I have tried are redirecting me to misleading sites such as PLOMEDIA.

I read a post to this forum that said to run and save two files, I have done so and they are attached to this post.

 DDS.txt   15.69KB
  4 downloads
Thanks for your help!

Answer:Search Engine Redirects

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box... Read more

2 more replies
Relevance 72.98%

I have moved my original post from Am I infected? to here as requested.I am running windows xp. I am using firefox. My IE, Chrome, and Safari are working again after unchecking the use proxy box.The problem is still that any link I click on after a search engine search takes me to some random advertisement page.I have run Malwarebytes, Superantispyware, Spybot, online HouseCall scan, and TweakNow Reg Cleaner. Malwarebytes and Superantispyware initially got rid of some stuff including cookies and these:Malwarebytes: Rootkit.Dropper, Rogue.Antivirus.Suite, Trojan.Fraudpack, Rogue.AntivirusSuite.GenSAS: Trojan.Unclassified/Dropper, Rogue.AntivirusSoftSpybot could not detect anything except for a few cookies. It also takes 16+ hours to run!All my scans are showing no infections now.I am pasting my DDS.txt below. I did try to use gmer.exe, but the program become non responsive. After end task, I tried opening it again, but got a blue screen:*** STOP: 0X0000008E (0xc0000005, 0x80563FEF, 0xEDBC0AF8, 0x00000000 )So I had to restart my computer, but I haven't tried using gmer.exe again.Here is the DDS.txt done prior to restart:DDS (Ver_10-03-17.01) - NTFSx86 Run by julie at 12:30:44.96 on Sun 05/16/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.79 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost... Read more

Answer:Search Engine Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

10 more replies
Relevance 72.98%

When I search on google or yahoo, they sometimes redirect to a random site, and then redirect to another site. Sometimes it brings me to a legitimate though sketchy site and other times it sends me to a site filled with viruses. Other times, the website doesn't even work. The weird thing is that sometimes the I can go to all the links the search provides succesfully, but if I search again or refresh, all the links redirect. Bing searches all work, but google and yahoo don't.
DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 23:01:07.93 on Sat 06/27/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.338 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Creative\Sh... Read more

Answer:Search engine redirects

Hi,Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).Let me know if the redirects have gone after that, and also post a new DDS log (DDS.txt).

16 more replies
Relevance 72.98%

Hello -

Yesterday, my computer became infected with a backdoor.bot virus, while running fully updated McAfee Antivirus and the full protection version of Malwarebytes. After running scans from both of those, I deleted the backdoor.bot, restarted immediately, and came up with clean scans from both products. However, any search in a search engine is redirecting, and I cannot run the computer in safe mode - blue screen of death.

I have already installed and run TFC, ATF Cleaner, and the free version of SuperAntispyware. I cannot run the SuperAntispyware in safe mode, as previously mentioned. After running these, the browser is still redirecting. Also, I get periodic messages from Malwarebytes that it has blocked access to a malicious IP address.

Not sure where to go from here...

Thanks!

Melissa

Answer:Search Engine Redirects

Welcome to BCWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit..... Read more

3 more replies
Relevance 72.98%

HelloSince last week i am having this problem of clicking on search results and getting redirected to crappy adsites due to a possible malware or trojan on my system. 1. I scanned using spybot and found virumonde.prx and removed it. But after a couple of hours it came back2. Did some safe mode scanning with spybot, spyware terminator, lavasoft ad-aware and avg system scan free edition. 3. Joined in your website and went through he basics as explained in your spyware section. The GMER tool is freezung up my system with 100% CPU usage. And cannot seem to save results from GMERSo any ideas what i need to do? I have the dds.scr log files in text document. JasPS: Uploaded dds.txt and attach.txt from the dds.scr script log. Uploaded RKUnhooker report and MBRCheck Report and combofix log. also added the HJT log and malwarebytes antimalware log

