Solved: Search Engines Diverting to Random Sites

Catnapper · 28-May-2010, 03:32 PM #1

I am using Window XP and Internet Explorer 8. I was on the internet and alerted by McAfee to block a site. I did this and got off the internet. Next day tried to do a system restore, as I was nervous, and received message, "system restore has been blocked by group policy". In addition, my search engines keep diverting me. Spent day running Malewarebytes (33 problems), deleting McAfee and installing Microsoft Security Essentials, running scans, updating windows, running scans. All is working well today except the search engines. If I type in a seach, a list of appropriate sites will appear. When I click on a site, I am diverting to a random site, no pop ups are occurring. If I type an address in the address bar, I can access that site. I assume my search engine has been hijacked. I am including the results of HJT in case they are needed. Thank you in advance for any help.

Rorschach112 · 28-May-2010, 05:42 PM #2

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Catnapper · 28-May-2010, 07:30 PM #3

HelloRorschach112,
Thank you for helping me. I have done as instructed and am attaching the ComboFix log. I tried three searches on the internet after running ComboFix and each worked perfectly. Do you think my problem is solved? I don't know what I did to expose myself to these problems, but I am certainly grateful for your help.
Regards, Catnapper

Rorschach112 · 28-May-2010, 07:34 PM #4

don't attach the logs please

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::

Folder::
c:\documents and settings\Michele Nylen\Local Settings\Application Data\odwdrlijf
c:\documents and settings\Michele Nylen\Local Settings\Application Data\uoxnqfohx

FCopy::
c:\windows\ServicePackFiles\i386\user32.dll | c:\windows\system32\user32.dll
KillAll::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Catnapper · 28-May-2010, 09:19 PM #5

Hello,
Here is the log. I hope I did this correctly.

ComboFix 10-05-28.02 - Michele Nylen 05/28/2010 20:48:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.561 [GMT -4:00]
Running from: c:\documents and settings\Michele Nylen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michele Nylen\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
The following files were disabled during the run:
c:\windows\TEMP\logishrd\LVPrcInj01.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Michele Nylen\Local Settings\Application Data\odwdrlijf
c:\documents and settings\Michele Nylen\Local Settings\Application Data\uoxnqfohx
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
--------------- FCopy ---------------
c:\windows\ServicePackFiles\i386\user32.dll --> c:\windows\system32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.
2010-05-28 20:21 . 2010-05-28 20:21 -------- d-----w- c:\documents and settings\Michele Nylen\Local Settings\Application Data\PCHealth
2010-05-28 03:00 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-28 01:29 . 2010-05-28 01:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-27 22:44 . 2010-05-27 22:44 138496 ----a-w- c:\windows\system32\drivers\AFD.SYS
2010-05-27 22:26 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 21:59 . 2010-05-27 21:59 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-27 21:41 . 2010-05-28 20:19 -------- d-----w- c:\windows\system32\NtmsData
2010-05-27 19:52 . 2010-05-27 19:52 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\Malwarebytes
2010-05-27 19:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 19:52 . 2010-05-27 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 19:52 . 2010-05-27 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-27 19:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 13:34 . 2010-05-27 20:18 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-27 12:24 . 2010-05-27 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-27 02:28 . 2010-05-27 02:28 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-26 15:44 . 2010-05-26 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-05-26 15:39 . 2010-05-26 15:39 -------- d-----w- c:\documents and settings\Michele Nylen\Local Settings\Application Data\Citrix
2010-05-26 13:59 . 2010-05-26 13:59 -------- d-----w- c:\documents and settings\Michele Nylen\Local Settings\Application Data\Motive
2010-05-26 11:02 . 2010-05-26 11:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-26 03:44 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-26 03:44 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-26 03:44 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-26 03:44 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 01:02 . 2009-12-25 18:25 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\Skype
2010-05-29 00:58 . 2009-12-25 14:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-29 00:58 . 2009-12-25 14:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-28 22:37 . 2009-12-25 18:28 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\skypePM
2010-05-28 19:45 . 2005-12-10 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-28 15:43 . 2005-12-10 05:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 15:43 . 2010-02-23 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2010-05-28 01:43 . 2005-12-26 21:07 77352 ----a-w- c:\documents and settings\Michele Nylen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 21:44 . 2005-12-26 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-27 21:43 . 2005-12-26 22:49 -------- d-----w- c:\program files\McAfee
2010-05-27 21:43 . 2005-12-10 05:18 -------- d-----w- c:\program files\McAfee.com
2010-05-26 15:39 . 2007-12-24 14:19 -------- d-----w- c:\program files\Citrix
2010-05-26 15:26 . 2010-05-26 15:27 300384 ----a-w- c:\documents and settings\Michele Nylen\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-05-26 15:26 . 2005-12-26 22:49 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\McAfee
2010-05-26 14:00 . 2008-04-26 13:28 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\Motive
2010-05-26 13:55 . 2009-09-16 22:54 -------- d-----w- c:\program files\ATT-SST
2010-05-26 03:44 . 2008-04-26 13:27 -------- d-----w- c:\program files\Common Files\Motive
2010-05-26 03:41 . 2009-12-26 19:18 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\HPAppData
2010-05-24 15:16 . 2010-01-14 02:47 -------- d-----w- c:\documents and settings\Michele Nylen\Application Data\HpUpdate
2010-05-24 15:15 . 2009-08-04 15:41 -------- d-----w- c:\program files\Hewlett_Packard
2010-05-24 01:30 . 2005-12-27 20:46 -------- d-----w- c:\program files\Microsoft Picture It! PhotoPub
2010-04-19 22:48 . 2010-04-19 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-19 22:48 . 2009-10-30 21:10 -------- d-----w- c:\program files\iTunes
2010-04-19 22:47 . 2010-04-19 22:47 -------- d-----w- c:\program files\iPod
2010-04-19 22:42 . 2010-04-19 22:42 -------- d-----w- c:\program files\QuickTime
2010-04-19 22:37 . 2010-04-19 22:37 -------- d-----w- c:\program files\Bonjour
2010-04-19 22:32 . 2010-04-19 22:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-19 22:29 . 2008-03-25 01:22 -------- d-----w- c:\program files\Safari
2010-04-19 22:24 . 2010-04-19 22:24 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-12 11:39 . 2010-04-12 11:38 14451728 ----a-w- c:\documents and settings\Michele Nylen\Application Data\Barnes & Noble\DesktopReader\Updater\bndr_setup_2.1.1.2.exe
2010-03-18 12:30 . 2010-03-18 12:26 23165 ----a-w- c:\windows\hpqins15.dat
2010-03-10 06:15 . 2008-10-09 20:50 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 01:29 . 2010-03-02 01:29 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-03-02 01:12 . 2009-09-25 21:15 61920 ---ha-w- c:\windows\system32\mlfcache.dat
2007-04-14 01:21 . 2005-12-27 13:34 104 --sha-r- c:\windows\system32\C8F8DA288C.sys
2007-04-14 01:21 . 2005-12-27 13:34 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-11 198160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HP Software Update"="c:\program files\Hewlett_Packard\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [12/26/2005 4:34 PM 84480]
S2 gupdate1ca858f69e7d3fe;Google Update Service (gupdate1ca858f69e7d3fe);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2009 2:23 PM 133104]
S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\sharshtl.sys [12/26/2005 4:34 PM 18432]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 8:44 AM 580992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 18:23]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 18:23]
2010-05-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 20:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3018791857-2810793895-3073136319-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(7492)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-05-28 21:07:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-29 01:07
ComboFix2.txt 2010-05-28 22:45
Pre-Run: 121,283,846,144 bytes free
Post-Run: 121,261,228,032 bytes free
- - End Of File - - 41FD52BD80704800968E21D2208BB747

