# Cannot Access Any Search Engine

Jan 14, 2010
1. I have completed the 8-step process prescribe yet I am still unable to facilitate a search using either google or yahoo. Whenever I try to search using either search engine (whether through the site itself or each's toolbar) I am shown a page saying I cannot access the internet. I can still the yahoo home page itself, however I am unable to even reach the google home page. Additionally, this problem persists in both Internet Explorer and Firefox.I have attached the 3 logs asked for. Thanks for any help in solving this problem.

File size:
12.4 KB
Views:
3
File size:
127.3 KB
Views:
2
File size:
3.4 KB
Views:
3
2. ### BobbyeHelper on the FringePosts: 16,392   +36

Considering the amount of malware on the system, I'm surprised you can do anything! And if this is an example of how well the Verizon Security Suite protects you, you need to get rid of it and get some good security programs! It looks like you are paying them at least \$6 a month. Their program name is VISS and it's suppose to have everything you need for security!

You have a lot of ' Rogue' security programs. One of them is WindowsPCDefender. I don't know whether you installed them and they brought the malware or whether they installed themselves with the malware! Mbam has removed a lot, but it is amazing how many files are infected.

Let's see if we can clean any more of it out:
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

• Double click on the setup file on the desktop to run
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• Query- Recovery Console image

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
Notes:

• 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Then run this online scan:

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

The rescan with HijackThis.
Combofix report
Eset scan log
New HijackThis log.

We'll go from there.

3. ### top_model_guyTS RookieTopic StarterPosts: 93

Thanks Bobbye for all the help. Yeah, this computer is a mess--it's my sister's and I'm trying to help get her back up and running efficiently. I have followed each of your precedures and my google and yahoo search engines are now back up and runner. I have attached the requested logs...thanks for any further improvement.

File size:
20.6 KB
Views:
1
File size:
12 KB
Views:
1
File size:
1 KB
Views:
3
4. ### BobbyeHelper on the FringePosts: 16,392   +36

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
:Processes

:Services

:Reg

:Files
C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
---------------------------------------
Download the Norton Removal Tool and save it to the desktop. Don't run yet.

Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Double click on the Norton Tool to run. Follow onscreen prompts. (Note: you do not need a license key to uninstall)
-------------------------------------
Did you run Smitfraud at some point?

c:\windows\system32\VCCLSID.exe

5. ### BobbyeHelper on the FringePosts: 16,392   +36

Sorry- forgot a few entries in the HijackThis log: These are all optional removal. However it is recommended they be removed as Foistware:

You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player:

To remove, find and remove Viewpoint Media Player

Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
• Click on Start > Run and type: services.msc> OK
• Click the "Extended tab".
• Scroll down the list and find the service called "Viewpoint Manager Service"
• When you find the service, double-click on it.
• In the Properties Window > General Tab that opens, click the "Stop" button.
• From the drop-down menu next to "Startup Type", click on "Disabled".
• Now click "Apply", then "OK" and close any open windows.
• Click on Start > Settings > Control Panel >Add/Remove Programs
• Highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally, delete the following folders if they still exist: Open Windows Explorer> Programs:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder

Empty the Recycle Bin

You have the ZoneAlarm Spywareblocker installed. This comes pre-checked on the AskToolbar and/or with the ask,com search: Comments:
You have the Ask Toolbar installed, I would recommend you uninstall it - decide after taking a look at this article:

If you choose to remove it, uninstall it and delete this folder C:\Program Files\AskPBar

Uninstall on Windows XP:

You can easily uninstall the Toolbar using the instructions below for Windows Vista:

1. Close all open Web browsers
2. From the "Start" menu in Windows, select "Control Panel"
3. Under the "Programs" icon, select "Uninstall a program"
4. Select the program with the Ask logo and the text "Ask Toolbar" (or our partner’s brand for a custom Toolbar)
5. Click "Uninstall" and then "Continue" to remove the Toolbar