Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help For Search Redirect Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help For Search Redirect Problem

Unread postby afegleys32 » July 2nd, 2012, 8:46 am

Hi,

Clicking my search result directs me to and advertisement. I guess this is a redirect malware. I didn't have success using several malware and anti virus tools. Hope you could help me. Thanks.

Below is my DDS Log.

-----------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32
Run by Digipro at 20:25:33 on 2012-07-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.63.1033.18.1978.969 [GMT 8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Users\Digipro\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Users\Digipro\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Digipro\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\sppsvc.exe
\systemroot\assembly\tmp\U
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uWinlogon: Shell=C:\Users\Digipro\AppData\Local\30e72c92\X
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Digipro\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "C:\Users\Digipro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msirye32.dll,tYIlBBpTjhUt
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [NoVirusThanks Malware Remover Free Startup]
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\Digipro\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Digipro\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: google.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.80.1
TCP: Interfaces\{DA7821A1-83B3-41D7-9705-8477334BCD2C} : DhcpNameServer = 192.168.80.1
TCP: Interfaces\{E442B0A0-BA5E-4962-8157-6018F3E59772} : DhcpNameServer = 192.168.80.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
Hosts: 193.107.19.186 link-assistant.com
Hosts: 193.107.19.186 http://www.link-assistant.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Digipro\AppData\Roaming\Mozilla\Firefox\Profiles\kmusmly7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Digipro\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Digipro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Digipro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [2012-6-28 1009840]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-6-22 468848]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-6-22 384880]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [2011-11-26 75040]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [2011-11-26 210720]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-11-19 245760]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C60x64.sys --> C:\Windows\system32\DRIVERS\L1C60x64.sys [?]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-18 113120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-02 12:23:50 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9F4A3DCE-F4F6-4A08-97C3-1D928315EF77}\offreg.dll
2012-07-02 03:19:57 -------- d-----w- C:\Program Files (x86)\Photodex Presenter
2012-07-02 03:19:30 -------- d-----w- C:\Program Files (x86)\Photodex
2012-07-02 03:18:31 -------- d-----w- C:\Users\Digipro\AppData\Roaming\Photodex
2012-07-02 03:18:30 -------- d-----w- C:\ProgramData\Photodex
2012-06-30 21:13:04 -------- d-----w- C:\Windows\SysWow64\Hotspot Shield
2012-06-30 14:28:36 562032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor13.dll
2012-06-30 11:07:17 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2012-06-30 01:33:08 -------- d-----w- C:\Users\Digipro\AppData\Roaming\Traffic Travis v4
2012-06-30 00:02:58 -------- d-----w- C:\wamp
2012-06-29 17:58:00 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-29 17:58:00 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-29 17:30:07 -------- d-----w- C:\Users\Digipro\AppData\Roaming\ITB
2012-06-29 14:48:52 -------- d-----w- C:\Users\Digipro\AppData\Roaming\OpenVPN Technologies
2012-06-29 14:48:52 -------- d-----w- C:\Users\Digipro\AppData\Local\OpenVPN Technologies
2012-06-29 14:47:50 -------- d-----w- C:\Program Files (x86)\OpenVPN Technologies
2012-06-29 12:03:44 -------- d-----w- C:\Program Files (x86)\Netpeak
2012-06-29 11:41:38 -------- d-----w- C:\Users\Digipro\AppData\Roaming\poi
2012-06-29 10:15:08 -------- d-----w- C:\Users\Digipro\AppData\Roaming\ubot
2012-06-29 10:14:38 -------- d-----w- C:\Users\Digipro\AppData\Local\Xenocode
2012-06-28 18:14:20 -------- d-----r- C:\Users\Digipro\AppData\Roaming\Brother
2012-06-28 13:23:08 -------- d-----w- C:\Users\Digipro\AppData\Roaming\PE Explorer
2012-06-28 13:23:02 -------- d-----w- C:\Program Files (x86)\PE Explorer
2012-06-28 13:11:49 -------- d-----w- C:\Program Files (x86)\Acunetix
2012-06-28 13:11:28 -------- d-----w- C:\ProgramData\Acunetix WVS 8
2012-06-28 11:09:25 -------- d-----w- C:\ProgramData\hssff
2012-06-28 02:13:51 561992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor12.dll
2012-06-28 02:12:48 -------- d-----w- C:\ProgramData\Hotspot Shield
2012-06-28 02:12:44 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
2012-06-24 23:49:59 -------- d-----w- C:\Users\Digipro\AppData\Local\Apps
2012-06-24 23:49:57 -------- d-----w- C:\Users\Digipro\AppData\Local\Deployment
