Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Search Engines Diverting to Random Sites


(!)

Catnapper's Avatar
Catnapper Catnapper is offline
Computer Specs
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
28-May-2010, 02:32 PM #1
Search Engines Diverting to Random Sites
I am using Window XP and Internet Explorer 8. I was on the internet and alerted by McAfee to block a site. I did this and got off the internet. Next day tried to do a system restore, as I was nervous, and received message, "system restore has been blocked by group policy". In addition, my search engines keep diverting me. Spent day running Malewarebytes (33 problems), deleting McAfee and installing Microsoft Security Essentials, running scans, updating windows, running scans. All is working well today except the search engines. If I type in a seach, a list of appropriate sites will appear. When I click on a site, I am diverting to a random site, no pop ups are occurring. If I type an address in the address bar, I can access that site. I assume my search engine has been hijacked. I am including the results of HJT in case they are needed. Thank you in advance for any help.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
28-May-2010, 04:42 PM #2
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Catnapper's Avatar
Catnapper Catnapper is offline
Computer Specs
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
28-May-2010, 06:30 PM #3
HelloRorschach112,
Thank you for helping me. I have done as instructed and am attaching the ComboFix log. I tried three searches on the internet after running ComboFix and each worked perfectly. Do you think my problem is solved? I don't know what I did to expose myself to these problems, but I am certainly grateful for your help.
Regards, Catnapper
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
28-May-2010, 06:34 PM #4
don't attach the logs please


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::


Folder::
c:\documents and settings\Michele Nylen\Local Settings\Application Data\odwdrlijf
c:\documents and settings\Michele Nylen\Local Settings\Application Data\uoxnqfohx

FCopy::
c:\windows\ServicePackFiles\i386\user32.dll | c:\windows\system32\user32.dll
KillAll::


Registry::

Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Catnapper's Avatar
Catnapper Catnapper is offline
Computer Specs
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
28-May-2010, 08:19 PM #5
Hello,
Here is the log. I hope I did this correctly.

ComboFix 10-05-28.02 - Michele Nylen 05/28/2010 20:48:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.561 [GMT -4:00]
Running from: c:\documents and settings\Michele Nylen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michele Nylen\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
The following files were disabled during the run:
c:\windows\TEMP\logishrd\LVPrcInj01.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Michele Nylen\Local Settings\Application Data\odwdrlijf
c:\documents and settings\Michele Nylen\Local Settings\Application Data\uoxnqfohx
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
--------------- FCopy ---------------
c:\windows\ServicePackFiles\i386\user32.dll --> c:\windows\system32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.
2010-05-28 20:21 . 2010-05-28 20:21 -------- d-----w- c:\documents and settings\Michele Nylen\Local Settings\Application Data\PCHealth
2010-05-28 03:00 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-28 01:29 . 2010-05-28 01:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-27 22:44 . 2010-05-27 22:44 138496 ----a-w- c:\windows\system32\drivers\AFD.SYS
2010-05-27 22:26 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 21:59 . 2010-05-27 21:59 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-27 21:41 . 2010-05-28 20:19 -------- d-----w- c:\windows\system32\NtmsData
2010-05-27 19:52 . 2010-05-27 19:52 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\Malwarebytes
2010-05-27 19:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 19:52 . 2010-05-27 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 19:52 . 2010-05-27 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-27 19:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 13:34 . 2010-05-27 20:18 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-27 12:24 . 2010-05-27 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-27 02:28 . 2010-05-27 02:28 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-26 15:44 . 2010-05-26 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-05-26 15:39 . 2010-05-26 15:39 -------- d-----w- c:\documents and settings\Michele Nylen\Local Settings\Application Data\Citrix
2010-05-26 13:59 . 2010-05-26 13:59 -------- d-----w- c:\documents and settings\Michele Nylen\Local Settings\Application Data\Motive
2010-05-26 11:02 . 2010-05-26 11:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-26 03:44 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-26 03:44 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-26 03:44 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-26 03:44 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 01:02 . 2009-12-25 18:25 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\Skype
2010-05-29 00:58 . 2009-12-25 14:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-29 00:58 . 2009-12-25 14:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-28 22:37 . 2009-12-25 18:28 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\skypePM
2010-05-28 19:45 . 2005-12-10 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-28 15:43 . 2005-12-10 05:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 15:43 . 2010-02-23 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2010-05-28 01:43 . 2005-12-26 21:07 77352 ----a-w- c:\documents and settings\Michele Nylen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 21:44 . 2005-12-26 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-27 21:43 . 2005-12-26 22:49 -------- d-----w- c:\program files\McAfee
2010-05-27 21:43 . 2005-12-10 05:18 -------- d-----w- c:\program files\McAfee.com
2010-05-26 15:39 . 2007-12-24 14:19 -------- d-----w- c:\program files\Citrix
2010-05-26 15:26 . 2010-05-26 15:27 300384 ----a-w- c:\documents and settings\Michele Nylen\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-05-26 15:26 . 2005-12-26 22:49 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\McAfee
2010-05-26 14:00 . 2008-04-26 13:28 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\Motive
2010-05-26 13:55 . 2009-09-16 22:54 -------- d-----w- c:\program files\ATT-SST
2010-05-26 03:44 . 2008-04-26 13:27 -------- d-----w- c:\program files\Common Files\Motive
2010-05-26 03:41 . 2009-12-26 19:18 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\HPAppData
2010-05-24 15:16 . 2010-01-14 02:47 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\HpUpdate
2010-05-24 15:15 . 2009-08-04 15:41 -------- d-----w- c:\program files\Hewlett_Packard
2010-05-24 01:30 . 2005-12-27 20:46 -------- d-----w- c:\program files\Microsoft Picture It! PhotoPub
2010-04-19 22:48 . 2010-04-19 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-19 22:48 . 2009-10-30 21:10 -------- d-----w- c:\program files\iTunes
2010-04-19 22:47 . 2010-04-19 22:47 -------- d-----w- c:\program files\iPod
2010-04-19 22:42 . 2010-04-19 22:42 -------- d-----w- c:\program files\QuickTime
2010-04-19 22:37 . 2010-04-19 22:37 -------- d-----w- c:\program files\Bonjour
2010-04-19 22:32 . 2010-04-19 22:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-19 22:29 . 2008-03-25 01:22 -------- d-----w- c:\program files\Safari
2010-04-19 22:24 . 2010-04-19 22:24 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-12 11:39 . 2010-04-12 11:38 14451728 ----a-w- c:\documents and settings\Michele Nylen\Application Data\Barnes & Noble\DesktopReader\Updater\bndr_setup_2.1.1.2.exe
2010-03-18 12:30 . 2010-03-18 12:26 23165 ----a-w- c:\windows\hpqins15.dat
2010-03-10 06:15 . 2008-10-09 20:50 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 01:29 . 2010-03-02 01:29 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-03-02 01:12 . 2009-09-25 21:15 61920 ---ha-w- c:\windows\system32\mlfcache.dat
2007-04-14 01:21 . 2005-12-27 13:34 104 --sha-r- c:\windows\system32\C8F8DA288C.sys
2007-04-14 01:21 . 2005-12-27 13:34 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-11 198160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HP Software Update"="c:\program files\Hewlett_Packard\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [12/26/2005 4:34 PM 84480]
S2 gupdate1ca858f69e7d3fe;Google Update Service (gupdate1ca858f69e7d3fe);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2009 2:23 PM 133104]
S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\sharshtl.sys [12/26/2005 4:34 PM 18432]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 8:44 AM 580992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 18:23]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 18:23]
2010-05-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 20:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3018791857-2810793895-3073136319-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(7492)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-05-28 21:07:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-29 01:07
ComboFix2.txt 2010-05-28 22:45
Pre-Run: 121,283,846,144 bytes free
Post-Run: 121,261,228,032 bytes free
- - End Of File - - 41FD52BD80704800968E21D2208BB747
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
29-May-2010, 05:38 AM #6
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Catnapper's Avatar
Catnapper Catnapper is offline
Computer Specs
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
29-May-2010, 07:06 AM #7
Should I disable Microsoft Security Essentials before runnining Malwarebytes?
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
29-May-2010, 09:15 AM #8
if you can
Catnapper's Avatar
Catnapper Catnapper is offline
Computer Specs
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
29-May-2010, 11:54 AM #9
Search Engines Diverting to Randon Sites
Hello, I dowloaded and ran TFC. I dowloaded and ran Malwarebytes here is the log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4153
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/29/2010 8:34:22 AM
mbam-log-2010-05-29 (08-34-22).txt
Scan type: Quick scan
Objects scanned: 136572
Time elapsed: 6 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

I went to Kaspersky and performed an online antivirus scan and here is the report.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, May 29, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, May 29, 2010 11:34:51
Records in database: 4196408
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Z:\
Scan statistics:
Objects scanned: 91936
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:03:53

File name / Threat / Threats count
C:\Documents and Settings\Michele Nylen\My Documents\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
Selected area has been scanned.

Thanks, Catnapper
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
29-May-2010, 02:01 PM #10
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.


  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
Catnapper's Avatar
Catnapper Catnapper is offline
Computer Specs
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
29-May-2010, 02:14 PM #11
I will do as instructed. Thank you for your help. Do I have to be concerned about the 1 infected file found by the Kaspersky scan?
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
29-May-2010, 04:08 PM #12
no, you can delete that file yourself if you want
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Search engine links redirecting to ad sites jobi1canobi Virus & Other Malware Removal 15 30-May-2010 08:51 AM
Search engines redirects to random sites cornsyrup Virus & Other Malware Removal 2 14-Oct-2009 05:49 AM
Search Engine Redirecting to Wrong Page amiras Virus & Other Malware Removal 1 12-Jan-2009 05:07 PM
Browser hijacked search results go to bogus sites Ginny920 Virus & Other Malware Removal 0 01-Jan-2009 08:47 PM
IE Explorer diverted to random sites cerjxa Virus & Other Malware Removal 3 02-Dec-2008 09:49 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