Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Oct 2009
    Posts
    52
    Points
    1

    Default Search Results Redirected

    No matter what browser or search engine I use the results get redirected. Logs are below.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:19:51 PM, on 8/28/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 3158 bytes

    Malwarebytes' Anti-Malware 1.51.1.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 7585

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    8/28/2011 9:57:23 PM
    mbam-log-2011-08-28 (21-57-23).txt

    Scan type: Quick scan
    Objects scanned: 173496
    Time elapsed: 10 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 08/28/2011 at 10:10 PM

    Application Version : 4.29.1004

    Core Rules Database Version : 7613
    Trace Rules Database Version: 5425

    Scan type : Quick Scan
    Total Scan Time : 00:12:07

    Memory items scanned : 416
    Memory threats detected : 0
    Registry items scanned : 356
    Registry threats detected : 0
    File items scanned : 4918
    File threats detected : 22

    Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@mediabrandsww[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@r1-ads.ace.advertising[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ru4[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adxpose[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@burstbeacon[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@pointroll[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@dc.tremormedia[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.adtechus[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@yieldmanager[1].txt

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Oct 2009
    Posts
    52
    Points
    1

    Default Problem Solved

    Thanks for your interest, but by looking at another thread I fixed the problem.

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    This thread will now be closed since the issue seems to be resolved.

    If you need this topic reopened, please send me a PM and I will reopen it for you.

    If you should have a new issue, please start a new topic.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-