Answer:Search engine redirects

Hi Jasbir, to Bleeping Computer My name is SpySentinel and I will be helping you fix your malware problem.Sorry for the delay, we have been very busy lately, and I apologize for your wait.Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infection... Read more

2 more replies
Relevance 72.98%

Hello,I have installed Ad-aware, Spybot S&D, Kaspersky, SuperAntiSpyware, Malwarebytes..... and still have redirects when I click on hyperlinked results in yahoo and google! When I run Malwarebytes it finds : Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.When I restart the computer and run Malwarebytes again, it always finds those same infections each time.Redirects have been to "search-march.com" and "xfindwolrdx.com".From googling around, I saw on another forum that there is a fix called Gooredfix that's been created- it's supposed to fix the redirects, but I tried running that and it only works for those who have Firefox installed.Please help me! It seems like this will be quick to solve for someone knowledgeable. Would you recommend my hiring someone to format my hard drive? Is this something serious- will I always have to fear my computer has been compromised? Or is there a fix?I've deleted a few pieces of software, which you'll see in my logs, such as Apple/ipod stuff that loaded in memory when the computer starts. Her... Read more

Answer:Search engine redirects- please help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 72.98%

I have made it back and again thank you Orange Blossom for the notification. Any way I do believe the only problem we are having at the time is the redirecting of links in any search engine we use here.Google,Bing, etc; Does not matter what browser one uses either links always go some where else. Have run scans with ESET,Avira, Malwarebytes and so forth and have removed alot of junk with these but still have the redirecting problem . I ran Highjackthis probably two or three days ago and remove some Items there but of no help. I did keep a log of the Items I removed if you would like to look them over and can attach also. Will also attach my latest Highjackthis log too.
DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 20:28:35.32 on Sun 02/06/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1419 [GMT -5:00]

AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Progr... Read more

Answer:Redirects in Search Engine

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

26 more replies
Relevance 72.98%

I am new to bleepingcomputer, so let me know if you need more info. Bing, Google redirect when search results are clicked. If I type the search results URL in Explorer, it works fine. Please help. Am using XP Home SP3, cable modem with Linksys router.

Answer:search engine redirects

Solved the problem. It was a Volsnap.sys driver patched with a rootkit.

1 more replies
Relevance 72.98%

Our family computer has just started having problems with Google (and all other) search engines. The search itself works fine but the links under the entries are odd and lead to random web pages. Thank you in advance!!!

Here is the DDS log


DDS (Ver_09-01-07.01) - NTFSx86
Run by Snuffles208 at 19:38:34.48 on Mon 01/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.101 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~... Read more

Answer:Search Engine Redirects

Hello and welcome to TSF.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

2 more replies
Relevance 72.98%

First off thanks in advance for your help. Like others here, I've been hit with the search engine redirect bug/trojan/PIA. I'm running Windows XP Pro Service Pack 3. On the advice from other links I've downloaded (to my desktop), installed and updated Malwarebytes' AntiMalware. I ran the quick scan and here is the log...Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4219Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/20/2010 2:20:55 PMmbam-log-2010-06-20 (14-20-55).txtScan type: Quick scanObjects scanned: 133116Time elapsed: 7 minute(s), 57 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Then I ran SuperAntiSpyware and here is the log for that scan. SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/20/2010 at 02:38 PMApplication Version : 4.39.1002Core Rules Database Version : 5061Trace Rules Database Version: 2873Scan type : Quick ScanTotal Scan Time : 00:10:01Memory items scanned : 588Memory thr... Read more

More replies
Relevance 72.98%

AVG detected setup gameradvance on my system and got that removed but every time I search for anything in google it redirects to random other search sites. AVG isn't finding any viruses now. Ran Housecall and it didn't find anything. Spybot Search and Destroy didn't find anything. Ran malwarebytes and it said I had 20 problems that I cleared. I'm running another scan on that now because I'm still having the same problem. Also can't install windows updates now getting error 80072efe. Not sure if that's related or not but haven't had any problems updating until today. Had to do a system restore to allow other users of my pc to access their accounts because it was saying it couldn't load any profiles. That seems to be fixed now though. I'm new to Hijack This so won't mess with anything unless I hear it's ok to do so. Please help . Thanks in advance.

