Google Search Links redirecting me to other search sites

[Zeigh]

Evening, I have to make this sort for I don't have a lot of time.

I have been noticing recently that when I do google searches on my home computer, that I get redirected to other seach sites. I competed the 8-step Malware removal process and turned up some files in Mbam. naming: data.bot and backdoor.bot. I try running virus scans as often as I can and for awhile I havn't had any troubles up till now. please, if you would help me discover the problem and fix my computer for good

 

[cosmido]

hi,

No infection in hijackthis report !

IMPORTANT - Change all your account bank.. (and other ones) password..


Open HijackThis
• Select [Do a system scan only],
• Put a hook in front of each following lines,
• And press [Fix Checked].

Unnecessary items - Fix it.
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.eXE

Enable if you overclock your card. Else you can fix it.
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Fix it.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Zyis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab

>>>>>> Restart your pc.


• Delete this directory C:\Program Files\AskTBar
• And run a search (in ..\Program Files\.. and ..\document and settings\..) for other ..\Ask..\ directory to delete.

Update Adobe Acrobat
• Use Update Checker for checked regulary that kind of updates.

• Replace another HijakcThis report, but do it in normal mode, where all processus (and infection) run.

 

[Zeigh]

Done-And-Done

I have followed all of your following instructions and will include the new HijackThis log. Thank you so very much. This is such a blessing to me. I use my computer for banking on occasion and that was a main concern of mine. Thank for all you have done and all you are doing. Already i am noticing differences in how my computer is acting and starting up. Plus update checker works real well. i will use this from now on

 

[spehling]

try this

http://us.trendmicro.com/us/products/personal/CWShredder/

 

[Zeigh]

CWShredder

Thank you for the CWShredder. I will certainly put it to good use. do you know if there is anything to report in my HijackThis log? i ran the CWShredder and nothing came up in it so that's a Major PLUS. Thus far my Google searches aren't getting redirected anymore.

Thank you again so very much for all your guy's help with this. I appreciate it immensely

 

[cosmido]

Optimization for improve performance of PC.
With this, these process will be launch when them programs will be start.

• Open notepad (start menu -> Search, put notepad <Enter>)
• Copy/paste all (sc... in the Quote) lines in the notepad,
• Save what's into the notepad as ServMod.bat on your desktop,
• Run ServMod.bat

sc stop IDriverT
sc config IDriverT start= demand
sc stop JavaQuickStarterService
sc config JavaQuickStarterService start= demand
sc stop LVPrcSrv
sc config LVPrcSrv start= demand
sc stop LightScribeService
sc config LightScribeService start= demand
sc stop "NMIndexingService"
Sc config "NMIndexingService" start= demand
sc stop NVSvc
Sc config NVSvc start= demand

 

[Zeigh]

Okay, that was pretty cool. Didn't know you could execute those types of commands through notepad and to report now all of my banking information has changed and nothing was removed or transferred out of them. Thank you once again

 

[zivush]

Google resuls redirected to bulshit sites

Hi have the same problem:

Recently when i do google searches on my laptop I get redirected to other search sites.

I attached the hijackthis report. Run some malware program and found and removed some threats. Didn't helped the redirecting though.

Pleas help.

Thanks!

 

[cosmido]

zivush,

The log showed some's infections.

You should create your own topic.
Follow the procedure of this forum >> UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions.
Press "rignt now" this button ,for create your vew topic and post all Log.

 

[zivush]

Okay,
started a new thread
with a new logfile.
Thanks!

 

[Bobbye]

Zeigh, I'm going to intervene here. some of the entries you were told to remove are considered 'optional removals'. We give you the reasons why we suggest they be removed, but leave the decision up to you:

Askbar is one example.
Also, we don't go into "Unnecessary Items" when we do malware cleaning. Some of the entries don't need to start on boot, but that does not mean they need to be removed.

The terms "Unecessary Items" and "Fix It" are misleading and do not indicate why you are being told to do those things or if that is the correct way to do it.

Is there some reason you scanned with HijackThis in Safe Mode the first time? Did you use Safe Mode for the other programs also? I see the next HJT was in Normal Mode and THAT'S what removals should be based on.

Also, I don't see any indication of needing to run CWS.