Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google and Yahoo search links are being redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google and Yahoo search links are being redirected

Unread postby endure » August 11th, 2009, 9:59 pm

Hello everyone. I have recently encountered a problem with my Google and Yahoo searches. Whenever I click on the links I am redirected to a different web site. I have scanned my system with Malwarebytes' Anti-Malware, AVG Anti-Virus and Spyware Doctor but I was unable to resolve the issue. I attempted to use Windows System Restore but it wasn't working. I would appreciate any help you can offer me.

Here are the contents of the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:59 PM, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\myname\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.52.216.216:80
R3 - URLSearchHook: (no name) - *_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{3806b089-6759-411d-b2c3-b7995a9f34d7} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: 63.251.217.130 audition.nexon.net
O1 - Hosts: 63.251.217.131 maplestory.nexon.net
O1 - Hosts: 63.251.217.132 www.nexon.net
O1 - Hosts: 63.251.217.140 billing.nexon.net
O1 - Hosts: 63.251.217.151 passport.nexon.net
O1 - Hosts: 63.251.217.165 adimage.nexon.net
O1 - Hosts: 63.251.217.166 nximage.nexon.net
O1 - Hosts: 63.251.217.170 msfile.nexon.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/Im ... oolbar.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://someonesname.dipmap.com:9000/cab ... r_8120.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://someonesname.dipmap.com:9000/cab ... e_8110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A10A95A3-0E2F-4A0D-928D-0E78D57D90E4}: NameServer = 71.250.0.12 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3F896A0-3E92-4517-961F-60FD6C48F052}: Domain = rutgers.edu
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8929 bytes

Thanks for your help.
endure
Active Member
 
Posts: 3
Joined: August 11th, 2009, 9:50 pm
Advertisement
Register to Remove

Re: Google and Yahoo search links are being redirected

Unread postby muppy03 » August 14th, 2009, 11:33 pm

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) along with any other P2P programs if installed as I will remove them in the process of fixing.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Can you also please post the Malwarebytes log from the scan that you have already run.
The log can be found here:-
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\[b]mbam-log-date (time).txt

Please reply with:-
  • Uninstall list
  • New HJT log
  • MBAM log from previous run
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Google and Yahoo search links are being redirected

Unread postby endure » August 15th, 2009, 1:14 pm

Thank you for your help but it seems that I have resolved this issue by using Windows System Restore. Would you recommend that I still follow through with your procedure even though my Google and Yahoo searches are no longer being redirected? Since the System Restore, all scans have come back clean from Malwarebytes' Anti-Malware, AVG Anti-Virus and Ad-Aware.
endure
Active Member
 
Posts: 3
Joined: August 11th, 2009, 9:50 pm

Re: Google and Yahoo search links are being redirected

Unread postby muppy03 » August 15th, 2009, 9:58 pm

endure wrote:Thank you for your help but it seems that I have resolved this issue by using Windows System Restore. Would you recommend that I still follow through with your procedure even though my Google and Yahoo searches are no longer being redirected? Since the System Restore, all scans have come back clean from Malwarebytes' Anti-Malware, AVG Anti-Virus and Ad-Aware.


I would hazzard a guess that there could still be infection on your computer, but the choice is yours. Let me know what you decide.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Google and Yahoo search links are being redirected

Unread postby endure » August 16th, 2009, 8:00 pm

I have decided not to go through with it. I'm sorry for any inconvenience I may have caused. Thank you for taking the time to help me.
endure
Active Member
 
Posts: 3
Joined: August 11th, 2009, 9:50 pm

Re: Google and Yahoo search links are being redirected

Unread postby muppy03 » August 16th, 2009, 8:02 pm

No Problems, thanks for letting me know :thumbright:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Google and Yahoo search links are being redirected

Unread postby NonSuch » August 16th, 2009, 9:42 pm

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware