Hello there,
Please forgive my ignorance but I've never posted here or anywhere else for that matter. I have been trying to cure my redirect problem to no avail. I'm currently running Kaspersky's and have used many others in the past. I've seen mention of the 8 step process but can't seem to find it. I'm only moderately computer savy, but just not quite enough. Thank you for any help you can provide.

Hey Kevin

I am also experiencing the same problem. I just joined like 2 days ago. Anywho, the tech experts tend to be very busy now-a-days since it is near the holidays (one of the busiest time of the year). So you'll have to be patient.

However, if you want to help them help you, it would be beneficial if you did followed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
shown on http://www.techspot.com/vb/topic58138.html.

Note: you will have to post 3 logs (in txt format). One from malware antiware, one from superantispyware (free edition) and one from hijackthis.

Thank you very much for the direction. I'll get on it right away and post my logs, sit back and be patient. Thanks again and good luck to you.

Thank you carnage for spreading the word! Us elves are running s fast as we can! Hope you started a separate thread.

Kevin, we'll review the logs after you post them in next reply.

To both of you, Welcome To TechSpot. We thank you ahead for your patience.

Before we even begin, THANK YOU SO MUCH!! I've been at this for days and was seriously thinking it was about time to upgrade to a new machine. My lingering problem was that any search engine results appeared legitimate until one was selected. It would then redirect me to some undesired search engine(s). Before I used your 8-step process and software combo I had used the following;
AdAware
Symantec A/V Corp Ed
RegCure
Kaspersky's (locked up at 88% on full scan 5X)
Trojan Remover
Windows Defender
PC Tools A/V

Step 1 revealed 2 objects that were both repaired. I have revisited Google and the problem appears to be gone and I feel cured. Perhaps it's just a false sense of security. I have attached my logs as a precaution. Thanks again and I sincerely appreciate your devoted assistance and support.

Attached Files

	mbam-log-2009-12-15 (11-25-24).txt (4.3 KB, 3 views)
	SUPERAntiSpyware Scan Log - 12-15-2009 - 12-40-43.log (1.6 KB, 2 views)
	hijackthis.log (11.1 KB, 2 views)

Unfortunately, your false sense of security was just that! While Mbam has removed many malware files, the fact that you had that many is alarming! I see you're running QuickBooks- if you're going to have financial management on the system, you need to get better security control.

The only security program I see on the system is Avira antivirus. You should also have a firewall and at least 2 spyware/adware programs. You ran several of these before our 3 programs, but none are running now on the system. I will leave suggestions and links for these programs later.

The DNS Changer shows in Mbam but it appears to have been handled as it is not in the HijackThis log.

Please do not run any other cleaning or security program while I am helping you- only the ones I suggest.

Download SDFix HERE and save it to your Desktop.

• Double click SDFix.exe and it will extract the files to %systemdrive%
  (Drive that contains the Windows Directory, typically C:\SDFix)
  
  Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  
  Run SDFix
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Attach Report.txt back here

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Rescan with HijackThis when finished with the two program above.
Include SDFix Report, log from the Eset scan and new HijackThis scan in next reply.

NOTE: There is malware in the restore points. I'll have you remove those at the end- but for now, do not use the System Restore feature.

OK, regarding your initial comments, thank you for your input and concern. QB is currently only used to view old archives and not for current financial use. As to the running security, I was running Windows Firewall, Windows Defender, Symantec AV Corp, and lavasoft AdAware. Kaspersky's uninstalled those but I can put them back whenever you direct me to. I then removed Kaspersky's to run the Avira. I thought I was supposed to leave them disabled for the scan logs but they went right back on after. My only internet use has been to visit this site until my issues are resolved and security is restored. I don't think I had much action on those two addditional programs but Avira picked up another detection and I selected to delete it. Here are the logs you requested along with a very sincere thank you. You are very appreciated!!

PS, Avira does not like SDFix program at all but I choose ignore

Attached Files

	Eset log.txt (795 Bytes, 1 views)
	hijackthis.log (11.3 KB, 0 views)
	report.txt (6.0 KB, 1 views)

Okay, let's get the security cleared up- I think you misunderstood what I said. You left a long list of programs you had been using to try and clear up the redirect. But in doing that, it appears that you didn't understand about the scans:

Some anti-malware scans require you to disable your security to run the scan. If that it the direction, you should turn it right back on as soon as you're through. For Instance, the Eset scan reminds you to Re-enable your Antivirus software.