Here's my HJT log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:11 AM, on 7/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Stardock\Object Desktop\RightClick\RightClick.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Sonya\AppDa... Read more

Answer:Search engine redirects

I ended up having a rootkit. Fixed it with TDSSKiller.exe. from here: How to remove malware belonging to the family Rootkit.Win32.TDSS Everything seems to be working wonderfully for now. Just have to disable all my kids download privileges lol.




<img class="avatar" name="di-avatar" id="di-avatar">
 

1 more replies
Relevance 72.98%

I know I'm probably the millionth person to post this, but when clicking on links in Google, I'm often redirected to other sites. I've tried to run RootRepeal, but it seems to quit responding. Thanks for any help!
DDS (Ver_09-10-24.01) - NTFSx86
Run by Alice at 11:06:15.10 on Sat 10/24/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Zune Launcher] "d:\program files\zune\ZuneLauncher.exe"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "d:\program files\comodo\comodo internet security\cfp.exe&q... Read more

Answer:Search engine redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 72.98%

Hi all,

A coworker asked me to look at his computer. It appears that he was infected by Windows Restore. I installed MBAM and let it run and fix. I can now see his files and folders once again. However anytime that I go to a search engine and click on a resulting link, it redirects me to some other site. Also, when sitting at the desktop, not browsing, I get an IE script error with URLs that I do not know, and I don't see an iexplore process running at the time.

At last run MBAM didn't find anything, neither did housecall from Trendmicro.
I can't make it stop. Please help.
Thanks, Rob

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kevan Cowie at 10:50:55.77 on Sun 04/24/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.180 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROG... Read more

Answer:Search Engine Redirects

Hello robkoz , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.Install Recovery Console and Run ComboFixThis tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.Download Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Close/disable all anti-virus and anti-malware programs so they do not interf... Read more

8 more replies
Relevance 72.98%

As requested in this thread http://www.bleepingcomputer.com/forums/t/218339/infected-and-getting-worse/ I an posting the results of an RSIT log here, as my infected computer won't let me run dds. So far we've tried SAS, mbam, and Dr. Web. SAS & mbam showed nothing, but Dr. Web did but didn't remove. Symptoms include Google redirects and I can't go to bleepingcomputer.com (Or other similar sites). McAfee and other programs are no longer accessible on the infected computer. Thanks in advance for your help.Logfile of random's system information tool 1.06 (written by random/random)Run by Owen at 2009-04-13 15:47:33Microsoft Windows XP Home Edition Service Pack 2System drive C: has 64 GB (43%) free of 149 GBTotal RAM: 2038 MB (74% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:47:43 PM, on 4/13/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSRes... Read more

Answer:Search Engine Redirects

Resolved. Help no longer needed. Thank you:)

2 more replies
Relevance 72.98%

Hello, I've seem to have got some type of malware that is causing my search engine to redirect when I click on a link.  It doesn't matter what search engine I use and it happens with both IE and firefox.  I've ran TDSS killer but it did not find anything, any help would be much Appreciated, thanks! 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 1.6.0_38
Run by Scott at 15:29:05 on 2013-04-02
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.16381.12775 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
... Read more

Answer:Search engine redirects

Hello sminnick I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

14 more replies
Relevance 72.98%

I searched on bing.com for gimp tutorials. (That's the drawing program, not the freaky stuff...) Clicked on the second link on was redirected to several sites in rapid succession. This was just now, AFTER performing the removal procedures.

Sites were http://231_46730446.admarketplace.com,
http://specialshots.com/search.php,
http://qdmil.com/click/?s=1033&c=146732&subid=29216

I had previously run Malwarebytes, found a few infections and have that log attached. The Internet History.txt is from before running the complete procedure, links taken from Internet History (edited this morning, why the date is today)


Still having the problem, then I performed all the malware removal procedures, including CCleaner, and deleted restore points.
 

Answer:Search engine redirects

Log Files, Including Malwarebytes ran previous to complete procedure, and redirected Internet History links copied.
 

7 more replies
Relevance 72.98%

I've had a significant issue of my search engine results being constantly being rerouted to random websites. Closer examination through google told me that I'm not alone and that many others are suffering from this issue. I haven't figured out how to resolve it so I just ran a HijackThis Scan and received these results. Many thanks in advance for all helping posters.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:26 PM, on 2/13/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://... Read more

Answer:Search Engine Redirects

Hi again ChessPlayer2486

We no longer use HijackThis as our initial analysis tool

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html
After running through all the steps, you shall have a proper set of logs. Please post them in a new topic,
as this one will be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 72.98%

Started off redirecting my searches. I posted the problem here, and ran a Boot-scan from Avast, which found a few things in Java, but removed them. Avast was still alerting every so often, but I could still go online with my usual browser Firefox. Downloaded Malwarebytes and Superantispyware. All that was found was some tracking cookies. Then all of a sudden, Firefox crashes, and Malwarebytes and Avast started to go off about a malicious IP: 112.175.243.23 (The end 2 digits change back and forth) I tried starting FF and IE multiple times, and they crash as soon as they start, while Avast and Malwarebytes alert about them.

The only browser that works currently is Safari.

Edit Safari now no longer works as of when I closed it out.

Edit again: Firefox now works...

As I am running a 64-bit mode OS, I did not run Gmer.

Sorry if I wasn't clear, as I am a bit frustrated ^.^'''' Thanks in advance to anyone who can help me!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Susan at 18:58:30 on 2012-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.921 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.... Read more

Answer:Search Engine Redirects

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

56 more replies
Relevance 72.98%

Hello, my name is Mark and thanks for looking

Am running windows xp in an old emachine. google redirects almost all links. am able to progress by copy/paste into address bar. am not able to access and download any updates from microsoft or windows websites. always 'page not available.'

Have been getting corrupt file notice: c:\windows\system32\drivers\sysaudio.sys and now no sound.
Hijack this logs to follow and thanks again.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Mark at 9:29:58.40 on Mon 05/15/2000
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.383.145 [GMT -7:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:�... Read more

Answer:Search Engine Redirects and more

Hello Stressed2,I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\ViewpointYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/R... Read more

2 more replies
Relevance 72.98%

Hi all, I've been having problems for a while now, Malwarebytes, Mcafee and Superantispyware have all ran and removed trojans. Upon restart they seem to reappear tho. I have noticed in startup some items which appear they shouldnt be there, but they will not delete. I am using a wired desktop, windows xp sp3. When I use any search engine via IE or Firefox, I get random redirects.
Is there any other info you require?
Please can anyone assist me with this problem, any assistance would be greatly appreciated, thank you, Ruth

More replies
Relevance 72.98%

Hi - my search's are now being redirected through Yahoo, Google, etc (all of them). Livesearchnow.com is the common destination. I am running Norton Antivirus and also use Malwarebytes. Nothing picked up through those.The following is the DDS log.----------------------------------------------------------------------------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.9.2Run by family at 10:14:25 on 2013-02-17Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6048.3989 [GMT -6:00].AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc... Read more

Answer:Search engine redirects

Hello TRH1214 and Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at... Read more

18 more replies
Relevance 72.98%

I've had a problem for a couple of weeks now. When using a search engine, I get redirected to another site when I click on a link that it found. I click back and click on the link again. I usually have to do this twice. This happens whether I use Google, Yahoo or Bing. I've scanned the computer with McAfee Security Center and AVG. I did find some Viruses/Trojans before the search engine problem started happening. Now my computer appears clean with McAfee and AVG. The search engine problem seemed to start when I upgraded to IE8. I uninstalled AVG before I ran DDS and GMER. I have a reinstallation CD for Windows from Dell.



DDS (Ver_09-10-13.01) - NTFSx86
Run by Doug Carey at 16:04:21.53 on Wed 10/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2302.1870 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1... Read more

Answer:Search Engine Redirects

Hi,

Please do the following:

Download ComboFix from either of these locations:
Link 1
Link 2


VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When fini... Read more

2 more replies
Relevance 72.98%

Hi, so I'm on my husband's computer, for like the 100th time removing spyware and I'm stumped this time. I've installed and ran Malwarebytes (which picked up one file for removal) spybot SD (got rid of quite a few things yesterday, but they were the exact same ones as today) and Microsoft Security Essentials (picked up one thing, said it couldn't remove it before a restart, restarted, ran again and it didn't show up so I assume it got rid of it) I didn't write down the names of the files and folders. >.<; In retrospect it would have been a good idea. All 3 are now coming up with clean inspections, but the issue is still there. At first it was just google redirecting, but after I started using bing.com instead, to search for help, it also started to have the same redirect issue. This is my first experience with this particular type of malware. Usually it is the fake spyware remover programs, which I also saw this time in combination with the redirect. I don't know if this is even remotely related, but within the windows Security Center it shows automatic updates being turned off, but when I go to it directly they're turned on and scheduled for dl/install.

Here is my DDS.txt content....

.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
Run by ShaneM at 12:30:22 on 2011-06-12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3325.2572 [GMT -4:00]
.
AV: AVG Anti-Virus Fre... Read more

Answer:search engine redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 72.98%

Just wondering what's going on with my parents' computer here. Google searches are constantly redirected to other things, and even when searches come up, they're always to some "free virus scans" and other nonsense. I'm pretty sure something is amiss.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:48 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - H... Read more

Answer:IE Search Engine Redirects

6 more replies
Relevance 72.98%

When I use a search engine, the search engine works, and the links are correct.... But when I click a link it redirects me to a random site. When the redirection occurs it appears to be random. ... Occassionally a random webpage will open in a new page, out of the blue. I haven't noticed any other problems. I have already ran Malware bytes & Symantec Endpoint. Both scans come out clean. I had to uncheck the devices box in GMER to get the scan to complete.(I would get the blue screen of death and the computer would reboot if left checked.

Thanks so much for your help.
Michael York
Response to the preperation guide as outlined by Grinler:

1) backup your data - done
2-4) done
5) Enable Firewall - done
6) disable your CD emulation software - done
7) Download and Run dds - done (see results below)
8) GMER lot - Cannot run. starts to scan then the system shuts down and reboots
Windows XP PRO SP3
Intel Core 2 duo
2.5 GHz 3 GIG ram
IE 6 (required for business applications)
FireFox
DDS (Ver_10-11-10.01) - NTFSx86
Run by cyorkmi at 8:52:45.51 on Sun 11/14/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1446 [GMT -6:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLa... Read more

Answer:Search engine redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

20 more replies
Relevance 72.98%

Hi, there are probably a thousand similar questions to this, but nevertheless I need help. So, I can't open up Opera, every time I check the task manager I see it start up and then immediately shut down. I CAN however open up firefox and IE. But every time I click on a result I'm either redirected to some junk search site, or it gives me an error page. I've run malware bytes and that removed three infected items. I ran it a second time, this time a deep scan and nothing showed up. I've since run HijackThis and saved a logfile of the last scan. Hopefully someone can tell me what I can do next. Please help!===================================================================Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:24:42 AM, on 4/16/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\TrojanHunter 5.3\THGuard.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC... Read more

