Google Search Results Redirected Also - 8 steps completed

[ddave]

Just noticed a couple of days ago that Google search results are being redirected in FF 3.0.15.

I had recently run a program that showed up as a Trojan in the Malware scan - MasterWebGraphics.exe.

Yesterday I updated McAfee anti-virus and ran a full scan which found a bunch of stuff.
Completed 8 steps and I'm attaching logfiles from other progs.

Dave

 

[kimsland]

Lol its not looking that good

By the way, you need to remove all found Malwares at the end of the Mawarebytes QUICK 5min or 10 minute Updated scan

And you have SP2 for some reason? You know SP3 has been out for a long time now. All is fine

And McAfee Obviously is not helping you (at all) I'd uninstall it, and try a better Antivirus (IMO) and that's Free Avira

But regarding your HJT log, start by running IE Reset Fixit Tool:

Or manually from here https://www.techspot.com/vb/post682762-2.html



And I'd suggest installing an updated HOSTS file (immediately) Here's one:
You may want to update to a more secure Hosts file
There's lots of important info on that here: http://www.mvps.org/winhelp2002/hosts.htm
As it's difficult to see the actual download, here it is: http://www.mvps.org/winhelp2002/hosts.zip
Important! Windows Vista requires special instructions: http://www.mvps.org/winhelp2002/hostsvista.htm

Simply download the hosts.zip file, extract, then run mvps.bat, then restart

[Important Notice - 2K/XP/Vista Users]
In most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs
in W2000 and XP. Windows 98 and Windows ME are not affected.

To resolve this issue (manually) open the "Services Editor"

Start | Run (type) "services.msc" (no quotes)
Scroll down to "DNS Client", Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, click Apply/Ok and restart.

Then restart, and test browsing the Internet again

You can then provide a new Malwarebytes and HJT log if you like
But I don't have time this weekend to check your logs (especially with McAfee installed)

I hope this helps to get you going at least

 

[ddave]

Thanks - done that - new logs

OK, installed the hosts file suggested.
Have not updated to SP3 since I decided against for some reason after reading the release notes - need to revisit that to figure out why.
Tried the IE Reset, but got something like "this tool doesn't apply to your OS version" also got a strange new Firefox window with about 10 tabs, most of which were page load error - maybe the new hosts file blocking stuff?
Ran a new quick malware scan and removed the 1 item it found - I removed everything found on a previous scan, must have saved the log before I removed stuff. Log attached.
New HJT log attached.

Just got two new Firefox windows with 10 tabs each - 5 tabs with page load error with weird URLs like http://www.+.xn--3-dga/
and 5 tabs showing file:///C:/Program%20Files/Mozilla%20Thunderbird/

 

[ddave]

Forgot to mention - Google Redirect Gone

After the previous steps, the redirect on Google search results in Firefox has gone away. However I saw several new Firefox windows with 10 tabs, 5 page load errors and 5 file:/// urls displaying the contents of my disk.

Dave

 

[kimsland]

Oh: Internet Explorer v6.00 Very old now

Oh dear

Run HJT Scan only and place a tick in the boxes next to these, then close all Internet Browsers, and then select FIX:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.elliottician.com/ret?437...938264645438663701727363577187740725853600749

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {9D7CD2D3-CFB3-4C94-9925-65910FD6524D} - (no file)
O3 - Toolbar: (no name) - {62AA2700-4304-479D-80B3-B8715D4D3BD9} - (no file)

O4 - HKLM\..\Run: [wF3O3pX] nlhvol32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O20 - Winlogon Notify: dosad - C:\DOCUME~1\DIANAN~1\LOCALS~1\Temp\dasod.dat (file missing)
O20 - Winlogon Notify: vgasys - C:\DOCUME~1\Dave\LOCALS~1\Temp\sysagv.dat (file missing)

Restart

And I must go
Oh it still looks too bad to me, like not worth fixing, I would highly suggest clean install and then update Windows Security Updates (its like we are working off a computer from 3 years ago)

 

[ddave]

Done - still Have the redirect

Did the above - except the driveletter one - I have an E: drive and was worried that might break.

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

Anyway, after rebooting, the Google redirect is back in Firefox, but the redirects fail to connect.
I use IE6 since I need to make sure my websites run ok in that browser.
But it doesn't redirect Google results like Firefox does.

 

[ddave]

Correction - IE6 does redirect G results, it's just every other result is redirected, same in Firefox.

 

[kimsland]

• Download Combofix to your desktop.
• Disable your Antivirus, or just allow everything
• Double click ComboFix & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here
• together with a fresh HJT log. But restart first before creating this log

Do note that running Combofix will also reset the HOSTS file back to defaults again
So you need to run that "Bat" file again afterwards (ie there may be two restarts in this )

 

[ddave]

Ran ComboFix

I ran ComboFix and attached the log and new HJT log.
I reinstalled the HOSTS file as you suggested.