2012-06-23 11:33:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-22 14:33:44 -------- d-----w- C:\Users\Digipro\AppData\Roaming\IDM
2012-06-22 14:33:37 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2012-06-19 19:01:26 -------- d-----w- C:\ProgramData\Proxy Multiply
2012-06-19 18:45:53 -------- d-----w- C:\Program Files (x86)\Tweettank
2012-06-19 18:35:01 -------- d-----w- C:\Program Files (x86)\No Hands SEO
2012-06-19 17:38:59 -------- d-----w- C:\Users\Digipro\.websiteauditor
2012-06-19 17:36:44 -------- d-----w- C:\Users\Digipro\.linkassistant
2012-06-19 15:06:40 -------- d-----w- C:\Windows\System32\appmgmt
2012-06-18 11:50:38 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-06-18 10:29:06 -------- d-----w- C:\Users\Digipro\AppData\Local\Microsoft Games
2012-06-18 08:55:56 -------- d-----w- C:\Program Files\Windows Journal
2012-06-18 08:55:53 -------- d-----w- C:\Windows\ehome
2012-06-18 08:55:52 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
2012-06-18 08:55:52 -------- d-----w- C:\Windows\RemotePackages
2012-06-18 08:37:17 173568 ----a-w- C:\Windows\SysWow64\msirye32.dll
2012-06-18 07:09:01 -------- d-----w- C:\Users\Digipro\AppData\Local\{9F9058FE-CFAF-48A9-8CDD-5DF7DBC38A6E}
2012-06-18 05:26:12 -------- d-----w- C:\Users\Digipro\AppData\Local\Macromedia
2012-06-16 06:20:37 -------- d-----w- C:\Users\Digipro\AppData\Local\Downloaded Installations
2012-06-15 20:25:46 -------- d-----w- C:\Users\Digipro\AppData\Roaming\Affilorama
2012-06-04 19:07:37 -------- d-----w- C:\Users\Digipro\AppData\Local\Tube Bot
2012-06-04 13:02:17 -------- d-----w- C:\Users\Digipro\AppData\Roaming\ScrapeBox Link Checker Free Edition
.
==================== Find3M ====================
.
2012-07-02 12:22:19 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
2012-06-23 13:41:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 13:41:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 12:29:50 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-18 12:29:50 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 07:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 20:29:31.89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/16/2011 4:24:35 PM
System Uptime: 7/2/2012 8:22:07 PM (0 hours ago)
.
Motherboard: Acer | | Aspire 4736Z
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | uPGA-478 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 42.046 GiB free.
D: is FIXED (FAT32) - 116 GiB total, 38.068 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP111: 6/28/2012 9:40:35 AM - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
RP113: 6/28/2012 7:01:12 PM - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
RP115: 6/28/2012 11:00:16 PM - Removed Wiki Backlink Crusher.
RP117: 6/28/2012 11:02:24 PM - Removed Proxy Multiply
RP119: 6/28/2012 11:03:19 PM - Removed Tweettank
RP121: 6/29/2012 8:03:26 PM - Installed NP Checker
RP123: 6/29/2012 10:47:16 PM - Installed OpenVPN Client
RP125: 7/2/2012 11:14:28 AM - Removed Page One Infiltrator
.
==== Installed Programs ======================
.
.
A-Men Technologies USB-to-Serial
Acrobat.com
Acunetix Web Vulnerability Scanner 8.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Wireless LAN Client Adapter
Blog Profit Pro
Brother MFL-Pro Suite DCP-J125
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
DivX Setup
Facebook Messenger 2.1.4554.0
Facebook Video Calling 1.2.0.159
Google Chrome
Hotspot Shield 2.56
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 32
Junk Mail filter update
K-Lite Codec Pack 8.8.0 (Standard)
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
No Hands SEO
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
NoVirusThanks Anti-Rootkit (Free Edition) v1.2
NoVirusThanks Malware Remover Free 3.1
NP Checker
oDesk Team
OpenVPN Client
PE Explorer 1.99 R6
Phoenix Service Software 2008.04.007.32837
Photodex Presenter
Photodex ProShow Producer version 4.5
PL-2303 USB-to-Serial
PL-2303 Vista Driver Installer
ProShow Producer
Ralink RT2860 Wireless LAN Card
Rankbook_Facebook_FAP_v25
RoboForm 7-7-7-1 (All Users)
SEO SpyGlass
Skype Click to Call
Skype™ 5.10
Traffic Travis 4.1.0
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WampServer 2.2
WikiNukeCurator
WikiNukeCuratorSetup
WikiNukeLinkGrabber
WikiNukeStandard
WikiNukeStandardSetup
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
7/2/2012 8:22:26 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
7/2/2012 8:22:26 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
7/1/2012 9:19:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
7/1/2012 10:02:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
7/1/2012 10:02:54 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
6/30/2012 8:26:52 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/30/2012 10:10:53 AM, Error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/28/2012 5:51:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2012 5:51:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/28/2012 5:51:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/28/2012 10:12:54 AM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
afegleys32
Active Member
 
