Redirecting links, I'll join the club

[kubonics]

So my link keep redirecting on search engines. I followed the directions for the Preliminary Removal Instructions, and here are my logs, hopefully someone can help me.

 

[Bobbye]

You're running multiple antivirus programs: Avast and Norton. Please decide which you want to keep and remove the other. Reboot the computer when finished. here are tools to help with the program you want to remove. Download only one:
Avast Removal
Norton Removal Tool

You are using LimeWire and you have it set to start on boot. Please take it off of startup while I m helping you clean and I would encourage you to uninstall it for the following reasons:
P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall it for the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers
The system actually looks pretty good so let's dig a bit deeper:

Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please leave the Combofix report and Eset log in your next reply.

Oh- welcome to 'the club'!

 

[kubonics]

Nevermind the link worked.

 

[kubonics]

Here are the los you asked for. and I managed to fix the Norton problem with the link you provided, thanks.

 

[kubonics]

can anyone help? I managed to complete the 8 steps,, thanks

 

[kubonics]

Did I do something wrong, should I start over?

 

[Bobbye]

My apology for the delay. Family matters had to be attended to.

I mentioned multiple antivirus programs previously: Avast and Norton and instructed you to choose one of them and remove the other.

You are now running c:\program files\Panda Security and c:\program files\Trend Micro plus several Norton entries and you show Avast as the AV program so the multiple antivirus problem has not been handled..
Reboot the computer when finished.
=======================
Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::

Folder::
c:\program files\Panda Security
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\program files\Trend Micro
c:\documents and settings\Robert\Incomplete

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"= -
Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Please let me know if the redirect problem has been resolved.

 

[kubonics]

Thank you for responding. I know all of you moderators are super busy helping others with there computer issues. I hope everything is okay regarding your family matter. Well here is the log you requested. I copied the text you gave me and save it and then draged into combofix, but no luck yet, google links continue to redirect

 

[kubonics]

Ooops sorry, here it is, I'm all over the place today and this computer issue is not helping.

 

[Bobbye]

Downloading Hitman Pro was not the answer. You shouldn't be using any other cleaning progrms or scans while I'm helping you.
Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

KillAll::
File::
c:\windows\system32\drivers\hitmanpro35.sys

Folder::
c:\documents and settings\All Users\Application Data\Hitman Pro
c:\program files\Hitman Pro 3.5
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HitmanPro35"= -
Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Can you be a bit more specific about what's happening regarding 'redirects'?

Also, are you using LimeWire now?

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[kubonics]

Sorry about the whole hitman pro situation, I wont do anything else unless instructed to. So I followed your instructions but nothing happens with combofix, it says its scanning but takes forever and doesn't do anything, by forever I means hours. It looks frozen or stuck, any reason for this? It worked fine with the other script you gave me to drag onto combofix.

When I mean I am getting redirected I mean I search a specific topic on a search engine and when I click on the link I get redirected to an advertising site. I have to click the link about 2 times before I get to the actual site.

As far as Limewire, I am no longer using it, I deleted it when yo told me to delete all my p2p programs.

 

[Bobbye]

The script I left for you runs within the Combofix program. When finished, it produces a log. I need to see that log.

It is possible that Hitman messed up the cleaning.

 

[kubonics]

Sorry it took a while, here is the combo fix log you requested.

 

[Bobbye]

No problem. My router was out for 3 days so I'm catching up. Are you still having the redirecting problem?

I check your first post- it was about 6/23, so I looked at the dates in Combofix:

Right before that, on 6/19, you installed:
c:\program files\iPod
c:\program files\iTunes
c:\program files\Bonjour

And on 5/28 you installed:
c:\program files\QuickTime
\c:\program files\Apple Software Update
c:\program files\VideoLAN

and there is a lot of application data activity for the DivXPlayer. So we're talking a lot of music and movies.Within this same span, the system also shows c:\windows\system32\NtmsData.These files are used by the W2K operating system for backup to media. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;235032

So your system, with Windows XP either backup media or somehow activated a Win2K media backup.

1. Where did you get the music (other than iTunes) and the movies? There is application data from LimeWire on 5/28, so you continue to use it:
2. Did you notice the problem began after 5/28 or 6/19?

 

[kubonics]

It shows a lot of DL because I recently got my computered restored because it was attacked by some bad malware. Well, I got most of my music from soulseek a P2P program, and movies from Newsbin. I noticed the problem began shortly after I got the DIVX install. since it came with a "instal_NSS" norton security system file.

 

[Bobbye]

So you're most likely bringing in malware when you download from SoulSeek. And where did you download DivX from? IF that was a torrent site, that probably added to the malware.

I don't understand what is meant by the "install NSS". Where Were you being told to do that?

Seems to me that you have a good idea of where the malware came from. And my point in saying that is that if you're still using the sources of malware infections, you system will not get clean.

 

[kubonics]

Hmm..although I never had any problems with soulseek in the past, you do bring up very good points.

This all started happening when I downloaded DIVX. So it is possible that the stie I DL DIVX was not legit. the Install NSS was an icon that would not leave my desktop no matter how many times i would delete it. It was an "Installtion icon for Norton that i have no idea how it got there in the first place." Most likely came with the DIVX setup. I guess my mission now is to delete the dIVX setup and all of it's components and see what happens from there.

 

[Bobbye]

Norton can be removed. Here's some information about P2P/File sharing that you should know:

Even if you are using a "safe" P2P program, it is only the program that is safe.

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

Go ahead and do the uninstalls you want. Then rescan with Combofix and Eset. Hopefully removing a known source of malware will allow you to clean the system without more malware coming in the backdoor! If there are any 'left over' entries, they will show in these two programs and I can set up script to remove them.

Do not use any of the file sharing programs while we're cleaning if you decide to keep them. And don't run any other cleaning programs or scans.