Rorschach112 · 29-May-2010, 06:38 AM #6

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Catnapper · 29-May-2010, 08:06 AM #7

Should I disable Microsoft Security Essentials before runnining Malwarebytes?

Rorschach112 · 29-May-2010, 10:15 AM #8

if you can

Catnapper · 29-May-2010, 12:54 PM #9

Hello, I dowloaded and ran TFC. I dowloaded and ran Malwarebytes here is the log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4153
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/29/2010 8:34:22 AM
mbam-log-2010-05-29 (08-34-22).txt
Scan type: Quick scan
Objects scanned: 136572
Time elapsed: 6 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

I went to Kaspersky and performed an online antivirus scan and here is the report.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, May 29, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, May 29, 2010 11:34:51
Records in database: 4196408
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Z:\
Scan statistics:
Objects scanned: 91936
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:03:53

File name / Threat / Threats count
C:\Documents and Settings\Michele Nylen\My Documents\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
Selected area has been scanned.

Thanks, Catnapper

Rorschach112 · 29-May-2010, 03:01 PM **#10**

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Catnapper · 29-May-2010, 03:14 PM **#11**

I will do as instructed. Thank you for your help. Do I have to be concerned about the 1 infected file found by the Kaspersky scan?

Rorschach112 · 29-May-2010, 05:08 PM **#12**

no, you can delete that file yourself if you want

Similar Threads
Title	Thread Starter	Forum	Replies	Last Post
Search engine links redirecting to ad sites	jobi1canobi	Virus & Other Malware Removal	15	30-May-2010 09:51 AM
Search engines redirects to random sites	cornsyrup	Virus & Other Malware Removal	2	14-Oct-2009 06:49 AM
Search Engine Redirecting to Wrong Page	amiras	Virus & Other Malware Removal	1	12-Jan-2009 05:07 PM
Browser hijacked search results go to bogus sites	Ginny920	Virus & Other Malware Removal	0	01-Jan-2009 08:47 PM
IE Explorer diverted to random sites	cerjxa	Virus & Other Malware Removal	3	02-Dec-2008 09:49 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Search Engines Diverting to Random Sites

Find the solution to your computer problem!

Find the solution to your
computer problem!