Answer:Search engine redirects

jcrichton, pure SWAG, M-B gets most nasties, but I've run into a few it couldn't handle. Superantispyware (seems able to handle all comers. Info only. I?m not paid for recommendation. WARNING! FYI, a full scan on mine takes over an hour.) can do the job and you can get it free @:http://www.superantispyware.com/among other places. They have a Vista compatible version if needed. Dunno about Windows 7 or later.If it turns out that you need to use it, be sure to update Superantispyware prior to running. Disable 'restore' after cleaning and run it again (to remove any nasties living there, restart after cleaning) so the nasty doesn't get put back should you later ?restore?. They just released a new update recently and it changes all the time. Things are in a constant state of flux.The restore thing is critical. May not be your deal at all, but won't hurt anything to try.HTHEd in Texas

4 more replies
Relevance 72.98%

Frequently, when clicking links on search engines i get redirected to malicious/unrelated websites. I have no idea how to fix this so any help is greatly appreciated. Thanks in advance!

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Shan at 13:53:27 on 2011-05-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6141.3256 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Enabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSer... Read more

Answer:Search Engine Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Relevance 72.98%

When I do a search in Google or any search engine for that matter I get redirected to random sites. If I click back and click on the link it will do the same thing about three times and then aprox. the fourth or fifth time it will go to the correct website link. I have run multiple scans (Spybot, Windows Defender, Malwarebytes Anti Malware...as you can see I'm cheap when it comes to anti virus software, maybe this is why I have the problem) and it has not found or fixed the problem. I'm running Windows XP Pro and use both Google Chrome and IE as browsers. I'm not anywhere smart enough to go into registery or whatever you need to do to find and get rid of this so I'm turning to you smart folks and hoping you can help. If I understand correctly I'm supposed to run HJT and post the findings, hopefully this is enough info to help you find something. Thanks.
 

Answer:Search engine redirects... help please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:55 PM, on 1/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark X6100 Series\... Read more

2 more replies
Relevance 72.98%

windows xp search engine redirects to other search pages or adds
computer slow and freezes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:52 PM, on 12/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hp... Read more

Answer:search engine redirects

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 72.98%

Hi I have a problem with my computer and it's search engines. A few days ago, when I started to go on Google and do a search, the links that were shown were all suspicious, most of them having to relate to anti-spyware or shopping. Next, I tried searching on Yahoo with no luck. I have ran, Spybot, AVG Anti-Virus, Ad-Aware, and Windows Defender to no avail. I am wondering how I can fix this problem so that I can search something on google without having it redirect me. Thanks!

Answer:Search Engine Redirects

Hello and welcome. Lets get a MBAM scan log. Please disable SpyBot for this.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "... Read more

25 more replies
Relevance 72.98%

Hi,I've developed a nasty search engine issue where search results are being redirected to random sites (happens with Google and Yahoo, in both IE and Firefox). Link properties display fine and initially it looks like it's going to the right place but then changes to a random site. I was unable to save ark.txt from GMER - when I tried it froze my netbook and I had to pop the battery to restart. I did see that 'suspicious modification' was listed for iastor.sys. Thanks for your help!Below is DDS contents:DDS (Ver_10-03-17.01) - NTFSx86 Run by ME at 12:24:26.96 on Sun 05/30/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.407 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1�... Read more

Answer:Search Engine Redirects

Hi,Try to run GMER by having only sections enabled. Post back its report & attach.txt part of DDS run.

2 more replies
Relevance 72.98%

Thanks! I have a hp pavilion a620n running Windows XP. The computer previously had the antispyware soft infection which I got rid of with Rkill and MBAM. Since then my computer has been redirecting yahoo searches. Leading me mostly to sites that have spy cookies or opening me up to further infections like a trojan which my Webroot Antivirus with SpySweeper quarantined and deleted.I run MBAM, Webroot Antivirus and none of these resolve this issue. They just pick up spy cookies.I ran the DDS, gmer scans as instructed.DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 10:32:49.71 on Wed 06/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.378 [GMT -6:00]AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}AV: iolo AntiVirus? *On-access scanning disabled* (Outdated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\HP USB Multimedia Keyb... Read more

Answer:Search Engine Redirects

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

12 more replies
Relevance 72.98%

My wife downloads a lot of stuff on this computer, and she wound up catching the inevitable virus. When I use a search engine and click on the resulting link, it redirects me to a site I had no intention of going to---TurboTax, a mortgage broker, wierd stuff. And it happens on both IE and Firefox, so I'm pretty sure it's not the brower's fault.

