Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google searches getting redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google searches getting redirected

Unread postby Airscape » July 28th, 2010, 7:41 pm

A window comes up when I run the tool and the first line says validation status validation control not installed.

Go to this link: http://www.microsoft.com/genuine/diag/
Click on Start diagnostics
Click on continue
Click on Resolve now
follow the prompts you may be asked to download files/plugins, please save them to the desktop and run them.
After installation please run MGADiag.exe again and post the log.
There are 2 boxes at the bottom saying resolve and copy.Is that the copy you want me to click on?I click on copy and nothing happens.

When you click copy it automatically copies it to the Windows clipboard (the same as when you copy/paste text in a reply, just there's no need to highlight the text)
If needed open up notepad or any text editor etc and after clicking on copy, right click on the empty notepad file and select paste.
Please post the results back here after running the above files/plugins.
Programs / Result Version Detected Status
Microsoft Windows XP Professional Service Pack 3
This installation of Microsoft Windows XP Professional is insecure and potentially exposes your system to security threats!
Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.
Update Instructions:
You do not have the following Microsoft security updates installed:
KB2229593
Visit Windows Update to install the missing patches.

You said earlier you like to read the updates before installing, However it's far better to have Windows automatically download and install them.
By the time we install them (if we forgot to install some etc) malware could have already infected the pc.
I suggest you launch Windows updates now as the pc is at risk or configure auto updates here: http://support.microsoft.com/kb/306525
Please install all recommended Windows updates before continuing.
Apple QuickTime 7.x 7.1.0.210
WinZip 9.x 9.0 SR-1 (6
This installation of WinZip 9.x is insecure and potentially exposes your system to security threats!

Run Secunia again and click on download next to the vulnerability it shows to download the update and run it.
then go to Add/Remove Programs and remove the old version (if it's not automatically removed by the update)


So please post the MGADiag.exe log along with any problems you may have.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Advertisement
Register to Remove

Re: Google searches getting redirected

Unread postby Butcher » July 29th, 2010, 7:31 pm

Hi,
Resolved all M/S issues and installed all updates.Updated Quicktime and WinZip to current versions.Ran Secunia again and no software problems were seen.Here is the mgadiag log.Pc is running good maybe a little slow.I think I have some housecleaning to do.What's next.

Thanks,

Butcher


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-FTQFW-7RGWP-D9Y63
Windows Product Key Hash: lhANqfFJzrHAIXTwunVTfp0PWVU=
Windows Product ID: 55274-640-0450496-23664
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {03943F59-EBC2-42DD-BCB6-614136963E16}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{03943F59-EBC2-42DD-BCB6-614136963E16}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-D9Y63</PKey><PID>55274-640-0450496-23664</PID><PIDType>1</PIDType><SID>S-1-5-21-448539723-1177238915-682003330</SID><SYSTEM><Manufacturer>VIA Technologies, Inc.</Manufacturer><Model>KM400-8235</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>1006 </Version><SMBIOSVersion major="2" minor="2"/><Date>20030915000000.000000+000</Date></BIOS><HWID>BF9837C70184206B</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 29th, 2010, 9:18 pm

Hi Butcher,


Fix HijackThis lines
Run HijackThis
Click on scan/do a system scan only
Place a tick next to the following lines (if still present):

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab

Close all windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HijackThis and Reboot the computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Well done your pc now appears to be Malware free. Please advise on any problems you still have.


Remove ESET online scanner and HijackThis through Control Panel > Add/Remove Programs (if present)
You can keep TFC.exe to clean out temporary files. I recommend running it once a week.

Keep MBAM installed. Run a scan once a week.


Uninstall ComboFix
Make sure ComboFix.exe is on the desktop.
Click on Start > Run (or windows key + R)
Copy/paste in ComboFix /Uninstall and click OK.
You should get a success message.

The above will implement some cleanup procedures as well as reset System Restore points.


Clean up with OTC
Download OTC by Old Timer here and save it to your desktop.
Double click on OTC.exe to run it.
Click on CleanUp!
At the begin cleanup process? prompt, click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.

The above will remove the majority of tools/logs used in the removal process. If any still exist, please delete them yourself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now some advice for keeping your pc safe and secure for the future:


SpywareBlaster
SpywareBlaster is used to secure Internet Explorer so that it is harder for ActiveX programs to run on your computer.
It also disables the ability of certain known offending ActiveX programs from running at all.
This program also has the ability to stop certain cookies from being added to your computer when running Internet Explorer and Mozilla Firefox.
You can download the program from HERE
Note:You will need to manually update it, then click enable all protection at the main screen. Repeat this process every week.

AnalogX Script Defender
Windows by default allows scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious.
AnalogX Script Defender will prevent these malicious scripts from running on your pc by giving you the option to allow a script or not.
You can download the program from HERE

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location.
Your machine always looks at that file in that location before connecting to a web site to verify the address.
So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.
Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

If you do decide to use a Hosts file and notice a slowdown you will need to disable the DNS Client Service:
Click Start > Run type services.msc into the Open: box, then click OK.
This will open the Services window.
Scroll down to DNS Client and double click on it.
Click the Stop button to stop the service.
Set Startup type to Manual.
Click OK
Exit the Services window.

Here is a great article by miekiemoes How to prevent Malware

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it, and if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 30th, 2010, 1:02 pm

Hi,
Read you post and will do everything you requested.If everything seems ok will make one final post to you either today or tomorrow.Thanks again for all your help.Couldn't have done this without you.

Butcher
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 30th, 2010, 1:42 pm

No problem.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby jmw3 » July 31st, 2010, 10:49 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware