Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine Redirect Malware [Solved]


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

Advertisements


#17
BirdK

BirdK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4111

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2010 9:28:14 AM
mbam-log-2010-05-18 (09-28-14).txt

Scan type: Quick scan
Objects scanned: 146808
Time elapsed: 15 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I was unable to run the Kaspersky scan. It states:
Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.
I checked my version of Java and it is 1.6. It is checked under internet option advanced and it is also checkmarked under Java for internet explorer. I'm stumped to as why it will not accept this. Any suggestions?

By the way, thank you again for all your help! The audio is back and working well and the search redirects have gone away and not come back this time.
  • 0

#18
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#19
BirdK

BirdK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok, so this scan went well. It found 4 worms (I can't remember their names). The problem is that there are only 2 files in the ESET Online Scanner folder and neither one is log.txt. There is a Online Scanner.ocx and an uninstall file. It did ask me at the end if I wanted to delete the quarentined files and I said yes. It asked me something about keeping the downloaded scanner and I said no, maybe that included deleting the log, not sure.
  • 0

#20
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *log.txt*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#21
BirdK

BirdK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:30 on 19/05/2010 by Kerry (Administrator - Elevation successful)

========== filefind ==========

Searching for "*log.txt*"
C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\sasshmod.dll\log.txt --a--- 470 bytes [21:09 12/01/2010] [21:11 13/01/2010] C1A27047916FACCD6E2855741D88AB64
C:\Documents and Settings\All Users\Application Data\McAfee\SiteAdvisor\saupkeep.dll\log.txt --a--- 4899 bytes [22:17 14/01/2010] [12:35 18/05/2010] 7876D68555C8F4E021D31F55774B6ED8
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt --a--- 278 bytes [08:05 30/10/2003] [08:06 30/10/2003] EF3E06F0193EA30CC953020F02B43162
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt --a--- 1518 bytes [08:05 30/10/2003] [08:06 30/10/2003] 0D749893CE1B0DAA2367F2E818869EAE
C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86\DIFxInstallLog.txt --a--- 3578 bytes [19:32 28/03/2009] [19:33 28/03/2009] 488DB9C7A81E8429130EAE4A13E78C5C
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxInstallLog.txt --a--- 2094 bytes [17:49 14/04/2010] [17:54 28/04/2010] DAD2D2A7FC37285F726F58106BCDDC3C
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxInstallLog.txt --a--- 2094 bytes [15:40 16/09/2009] [15:34 03/02/2010] 9B4D524F9692473A6CC356EF6D938356
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxInstallLog.txt --a--- 2094 bytes [16:02 15/04/2009] [13:41 29/07/2009] A2EF03C479D98D573148262466235C98
C:\Documents and Settings\Dad\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt --a--- 123957 bytes [14:19 22/05/2007] [20:38 25/05/2008] 15041F3F317E8A305E88DC5F6C262446
C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT --a--- 10379 bytes [12:43 08/03/2004] [12:43 08/03/2004] DEFC59BE375EF876A149364DD052E334
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt --a--- 7861 bytes [18:20 16/06/2006] [23:40 05/11/2009] 8A1E87D5929FE7EF33FFA97A5A35A335
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT --a--- 10381 bytes [14:59 03/09/2002] [08:06 03/09/2002] 4FD496505B3F2EDF7BAAF77353152925
C:\Documents and Settings\Jake\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT --a--- 10381 bytes [13:40 07/09/2007] [08:06 03/09/2002] 4FD496505B3F2EDF7BAAF77353152925
C:\Documents and Settings\Jake\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt --a--- 7862 bytes [13:41 07/09/2007] [18:35 08/06/2009] 8CE4FB71C4E21155B03AAF4C54ECDDA8
C:\Documents and Settings\Kerry\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt --a--- 104857 bytes [03:07 13/01/2006] [02:03 16/05/2010] EF17E85717674F13A1383F440D9F29FA