Posts: 3
Joined: July 1st, 2012, 9:33 pm
Advertisement
Register to Remove

Re: Help For Search Redirect Problem

Unread postby pgmigg » July 2nd, 2012, 10:16 am

Hello afegleys32,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help For Search Redirect Problem

Unread postby afegleys32 » July 2nd, 2012, 10:48 am

Thanks pgmigg.

I will be waiting for your further instructions.
afegleys32
Active Member
 
Posts: 3
Joined: July 1st, 2012, 9:33 pm

Re: Help For Search Redirect Problem

Unread postby pgmigg » July 2nd, 2012, 11:10 am

Hello afegleys32,
I didn't have success using several malware and anti virus tools.
Please do not Install, Remove , or Scan with anything on your system unless I ask, until we are done. Extra Additions and Removals of files make the analysis more difficult. Thanks.

RE: Microsoft Office Enterprise 2007
Can you tell me how this program came to be installed on your machine?

No anti-virus
Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


A good (pay for) Anti-virus program is ESET NOD32 Antivirus - 30 day free trial.

Installing a new AV product.
Do NOT uninstall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer desktop.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product, following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.

Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Please tell me, is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Step 1.
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  • Please download this tool from Microsoft and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click "Run" again and then click "Continue".
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 2.
WVCheck
  1. Please download WVCheck.exe and save it to your Desktop.
  2. Right-click WVCheck.exe and select Run as administrator... to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Step 3.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select Run as administrator..., then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please include in your next reply:
  1. Answers for my questions about type of using of your computer and source of the MS Office Enterprise 2007 installation.
  2. Do you have any problems executing the instructions?
  3. Contents of a log created by MGADiag.exe
  4. Contents of a log created by WVCheck.exe
  5. Contents of a log created by CKFiles.txt
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help For Search Redirect Problem

Unread postby afegleys32 » July 2nd, 2012, 7:03 pm

Please do not Install, Remove , or Scan with anything on your system unless I ask, until we are done. Extra Additions and Removals of files make the analysis more difficult. Thanks.


Sorry, I forgot that I uninstalled one program (No Hands SEO).

A.)

RE: Microsoft Office Enterprise 2007
Can you tell me how this program came to be installed on your machine?


Installed from a DVD but the software I guess was downloaded by my friend from his computer and transferred it to DVD so that I can installed it on my computer.

Please tell me, is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.


No it is not used for business purposes, it is used only at home but I am using it for SEO so there are some softwares that I installed from time to time.

B.) None

C.) MGADiag Log

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {266EE2A1-C708-4A52-A31E-8344DA6974DC}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_rtm.090713-1255
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Digipro\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{266EE2A1-C708-4A52-A31E-8344DA6974DC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-4157034456-2834884036-3150541352</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Aspire 4736Z </Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>V1.09</Version><SMBIOSVersion major="2" minor="4"/><Date>20090901000000.000000+000</Date></BIOS><HWID>0CBB3607018400F8</HWID><UserLCID>0464</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65560</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAgABAAIAAAACAAAABAABAAEAJJSEeOJr3ox6f4wR6KP0PgBu1F9o9v5wHrN6I0bK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS ACRPRDCT
FACP ACRSYS ACRPRDCT
HPET ACRSYS ACRPRDCT
BOOT ACRSYS ACRPRDCT
MCFG ACRSYS ACRPRDCT
ASF! ACRSYS ACRPRDCT
NSLI ACRSYS ACRPRDCT
SSDT PmRef CpuPm


D.) WVCheck Log

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0626_03-07-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
-----------------------
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Users\Digipro\Downloads\Programs\Windows.7.Home.Basic.E.OEM.keygen.zip
Size: 358096 bytes
Creation; 18/6/2012 15:7:58
Modification; 18/6/2012 15:7:59
MD5; 060b0cc5b107f748b3581aea6131e686
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------
C:\Windows\System32\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 7:36:22
Modification; 16/11/2011 16:30:56
MD5; 4c8273d1ac21a2ad2be1cd3070b95a44
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll.bak
Size: 13824 bytes
Creation; 14/7/2009 7:36:22
Modification; 14/7/2009 9:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 7:36:22
Modification; 16/11/2011 16:30:56
MD5; 4c8273d1ac21a2ad2be1cd3070b95a44
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll.bak
Size: 13824 bytes
Creation; 14/7/2009 7:36:22
Modification; 14/7/2009 9:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 14/7/2009 7:52:11
Modification; 14/7/2009 9:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 7:36:22
Modification; 14/7/2009 9:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
Missing: C:\Windows\system32\slmgr.vbs
Matched: %systemroot%\system32\slmgr.vbs
-----------------------


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - e8b0ffc209e504cb7e79fc24e6c085f0


-------- End of File, program close at 0640_03-07-2012 --------

E.) CKFiles Log

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\digipro\downloads\internet download manager v6.07.15\crack\idman.exe
c:\users\digipro\downloads\internet download manager v6.07.15\crack\regkey windows 32-bit.reg
c:\users\digipro\downloads\internet download manager v6.07.15\crack\regkey windows 64-bit.reg
c:\users\digipro\downloads\programs\windows.7.home.basic.e.oem.keygen.zip
c:\users\digipro\downloads\programs\idm\internet download manager v6.07.15\crack\idman.exe
c:\users\digipro\downloads\programs\idm\internet download manager v6.07.15\crack\regkey windows 32-bit.reg
c:\users\digipro\downloads\programs\idm\internet download manager v6.07.15\crack\regkey windows 64-bit.reg
c:\windows\prefetch\fbpwd cracker brute force 201-e4781715.pf
scanner sequence 3.CE.11.JSNAXV
----- EOF -----

F.) I tried doing search on google and the Redirect Problem is gone.


Thanks a lot...
afegleys32
Active Member
 
Posts: 3
Joined: July 1st, 2012, 9:33 pm

Re: Help For Search Redirect Problem

Unread postby pgmigg » July 3rd, 2012, 12:49 am

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software, including illegal versions of Windows 7 and MS Office, and you are actively using it.

So in accordance with our policy, we will not provide any further help.
See here: viewtopic.php?p=491395#p491395

This thread will be closed.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help For Search Redirect Problem

Unread postby NonSuch » July 3rd, 2012, 1:21 am

It is the policy of this site that our volunteers do not assist with computers on which pirated, counterfeit, and/or cracked software is installed. Therefore, this topic will be closed.

You are hereby strongly cautioned against attempting to circumvent this site's policies by starting a new topic for this computer in our Malware Removal forum.


This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware