Search engine results redirecting

By ruari
Oct 26, 2008
  1. hi,
    all my browsers are running very slowly and all search engine results keep being redirected to often unrelated pages. from reading other posts here, i assumed there is some sort of virus on my machine, so i tried a few free antivirus scans but with no real results.
    i would be very grateful if someone could tell me how i could rectify this problem?
    cheers, r
  2. almcneil

    almcneil TS Guru Posts: 1,277

    Sound like a type of spyware falled "web browser hijacking".

    Go to and download/install/run the following 3 antispyware utilities:

    • AVG 8.0
    • Ad-Aware 2008
    • Spybot Search & Destroy

    Repost with results.

    -- Andy
  3. ruari

    ruari TS Rookie Topic Starter

    cheers, ive run AVG 8.0 and Ad-Aware 2008, but spybot wouldnt install, so the problem is still here.any other ideas?
    thanks again
  4. almcneil

    almcneil TS Guru Posts: 1,277


    Rats!! Of the 3 anti-spyware utilities I recommended, it's Spybot that is the best at removing hijackers. Try restarting in Safe Mode and see if Spybot will install there. If you can't, you're in a pickle.

    Repost if you can't install Spybot in Safe Mode.

    -- Andy
  5. Wendig0

    Wendig0 TechSpot Paladin Posts: 1,092   +93

    While I am not the best at reading them, a lot of users here are very adept at reviewing "HijackThis" logs. Download HijackThis, run it, and post the results.

    Though it may not be the most advanced remedy for this particular problem, I have had the same problem you describe in the past, and a system restore to a date before the problems began cured it while most malware/spyware removal tools could not. It might work for you as well, but I still recommend creating a HijackThis report first.
  6. BillAllen55

    BillAllen55 TS Maniac Posts: 368

  7. ruari

    ruari TS Rookie Topic Starter

    i tried to install spybot in safe mode but it still wouldnt work
  8. almcneil

    almcneil TS Guru Posts: 1,277

    Then proceed to HijackThis and post your logs.

    -- Andy
  9. ruari

    ruari TS Rookie Topic Starter

    ive however installed HJT so hopefully this will help...

    the HJT log is as follows (i dont know if this helps) :
    moderator edit: log removed. logs should be posted as attachments, not copied pasted.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,340   +36

    We offer malware cleaning with instructions for disabling Real Time protection, updating Java if needed, running the malware programs and attaching the logs. You were given the URL by a member as:

    The HijackThis program is run AFTER the other cleaning programs, not before. We then check the logs for additional removals.

    Please read this: How to post your Hijackthis log-file as an ATTACHMENT

    Additionally, a server with IP is shown. This is in the Ripe Network. I cannot connect to their database at this time, but will try to ID the Netname later.

    Edit: I was finally able to access the Ripe database: IP is assigned as follows:
    netname: UkrTeleGroup
    descr: UkrTeleGroup Ltd.
    Country Code UA>> Ukraine

    IS this oYour ISP?
  11. ruari

    ruari TS Rookie Topic Starter

    attached are the requested logs:


    p.s. im dont know about the ISP
  12. BillAllen55

    BillAllen55 TS Maniac Posts: 368

    Follow this suggestion first:

    Once this has been accomplished it would then be helpful to the experts (myself NOT included) to then insert a copy of your hijackthis! log.
  13. momok

    momok TS Rookie Posts: 2,265

    Please boot into safe mode.

    Next, go to Start > run and type services.msc

    Search for "Windows Tribute Service" and set the start up type to 'disabled' (right click properties).

    Then run HijackThis and fix the following entries:
    Search for C:\Windows\system32\kdtde.exe and delete it.

    Reboot into normal mode, then scan and save a fresh HijackThis log. Post it here in your next reply.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,340   +36

    I'm going to let momok continue with these logs. But I want to point something out. There is an AV program and 2 spyware/adware programs being recommended by one member, in place of the cleaning programs that are recommended by TechSpot. Those 3 programs DO NOT do they type of cleaning we usually need here for heavy malware infections. They are programs that should be can on a system on a regular basis, but NOT used for the cleaning.

    Additionally, AVG has been beset by problems since v8 came out. It is NOT the recommended first choice for an AV program. Even AdAware has evolved to a less than satisfactory program over the years. I use or have used all three of these programs on 2 systems over a number of years.
  15. ruari

    ruari TS Rookie Topic Starter

    ok cheers, will do it now

    here is the requested new HJT log:

    the attachment wouldn't show up so here it is:

    moderator edit: log removed. logs should be posted as attachments, not copied pasted.
    (2nd Notice)
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,340   +36

    Gosh it's tough to go through a log when it's pasted in! What happened that it wouldn't attach?

    Anyway, hopefully momok can take you through this one:
    As you can see, it's still on the log. I see some have run ComboFix and still had it, then required script on Notepad and a regedit to get rid of it!

    I'd have Hijackthis remove these though:
    And once more:
  17. ruari

    ruari TS Rookie Topic Starter

    im not sure, i just kept attaching it, and it kept saying it was already attached, but i couldnt see it!
    im not sure how to find what my IP is?
  18. momok

    momok TS Rookie Posts: 2,265

    Hi, I believe that is your old log as it states 27-10-2008.
    Please run a new scan and save that log. Attach it here in your next reply. If you really can't then copy and paste. We'll (one of us mods) will help you attach it after that.
  19. ruari

    ruari TS Rookie Topic Starter

    it worked this time
  20. momok

    momok TS Rookie Posts: 2,265

    You should fix these:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    I dont see other bad items. How's your system running now?
  21. ruari

    ruari TS Rookie Topic Starter

    yh cheers, it seems tobe running a lot better
  22. momok

    momok TS Rookie Posts: 2,265

    Then you're gd to go.
    1. Please download and run CCleaner via step 3 of the instructions HERE.

    2. Turn off system restore (XP/ME only). Learn how to do that HERE.
      This will remove all the remaining nasties from your old restore points.

    3. After that turn system restore back on.
      This would have created a new safe and clean restore point for your system.

    4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
      May I recommend you to read this article.
      This can help to prevent future infections.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,340   +36

    momok, the site with the System Restore explanations, screen shots and directions for turning off System Restore is excellent. I'd like to pass something on that I learned from kimsland> it's particularly good for the 'after cleaning' process:

    This is not meant to replace the understanding of the System Restore process but I have found it helpful at the end of cleaning, along with removing the cleaning tools.
  24. momok

    momok TS Rookie Posts: 2,265

    Yep.. I always use it at the end of cleaning, thats why I posted it. =)
  25. kimsland

    kimsland Ex-TechSpotter Posts: 14,525

    I have now an easier option:



    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply

    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


    This was discovered around the same time I created the new guide:
    Control Panel Applets & Windows Shortcuts
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.