C:\Documents and Settings\Kerry\Application Data\GARMIN\Map Update\setuplog.txt --a--- 6270 bytes [19:26 10/08/2009] [15:16 11/08/2009] 57DA71D575211685B0CD7BAB6A693829
C:\Documents and Settings\Kerry\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT --a--- 10381 bytes [00:56 19/12/2003] [00:57 19/12/2003] 76FE4C78BF2BBCD2AD59CBDF371EFAC4
C:\Documents and Settings\Kerry\Desktop\Computer Cleanup\051710 combofixlog.txt --a--- 19453 bytes [18:57 17/05/2010] [18:57 17/05/2010] 63E13EA1D276526508AC009F46D22FA5
C:\Documents and Settings\Kerry\Desktop\Computer Cleanup\combofix log.txt --a--- 19901 bytes [20:51 12/05/2010] [20:51 12/05/2010] 9C4B72A620F9FDAC6581D682A308DC0C
C:\Documents and Settings\Kerry\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt --a--- 7863 bytes [18:26 11/06/2006] [00:46 04/05/2010] 35B79CFA95523B57BEFAC5318F9A1CC9
C:\Documents and Settings\NetworkService\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt --a--- 17372 bytes [09:18 13/05/2010] [09:18 13/05/2010] D07D8464B17DF289403102A1588B12FD
C:\I386\BRNDLOG.TXT --a--- 10381 bytes [01:00 19/12/2003] [08:06 03/09/2002] 4FD496505B3F2EDF7BAAF77353152925
C:\I386\H323LOG.TXT --a--- 0 bytes [01:03 19/12/2003] [14:53 03/09/2002] D41D8CD98F00B204E9800998ECF8427E
C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\Motorola_Driver_Installer_Log.txt --a--- 25924 bytes [01:13 15/01/2010] [01:54 15/01/2010] 21BA4A48882A382CAFEABAFABDB5297D
C:\Program Files\Common Files\Real\Update\RealPlayer-log.txt --a--- 14086 bytes [08:25 30/10/2003] [08:25 30/10/2003] 6F35F0472CAB7898B57486F68A6BD7A3
C:\Program Files\Common Files\Real\Update_OB\RealPlayer-log.txt --a--- 34850 bytes [08:27 30/10/2003] [19:09 26/09/2004] DF06BF9DE87BDA753A82ECEA09658D39
C:\Program Files\Hewlett-Packard\Memories Disc\data\comslog.txt --a--- 29403 bytes [02:49 28/12/2003] [18:38 15/02/2006] 8FA5ACD6B6E19789ACC1D6501C3698B9
C:\Program Files\Hewlett-Packard\Memories Disc\data\hpodlog.txt --a--- 1736 bytes [02:49 28/12/2003] [18:38 15/02/2006] 181CC122713079B15A224CFF8FC75341
C:\Program Files\Internet Explorer\h323log.txt --a--- 0 bytes [11:56 25/11/2008] [11:56 25/11/2008] D41D8CD98F00B204E9800998ECF8427E
C:\Program Files\Motorola\MotoConnectService\MotoConnectLog.txt --a--- 1178 bytes [01:13 15/01/2010] [01:31 17/01/2010] FEE7F341F6EC89F6A2E6C2AE8BD42917
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\altlog.txt --a--- 781 bytes [08:26 30/10/2003] [18:40 11/06/2008] 14197F2951BD709C9174909EE5573584
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblog.txt --a--- 3209 bytes [08:26 30/10/2003] [18:40 11/06/2008] 5E7982ECD693BD99932AAF3E5192C688
C:\TDSSKiller.2.3.0.0_17.05.2010_16.01.54_log.txt --a--- 54330 bytes [20:01 17/05/2010] [20:02 17/05/2010] 352123E0C3491F74EC5B160A12CEDC57
C:\WINDOWS\Java\javalog.txt --a--- 0 bytes [18:46 06/03/2006] [04:57 30/03/2006] D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\ntbtlog.txt --a--- 111478 bytes [17:51 17/05/2010] [18:09 17/05/2010] EE1677A2D3DEA4D12B360206B737E4FF
C:\WINDOWS\OEWABLog.txt --a--- 2903 bytes [08:06 03/09/2002] [12:11 28/08/2008] 2F5262721046162A8DA6E5E4859CCEA3
C:\WINDOWS\SETUPLOG.TXT --a--- 10104 bytes [15:05 03/09/2002] [11:39 28/08/2008] EB90AF75BE38E699EBBDDB8ECA525C15
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT --a--- 10381 bytes [14:59 03/09/2002] [08:06 03/09/2002] 4FD496505B3F2EDF7BAAF77353152925
C:\WINDOWS\SYSTEM32\H323LOG.TXT --a--- 0 bytes [14:53 03/09/2002] [14:53 03/09/2002] D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\Temp\WGAErrLog.txt --a--- 255 bytes [12:33 18/05/2010] [12:35 18/05/2010] E83C7369E78390E5744C1B5CCB9F971D
C:\WINDOWS\wplog.txt --a--- 0 bytes [15:53 08/04/2004] [15:53 08/04/2004] D41D8CD98F00B204E9800998ECF8427E

-=End Of File=-
  • 0

#22
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#23
BirdK

BirdK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Combofix seemed to disappear. But I performed the OTL items.

Thank you so much for your help in fixing the problems. I am so pleased by the outcome and am full of gratitude towards you. You gave really detailed and easy to follow instructions to help me solve our computer problems.

Thanks!!!!! :)
  • 0

#24
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP