Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search redirects-

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search redirects-

Unread postby digitalis » January 8th, 2011, 12:18 pm

Hi guys, having problems with search engine redirects...run a full Avira scan and Malwarebytes but the problem still exists. Any help appreciated!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:10:49, on 08/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Virtual CD v10\System\VC10Play.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ASRock Utility\OCTuner\ASROC.exe
C:\Program Files\Virtual CD v10\System\VC10Tray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Users\digitalis\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\tbExpa.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: proTek browser enhancer - {938137A9-54E7-4CAC-A667-DA03073F382B} - C:\Windows\$NT0234Uninstall$\xprt.dll
O2 - BHO: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\tbExpa.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O3 - Toolbar: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files\Expat_Shield\tbExpa.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Multi-Monitor Fullscreen Helper.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll
O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\qxei\setup.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v10\System\VC10SecS.exe

--
End of file - 7509 bytes

µTorrent
777 'The Modern Airliner Collection'
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe SVG Viewer 3.0
Aerosoft's - F-16 Fighting Falcon
Airbus Series Vol.1 (FS X)
America's Army 3
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
ASRock InstantBoot v1.23
ASRock OC Tuner v2.2.93
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
BattlEye for OA Uninstall
BattlEye Uninstall
Bet Angel (BETDAQ)
Bing Bar
Bing Bar Platform
BlackBerry Device Software Updater
BLM 2.7.7
CoreAVC Professional Edition (remove only)
CPUID CPU-Z 1.56
CPUID HWMonitor 1.16
Defraggler
Driver Sweeper 2.1.0
Expat_Shield Toolbar
Flight1 Citation Mustang
Fun4IM
Gamers Window Relocator
GrabIt 1.7.2 Beta 4 (build 997)
Ground Environment X Europe
IvAc v1.1.12 (b183)
IvAi v1.0.0 b150
IvAp v1.9.8 (build 2138)
Java(TM) 6 Update 22
JDownloader
kikin plugin 2.9
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
Multi-Monitor Fullscreen Helper
nHancer
nHancer
NoteZilla 7.0
NVIDIA Graphics Driver 260.99
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OpenAL
OpenSSL 0.9.8l Light (32-bit)
PDF Annotator 2.0.0.260
PeerGuardian 2.0
PIXresizer
PunkBuster Services
Real Environment Xtreme
Realtek Ethernet Controller Driver
Red Faction: Guerrilla
Red Faction: Guerrilla
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Shadow Warrior v1.2
Six Updater Suite
Skype Toolbars
Skype™ 5.0
SMPlayer 0.6.9
SopCast 3.2.9
Splash PRO
SplitView 2010
Spotify
StarCraft II
Steam
Street-Ads Browser Enhancer
System Requirements Lab
TeamSpeak 2 RC2
The Eye v1.0.6 (b345)
TheMatrix Screen Saver version 1.14
TVUPlayer 2.5.3.1
Two Worlds II
Ubisoft Game Launcher
UK2000 Gatwick Xtreme FSX
UK2000 Heathrow Xtreme FSX
VertexDSP MultiInspectorFree 1.2.0
Virtual CD v10
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.5
VobSub v2.23 (Remove Only)
Win7codecs
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
digitalis
Active Member
 
Posts: 2
Joined: January 8th, 2011, 12:11 pm
Advertisement
Register to Remove

Re: Search redirects-

Unread postby digitalis » January 8th, 2011, 5:08 pm

I found I had a TDS rootkit installed and used the Kaspersky removal tool and seems to have worked :)
digitalis
Active Member
 
Posts: 2
Joined: January 8th, 2011, 12:11 pm

Re: Search redirects-

Unread postby NonSuch » January 9th, 2011, 2:34 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 222 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware