hi,
all my browsers are running very slowly and all search engine results keep being redirected to often unrelated pages. from reading other posts here, i assumed there is some sort of virus on my machine, so i tried a few free antivirus scans but with no real results.
i would be very grateful if someone could tell me how i could rectify this problem?
cheers, r

Sound like a type of spyware falled "web browser hijacking".

Go to http://www.download.com and download/install/run the following 3 antispyware utilities:

• AVG 8.0
• Ad-Aware 2008
• Spybot Search & Destroy

Repost with results.

Best,
-- Andy

cheers, ive run AVG 8.0 and Ad-Aware 2008, but spybot wouldnt install, so the problem is still here.any other ideas?
thanks again

Rats!! Of the 3 anti-spyware utilities I recommended, it's Spybot that is the best at removing hijackers. Try restarting in Safe Mode and see if Spybot will install there. If you can't, you're in a pickle.

Repost if you can't install Spybot in Safe Mode.

Best,
-- Andy

While I am not the best at reading them, a lot of users here are very adept at reviewing "HijackThis" logs. Download HijackThis, run it, and post the results.

Though it may not be the most advanced remedy for this particular problem, I have had the same problem you describe in the past, and a system restore to a date before the problems began cured it while most malware/spyware removal tools could not. It might work for you as well, but I still recommend creating a HijackThis report first.

Please during your cleaning process review the excellent 8-step process from Tech-spot found here:
http://www.techspot.com/vb/topic58138.html

i tried to install spybot in safe mode but it still wouldnt work

Then proceed to HijackThis and post your logs.

Best,
-- Andy

ive however installed HJT so hopefully this will help...

the HJT log is as follows (i dont know if this helps) :
[COLOR="Red"]moderator edit: log removed. logs should be posted as attachments, not copied pasted.[/COLOR]

We offer malware cleaning with instructions for disabling Real Time protection, updating Java if needed, running the malware programs and attaching the logs. You were given the URL by a member as:
http://www.techspot.com/vb/topic58138.html


The HijackThis program is run AFTER the other cleaning programs, not before. We then check the logs for additional removals.

Please read this: How to post your Hijackthis log-file as an ATTACHMENT
http://www.techspot.com/vb/topic19133.html

Additionally, a server with IP 85.255.112.113 is shown. This is in the Ripe Network. I cannot connect to their database at this time, but will try to ID the Netname later.

Edit: I was finally able to access the Ripe database: IP 85.255.116.214 is assigned as follows:
netname: UkrTeleGroup
descr: UkrTeleGroup Ltd.
Country Code UA>> Ukraine

IS this oYour ISP?

attached are the requested logs:

cheers

p.s. im dont know about the ISP

Attached Files

	mbam-log-2008-10-28 (21-59-16).txt (2.8 KB, 2 views)
	hijackthis.log (7.2 KB, 4 views)
	SUPERAntiSpyware Scan Log - 10-28-2008 - 12-26-21.log (1.9 KB, 2 views)

Once this has been accomplished it would then be helpful to the experts (myself NOT included) to then insert a copy of your hijackthis! log.

Please boot into safe mode.

Next, go to Start > run and type services.msc

Search for "Windows Tribute Service" and set the start up type to 'disabled' (right click properties).

Then run HijackThis and fix the following entries:Search for C:\Windows\system32\kdtde.exe and delete it.

Reboot into normal mode, then scan and save a fresh HijackThis log. Post it here in your next reply.

I'm going to let momok continue with these logs. But I want to point something out. There is an AV program and 2 spyware/adware programs being recommended by one member, in place of the cleaning programs that are recommended by TechSpot. Those 3 programs DO NOT do they type of cleaning we usually need here for heavy malware infections. They are programs that should be can on a system on a regular basis, but NOT used for the cleaning.

Additionally, AVG has been beset by problems since v8 came out. It is NOT the recommended first choice for an AV program. Even AdAware has evolved to a less than satisfactory program over the years. I use or have used all three of these programs on 2 systems over a number of years.

ok cheers, will do it now

here is the requested new HJT log:

the attachment wouldn't show up so here it is:

[COLOR="Red"]moderator edit: log removed. logs should be posted as attachments, not copied pasted.[/COLOR]
[COLOR="DimGray"](2nd Notice)[/COLOR]

Attached Files

ruari-HJT-Log.txt (7.1 KB, 1 views)

Gosh it's tough to go through a log when it's pasted in! What happened that it wouldn't attach?

Anyway, hopefully momok can take you through this one:
As you can see, it's still on the log. I see some have run ComboFix and still had it, then required script on Notepad and a regedit to get rid of it!

I'd have Hijackthis remove these though:
And once more:

im not sure, i just kept attaching it, and it kept saying it was already attached, but i couldnt see it!
im not sure how to find what my IP is?
cheers

Hi, I believe that is your old log as it states 27-10-2008.
Please run a new scan and save that log. Attach it here in your next reply. If you really can't then copy and paste. We'll (one of us mods) will help you attach it after that.

it worked this time

Attached Files

hijackthis.log (7.1 KB, 2 views)

You should fix these:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

I dont see other bad items. How's your system running now?