8 Step search result hijack help

My search results are hijacked here are the two log files, im running the malware now...

looking at the other threads i downloaded and ran combofix and here is that log and the malware log too.

i did read the sticky about combofix. Now the search results seem to be working, but i would still greatly appreciate someone looking into the logs. Thank you.

Its messed up still... still not working.

Describe what's not working, and if you read the combofix topic, you would know NOT to have run it with out having someone advise you. Let me analyze your HijackThis logs, please be patient.

Here are the nasty files you should delete using HijackThis:

• O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
  [*]O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  [*]O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  [*]O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
  [*]O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllExtra Protocols

Just curious as to how you came to the conclusion that O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe was a nasty file.

According to my research

Sorry. I deleted those files using the hijack this. Is there something else i need to do now? Run all them again? Thank you so much. I really appreciate it.

new hijack this log:

Are your search results still getting Hijacked?

Disable (or uninstall) Spybot S&D
Open HJT Scan Only and place a tick in the following entry box
Close all Internet browsers and select FIX

Un-install Combofix

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK
• Any popup errors about Antivirus just ok or close

Note: 1 space after ComboFix in that uninstall command



Uninstall SUPERAntispyware
Start > Control Panel > Add/Remove Programs > SUPERAntispyware > Uninstall



Update Java and remove older Java versions
Run JavaRa
This will remove all your old Java stuff (that is not required)
It will also help you check for new Java updates Runtime updates
Or just go here and auto check: http://java.com/en/download/installed.jsp?detect=jre&try=1



Download and run TFC http://oldtimer.geekstogo.com/TFC.exe
Your computer may need to Restart



Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter

• Tick on the checkbox - Turn off System Restore on all drives
• Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


Restart, and let me know how its performing

yes, no matter what i click it does... it first comes up with this most the time:
http://www.adcloudmedia.com/denyPage1.html

then to this:
http://www.informationgetter.com/search-results.aspx?keywords=truck

Its all over... its the same alot though.

You may want to update to a more secure Hosts file
There's lots of important info on that here: http://www.mvps.org/winhelp2002/hosts.htm
As it's difficult to see the actual download, here it is: http://www.mvps.org/winhelp2002/hosts.zip
Important! Windows Vista requires special instructions: http://www.mvps.org/winhelp2002/hostsvista.htm

Simply download the hosts.zip file, extract, then run mvps.bat, then restart

Then restart, and test browsing the Internet again

now when i click on a link it goes to the same page...

http://kc.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52593&x=rkWBmPxg29RROV:Z0mjf66fFBAMGWfjOgUWuXSgJCVXB5UfoRSg3mByvnfDOkmsR4P0zIkMxQ8WxnSjU4ffQ8QkV990jFG7mLSXCWuibNBMhhGDItGJF3an3xk7KEc35KYXOMfsoImRTpVyjjtxl36QS2Axa15;ZK6xwdGl8HPMCE3kHpPZDxmfX4MWX7wZ:awWWg5u$n

Try this


Download Combofix again

Combofix:

• Download Combofix to your desktop.
• Disable your Antivirus (as Combofix will remove any found malwares)
• Double click ComboFix & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here

Also restart and provide a fresh HJT Scan log

HJT log still not working.... man id love to get my hands on who ever comes up with this stuff. this is before combofix...

There are no issues in your HJT log

You could remove all these, note: they are authentic entries, but do not need to be starting with Windows:
Run HJT Scan Only, Close all Internet Browsers
Select all of the following and then select FIX, then Restart

here is the newest hjt log and combofix log

still getting this with search results
http://www.adcloudmedia.com/denyPage1.html

The HJT log is not complete, something went wrong? Note you are following what I ask, to restart, so forth?

Also, were all these disabled before running all of the above?

• SpywareGuard
• Spybot Search & Destroy
• Windows Defender

As per the 8 Step Guide (Disable real time protection of other programs)
Personally I'd say uninstall those 3, as they haven't helped you anyway!
Actually you may as well uninstall SUPERAntispyware, whilst you are at it

I think after restart, you should startup Malwarebytes; update it again and run a quick scan
If anything is found, please remove it at the end of the scan (and also provide the log)
Then Restart (I know, but Windows requires a Restart all the time!)
Then run a fresh HJT Scan log, and provide the attachment again

malwarebytes didnt find anything....