Help with Google redirect

By jam71868
Aug 21, 2011
  1. Good morning. Thank you for this site and your help.

    I am getting redirected to various sites. I have read the sticky and am pasting the log results from malwarebytes software.


    Malwarebytes' Anti-Malware

    Database version: 6717

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19048

    5/29/2011 8:12:51 PM
    mbam-log-2011-05-29 (20-12-51).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 471707
    Time elapsed: 1 hour(s), 49 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kjEenXNPEgLSP (Trojan.FakeMS) -> Value: kjEenXNPEgLSP -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    c:\programdata\kjeenxnpeglsp.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    c:\Users\jamie\Desktop\photodex\photodex proshow producer 4.0.2477\Keygen\ppp4_keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\Users\jamie\downloads\setupplaysushi.exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\Users\jamie\AppData\Local\Temp\gosD9DC.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
    c:\programdata\45997816.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  2. jam71868

    jam71868 TS Rookie Topic Starter

    I should also add that I am running AVG Internet Security and it is updated... but it finds nothing.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the redirect.

    I don't know which sticky you read, but this is the one you need to follow:

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    You do not need to run Malwarebytes again. But you do need to stay away from the FunWebProducts site.
    c:\program files (x86)\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (PUP.FunWebProducts) ->
    Please uninstall any entry for this in Add/Remove Programs. Also remove entries for MyWebSearch.

    The free cursors, wallpaper, screen savers, icons, Smileys, etc. come with a price> malware.
    Advice you uninstall and delete any entries for this:
    c:\Users\jamie\downloads\setupplaysushi.exe (PUP.PlaySushi) -> this is a very 'dirty' program, hard to remove, bringing frequent malware.
    As for the following, we don't support piracy. Please remove the program and any pirated downloads:
    c:\Users\jamie\Desktop\photodex\photodex proshow producer 4.0.2477\Keygen\ppp4_keygen.exe
    Please note: I do not need the scan log from AVG at this time.
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Correct comment.
  5. jam71868

    jam71868 TS Rookie Topic Starter

    Thank you for your help.

    I searched and searched for the programs you mentioned at the locations you mentioned and found nothing.

    And those websites you mentioned... I have purposefully never been to them.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...