Some other things I now remember -

I have had intermittent freezes, usually when I was typing something - cursor just freezes and it requires a hard reset to reboot.

I also have a boot menu that I access via F12 that sometimes reports keyboard failure or stuck key.

Both these symptoms are new within the last month.

 

[ddave]

Redirect issue is still present after running ComboFix.

 

[kimsland]

Please run an online scan with ESET Online Scanner
Download here: http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
And run
Please save the log before uninstalling ESET

 

[ddave]

Eset Log

Ran Eset - log attached

 

[ddave]

Redirect Is Gone!

I didn't realize it after running ESET but I think the redirect is gone!
I think I was looking at browser cache - once I cleared that, links started working correctly again.

Thankyou thankyou thankyou!

Dave

 

[kimsland]

No probs DDave

You actually had an oldie but goodie (well, bady) Virtumonde
It was caused by having Limewire installed and using this file sharing P2P program (its quite common)

Are you planning on continuing to use Limewire?
If so, then things such as not updating Windows Security Updates, and getting infected will continue to happen.

Many users use Live Linux BootCds if they use P2P, but certainly things like Data and personal info, whilst using P2P programs with unsecured Windows will never work.

There's a lot more to do with your Windows to get it secure and safe, but it really starts with you

 

[ddave]

Limewire

I don't use Limewire - it's a relic from when my daughter used the computer I think
Should I just uninstall it through add/remove progs or is there anything special I should do?
Any other dubious apps you noticed? What else do I need to do? You had recommended ditching McAfee and using Avira - should I start there?

Dave

 

[ddave]

Automatic update is recommending IE8 and Windows Malicious Software Removal Tool installs.
I can use IE6 on another machine I guess, so can go with these two. Also I need to find the release notes for SP3 and see why I didn't want to install that.

 

[kimsland]

Also I need to find the release notes for SP3 and see why I didn't want to install that.

I've fully read the notes, there is absolutely no reason not to do this "Security Update" of SP3

What is important, is making sure your computer is ready for SP3
And the best first policy is Malware free
Yes uninstall any/all P2P programs
Yes (I say yes) uninstall large resident protection software packages, such as McAfee (note: I have updated with Avira installed, all went well)

In saying this, if I had you computer with me - I would backup all data, and install Windows clean, then update to SP3
Doing so is the safest alternative to long winded trying to get clean.
How do you feel about that?

Also, instead of double posting (and me getting multiple email responses, of which I delete !!) Please use "Edit" to add to your post IF your post is still the last post in the Topic. Even whilst writing back to your here, I am concerned that you may be creating more new replies, which just causes confusion.

 

[ddave]

I spoke too soon - the redirects are back!

 

[kimsland]

Yes, we are still a long way from confirming clean
Then you need to remove all the tools we installed
Then you need to tidy up a bit with System Restore and other updates (ie Java security updates) and more
Then confirm you are safe with support quoting good Internet practices and other free programs
Then re re confirm all is ok
(extra part) Then update your Windows fully (and Internet Explorer and others)
Then confirm all is ok with that
Then maybe do some cleaning up again (startups and temp files, that type of thing)
Then at last all is ok

My feeling is, don't do it.

Just backup, and install clean
Update everything
All done

Oh and you didn't answer if this is what you want to do or not
But (honestly) I'm already tired of this topic, maybe someone else can take over the cleaning of Malware, if you decide not to clean install

 

[ddave]

Issues with SP3 were disk space and backups - I have plenty of disk space on a new 1TB drive so I can free up space on my C drive.
Doing a fresh WIndows install means reformat the drive and I would need to reinstall everything?
I have about 3 years worth of crud a lot of which I still need, and a hodge podge of piecemeal backups. I would also need to find my XP CD.
I can backup my C: drive (75GB almost full) to my E: drive (1TB almost empty) - and possibly also via ftp to one of my hosting accounts - maybe critical data only.
Any recommendations on free backup software? Acebackup looks like it might do the job.

 

[kimsland]

I would also need to find my XP CD.
I can backup my C: drive (75GB almost full) to my E: drive (1TB almost empty)

Yes that would be best
ie Copy then Paste
No software is required, you copy a data folder, then paste it somewhere else
No software required

I note I had the same issue as you, 2 million programs, and data in just about every location I could put it

All data is now in one location (yes MS got it right, My Documents does work)
And I thought I really don't need all those programs (especially since I use free programs for most everything now)

The only issue is games, what I did was backed up my entire 60Gig of games at the time (I note that Users now could have hundreds of gigs on games alone)
And guess what? I removed the partition(s) (you don't actually need to "format" as such)
Then installed Windows clean. OMG System boost, beyond my wildest dreams