Search engine hijacked, please help

[tytoalba]

Hi. I'm hoping that someone can help me out. My computer is infected with a nasty little bug. Whenever I try to click on a websearch, regardless of search engine used or Mozilla or IE, when I click on the returned links, the browser skips past the actual link and throws me onto a random advertisement page. I've already run through the 8 steps, but nothing seems to get rid of the problem. Attached are my logs. Can anyone help me? Thanks! I really appreciate it!!

 

[tytoalba]

Can somebody please help me? Pretty please!? My computer is driving me crazy!

 

[kritius]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://128.227.161.164:81/VatDec.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)

 

[tytoalba]

Thanks so much for your help. The first three entries cleaned up without a problem, however the last one is proving a bit more difficult to get rid of:

O18 - Filter hijack: text/html - (no CLSID) - (no file)

This entry does not go away when I attempt to "Fix" it, and my web searches are still being hijacked. Any suggestions?

 

[kritius]

Run a fresh scan a post the log file back

 

[tytoalba]

Okay, here's my latest log...

 

[kritius]

go to start>Run and type regedit,

Go to here
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
Right click on text/html and delete it

Run Hijackthis, close all windows except it and then delete the entry if still there.

 

[tytoalba]

Hi. I tried to run regedit through the Run prompt on the Start menu, but I couldn't get it to open. It looked like it was trying to open, but then my desktop went blank and all of the icons popped back on again after a few seconds. I tried to navigate directly to "regedit.exe" and open it directly, but it still wouldn't run. So, I copied it and pasted it into a new folder and renamed "regedit.exe", then I could run it and delete. The "O18 - Filter hijack: text/html - (no CLSID) - (no file)" entry is now gone from my Hijack log (see attached). However, my Web Browser is still redirecting search links. Thanks again so much for your help. Any suggestions on how to proceed from here?

 

[kritius]

Run MBAM again and make sure you delete what it finds, this was not done previously.

Then post the log back here.

EDIT

While your waiting

Download RatsCheddar

It contains a program written by Rathat, and it is a Policy Controller.
Save and extract this program to the desktop.
Once extracted, Double click on the RatsCheddar.exe file.
Enable everything, then click Exit
Reboot your Computer.

 

[tytoalba]

This seems to have done the trick. I ran Malwarebytes again, and it picked up 2 bugs that it didn't detect the first time. I fixed these issues, and now everything is running smoothly (also ran RatsCheddar). Thank you SO much for your help! You guys provide an incredible service here!

 

[kritius]

Just to be on the safe side,

Run Kaspersky online scanner

With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed

Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.

Do not go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.



Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
  
• Once the scanner is installed and the definitions downloaded, click Next.
  
• Now click on Scan Settings
  
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  o Extended (If available, otherwise use standard)
  
  o Scan Options:
  
  o Scan Archives
  
  o Scan Mail Bases
  
• Click OK
  
• Under select a target to scan, select My Computer
  
• The scan will take a while so be patient and let it run.
  
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  
• Click the Save Report As... button (see red arrow below)
  
  
  
  
  
  
  
  
  
• In the Save as... prompt, select Desktop
  
• In the File name box, name the file
  
• In the Save as type prompt, select Text file (see below)
  
  
  
  
  
  
  
  
  
• Include the report in your next post.

Also lets try this again.

go to start>Run and type regedit,

Go to here
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\

And tell me whats there.