While running a boot-time scan, I intercepted and deleted a number of these, but there are apparently two very nasty ones---one in explorer.exe and one in winlogon.exe, both infected by win32:winpatch. They couldn't be deleted or repaired.

I've updated my Malwarebytes and run it in safe mode---no dice. I went to Google and researched the virus (as best I could on this jacked up computer hehe), and it seems the virus must be taken out manually. Before I start ripping out programs like my 2-year-old disecting a PB&J, I figured I'd better ask the experts

Answer:Search Engine Redirects

Hello.Let's try this.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.~BladeIn your next reply, please include the following:TDSSKiller Log

12 more replies
Relevance 72.98%

EDIT: PLEASE REMOVE THREAD. I'm seeking assistance on another forum simply due to quicker response time. Thank you, regardless.

Answer:Search Engine Redirects

thank you for letting use know gringo

1 more replies
Relevance 72.98%

Hello, I have been having what appears to be similar problems as a few other users. You will have to forgive me, my computer know how is a 1 on a 1-5 scale. I am a paramedic, so I can fix people, just not computers! When clicking a link on Google or Yahoo, I am redirected to aother site, sometimes one that has the same results as the original search. sometimes it is the "happili" site heard of in other threads. Also, occasionaly a window will pop up asking if I am sure I want to navigate away from this page. Strangely, this may occur even when IE is not open. Below is my system information:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4063 Mb
Graphics Card: NVIDIA GeForce GT 130M, 1024 Mb
Hard Drives: C: Total - 466843 MB, Free - 335283 MB; D: Total - 10091 MB, Free - 1767 MB;
Motherboard: Quanta, 361B
Antivirus: AntiVir Desktop, Updated and Enabled

Hijack this paste:

Scan saved at 2:08:14 PM, on 4/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiV... Read more

Answer:Search engine redirects.

16 more replies
Relevance 72.98%

Thanks to those of you managing and volunteering on this web site. It?s a great resource.

1. I use XP and currently am redirected to various web sites when using search engines like Google, Bing, or Yahoo. The cached version of the selected web page works fine, and if I?m persistent the redirect will usually cease after three or four attempts. I?ve tried both Firefox and IE.

2. On June 16th, I picked up the ?XP Home Security 2012? rogue when I was quickly trying to download a reference manual for a guitar amp. Stupid. My fault?I usually only visit sites I know.

3. I did NOT run Combofix.

4. Using Malwarebytes? Anti-Malware and SUPERAnti-Spyware it was removed. The main problem with those two programs was that my computer would not shut down after they finished running. And I spent a couple days trying to boot: ?We are sorry for the inconvenience, but Windows did not start successfully.? I forget the steps I read about in order to get back to where I could start the computer normally. Nothing drastic though. And it now shuts down and starts up.

5. The only remaining problems (if at all related to ?XP Home Security 2012?) are the redirects and the computer seems to be running slower in general.

6. RKill terminates the following process when I run it -- C:\WINNT\Explorer.EXE (with capitals as written). Not sure if that matters.

I appreciate your help.

Answer:Search engine redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Relevance 72.98%

Win XP Pro, was running IE 6, just updated to 7. SP3
When I I google, or yahoo, or msn if I click on any search result it always redirects to some place off the wall. However if i cut and paste the actual URL received in any search directly into the address bar no problem. Doesn't matter what searc engine I use, i always get re-directed, ran malwarebytes and nothing found, AVG same thing. Checked Host file...no entries, no entries in LM hosts either. Tried changing through NS look up what DNS server I'm using still no go same results. I will try FF and see if same happens. any ideas where to look?
Don't want to blow the thing away again, any ideas?
Thanx
-M
 

Answer:Search engine redirects

it does it with FF too. After I click on 3 or 4 results then anything I click on after that, it re-directs
help
 

3 more replies
Relevance 72.98%

I am having some difficulty with Search Engine redirects after picking-up an alert for 'troj_fakespyp.c'.

I have tried to follow the instructions you have provided to the letter. Any help resolving this would be greatly appreciated.


DDS (Ver_09-10-13.01) - NTFSx86
Run by Dermot.Lynch at 22:30:47.34 on 17/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2009.1075 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {C66E24F5-8142-401B-8BD7-38E09F35AE79}

============== Running Processes ===============

C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINNT\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINNT\System32\svchost.exe -k dot3svc
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\WINNT\system32\agrsmsvc.exe
svchost.exe
C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\CENTENN.IAL\AUDIT\cagent32.exe
C:\CENTENN.IAL\AUDIT\xferwan.exe
C:\Program Files\Common Files\Fujitsu Siemens Computers\Manageability\HaMDevMg.exe\1.00\HaMDevMg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\Chec... Read more

Answer:Search Engine Redirects

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.Open Spybot Search & Destroy.
In the Mode menu click Advanced mode if not already selected.
Choose Yes at the Warning prompt.
Expand the Tools menu.
Click Resident.
Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
If TeaTimer gives you a warning that changes were made, click the Allow Change box when prompted.
In the File menu click Exit to exit Spybot ... Read more

13 more replies
Relevance 72.98%

I have recently been flooded by search result redirects. There seems to be no one page address but if I search for fixes for my problems it will quite often direct me to a page claiming to be Norton anti virus or any number of software makers supposedly in the business of anti-virus and of course nothing in the address bar indicates that it could be from the real makers of such software. It has come to the point I am afraid to use it for any business transactions till I rectify the problem. Thank you in advance for your time.
 

Answer:Search engine redirects

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.

Now click the Files/folders tab and locate these detections:

[ZeroAccess][FOLDER] U : C:\Users\Joe N Deb\AppData\Local\{34fddedf-d920-66dd-1a23-ed496a1f8afd}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Joe N Deb\AppData\Local\{34fddedf-d920-66dd-1a23-ed496a1f8afd}\L --> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Do not reboot your computer yet.

Now run HitmanPro and attach the log.

Then re-run RogueKiller and... Read more

5 more replies
Relevance 72.57%

I have a new problem that just started yesterday. Anytime I try to use Google, Yahoo, or Windows live I'm getting redirected to a variety of advertising websites. I am able to find the topic that I want. If I click on the desired webpage, I get the redirect. If I copy the URL and paste it in the navigation toolbar, it goes where it's supposed to. So this must have something to do specifically with a hijack of the link. Also, I get unwanted advertising pop-ups sometimes. I'm in the process of running AdAware and SpyBot, but so far no good results.

Can someone help me understand what the problem is and how to fix it?

Answer:Uninvited search engine redirects

Let's start you off on this scan.Please download and follow the instructions for Malwarebytes as posted by Boopmehttp://www.bleepingcomputer.com/forums/ind...t&p=1004385Post the results here in your next reply when finished.

1 more replies
Relevance 72.57%

hello,

of late, i have been unable to conduct any searches from google. it says that my equest looks like an automated google redirects me to a page which says this: "We're sorry...

... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now."

am using a windows XP programme. besides this, (this could be unrelated) since the past 2 days, my yahoo messenger has got corrupted and today i got a message saying chrome.exe is corrupted. the PC seems to have slowed down.

here is my DDS.txt log


DDS (Ver_09-05-14.01) - FAT32x86
Run by NEW at 11:15:28.71 on Tue 06/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.164 [GMT 5.5:30]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe ... Read more

Answer:google search engine redirects me

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

3 more replies