TechSpot

Google Search Links redirecting me to other search sites

By Zeigh
Jul 14, 2009
  1. Evening, I have to make this sort for i don't have a lot of time.

    I have been noticing recently that when i do google searches on my home computer, that i get redirected to other seach sites. I competed the 8-step Malware removal process and turned up some files in Mbam. naming: data.bot and backdoor.bot. i try running virus scans as often as i can and for awhile i havn't had any troubles up till now. please, if you would help me discover the problem and fix my computer for good
     

    Attached Files:

  2. cosmido

    cosmido TS Rookie Posts: 20

    hi,

    No infection in hijackthis report !

    IMPORTANT - Change all your account bank.. (and other ones) password..


    Open HijackThis
    • Select [Do a system scan only],
    • Put a hook in front of each following lines,
    • And press [Fix Checked].

    Unnecessary items - Fix it.
    R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - *{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.eXE

    Enable if you overclock your card. Else you can fix it.
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    Fix it.
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Zyis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab

    >>>>>> Restart your pc.


    • Delete this directory C:\Program Files\AskTBar
    • And run a search (in ..\Program Files\.. and ..\document and settings\..) for other ..\Ask..\ directory to delete.

    Update Adobe Acrobat
    • Use Update Checker for checked regulary that kind of updates.

    • Replace another HijakcThis report, but do it in normal mode, where all processus (and infection) run.
     
  3. Zeigh

    Zeigh TS Rookie Topic Starter

    Done-And-Done

    I have followed all of your following instructions and will include the new HijackThis log. Thank you so very much. This is such a blessing to me. I use my computer for banking on occasion and that was a main concern of mine. Thank for all you have done and all you are doing. Already i am noticing differences in how my computer is acting and starting up. Plus update checker works real well. i will use this from now on
     
  4. spehling

    spehling TS Rookie Posts: 54

  5. Zeigh

    Zeigh TS Rookie Topic Starter

    CWShredder

    Thank you for the CWShredder. I will certainly put it to good use. do you know if there is anything to report in my HijackThis log? i ran the CWShredder and nothing came up in it so that's a Major PLUS. Thus far my Google searches aren't getting redirected anymore.

    Thank you again so very much for all your guy's help with this. I appreciate it immensely
     
  6. cosmido

    cosmido TS Rookie Posts: 20

    Optimization for improve performance of PC.
    With this, these process will be launch when them programs will be start.

    • Open notepad (start menu -> Search, put notepad <Enter>)
    • Copy/paste all (sc... in the Quote) lines in the notepad,
    • Save what's into the notepad as ServMod.bat on your desktop,
    • Run ServMod.bat
     
  7. Zeigh

    Zeigh TS Rookie Topic Starter

    Okay, that was pretty cool. Didn't know you could execute those types of commands through notepad and to report now all of my banking information has changed and nothing was removed or transferred out of them. Thank you once again
     
  8. zivush

    zivush TS Rookie

    Google resuls redirected to bulshit sites

    Hi have the same problem:

    Recently when i do google searches on my laptop I get redirected to other search sites.

    I attached the hijackthis report. Run some malware program and found and removed some threats. Didn't helped the redirecting though.

    Pleas help.

    Thanks!
     
  9. cosmido

    cosmido TS Rookie Posts: 20

  10. zivush

    zivush TS Rookie

    Okay,
    started a new thread
    with a new logfile.
    Thanks!
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Zeigh, I'm going to intervene here. some of the entries you were told to remove are considered 'optional removals'. We give you the reasons why we suggest they be removed, but leave the decision up to you:

    Askbar is one example.
    Also, we don't go into "Unnecessary Items" when we do malware cleaning. Some of the entries don't need to start on boot, but that does not mean they need to be removed.

    The terms "Unecessary Items" and "Fix It" are misleading and do not indicate why you are being told to do those things or if that is the correct way to do it.

    Is there some reason you scanned with HijackThis in Safe Mode the first time? Did you use Safe Mode for the other programs also? I see the next HJT was in Normal Mode and THAT'S what removals should be based on.

    Also, I don't see any indication of needing to run CWS.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...