But multiple antivirus programs and/or multiple firewalls can actually make the system more vulnerable: so good, basic security is one good antivirus that updates regularly, one good firewall that listens at both incoming and outgoing attempts to access and at least 2 spyware/adware programs.

I want you to do that now because otherwise you leave the system very vulnerable to more malware: If you're pleased with Avira, leave it on:
Use an AntiVirus Software(only one)

• This can save you a lot of trouble with malware in the future.It should be kept updated and used to scan regularly.
• See This link for a listing of some online & their stand-alone antivirus programs:
  Virus, Spyware, and Malware Protection and Removal Resources

Use a good, bi-directional firewall(one software firewall)
See Understanding and Using Firewalls including links to download a firewall. We frequently recommend either Comodo or ZoneAlarm.

Consider these for the anti-malware programs

• [1]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
  
  [2]IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

Stay away from installing weather programs. Most of them have adware, some have Trojans. Clean out the temp files- malware gets in them and if you don't clean up, there it sits:

TFC (Temp File Cleaner)

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Please do this now, then we will continue with malware cleaning.

Reminder: Don't use System Restore- malware is in the restore points. I will have you remove them when the system is clean and set a new restore point.

rescan with HijackThis when you are through and leave a new log.

WOW!! That was a lot of info for a cherry like me. I think I got what you were saying before, I was just doing my best to avoid any complications caused from software conflicts. I am using Windows Firewall. Is that enough or are the ones you mentioned better? I dropped Kaspersky and will stick with the Avira for now although I may switch back to the Symantec Corp Ed A/V. I put the AdAware back on and added Spyware Blaster. Thanks for all the great links. I know you do an enormous amount of work behind the scenes to make everything so simple on my end. THANK YOU!! I deleted the SDFix because Avira kept alerting me it was a virus. I'm sure it's not but it made things a lot quieter around here. When adding AA and SB, I didn't perform any scans as you asked although they are updated and ON. Avira does run regularly as you know. I hope I've followed your directions as you have intended them so as not to be the guy who forces you to pull out your hair. Many sincere thanks again. Please find my 3rd HiJack Log for your review.

Attached Files

hijackthis.log (11.4 KB, 1 views)

Okay, looks better. I wouldn't normally start out like that, but I was concerned about the system being vulnerable. didn't make sense to remove something, then just get something else!

Please reopen HijackThis to 'do system scan only'. Check the following if present:

O21 - SSODL: repewoyot - {f7a75eb4-4a7b-47d4-b4bc-744e4bb583bb} - (no file)
O21 - SSODL: lomajepol - {2d042f06-20c5-4e58-8ba7-6da2f2de6cc2} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {f7a75eb4-4a7b-47d4-b4bc-744e4bb583bb} - (no file)
O22 - SharedTaskScheduler: jugezatag - {2d042f06-20c5-4e58-8ba7-6da2f2de6cc2} - (no file)

Close all Windows except HijackThis and click on "Fix Checked.."

I think you've "damaged" the malware with all the programs you ran, but there are still remnants present. Forgetting all the results when you ran all the programs, are you still getting the redirects? If so, are they any particular type of site or is it same site.

OK, Those 4 files are fixed (gone). I have not had a single episode (google or otherwise) since I did the 8 Step Process prior to my initial post. I have additional hits on the other various scans you directed me to perform, but no problems via IE at all. I was having a lot of lock ups and reboots before as well. So wha da ya think doc? Am I cured? Thank you so much for all your inputs and genuine care, I have really learned a lot through this process. Thanks again and Happy Holidays!

OK, Those 4 files are fixed (gone). As to the redirects, I have not had a single episode (google or otherwise) since I did the 8 Step Process prior to my initial post. When they were happening, it was limited to three or four but always through "UNIQUESEARCH8" first. I have has additional hits (detections and repairs) on the other various scans you directed me to perform, but no problems via IE at all. I was having a lot of lock ups and reboots before as well. Those are completely gone too. So wha da ya think doc? Am I cured? Thank you so much for all your inputs and genuine care, I have really learned a lot through this process, thanks for not making it be the HARD way. Thanks again and Happy Holidays!

Kevin please run one more HijackThis scan. If it's okay, I'll have you remove the cleaning tools and old restore points, and set new clean one.

No problem, here you go.....

Again and as always, Thank You So Much for all your help and support! You're awesome.

Attached Files

hijackthis.log (11.1 KB, 1 views)

You're welcome! Got one program to update:

You still have the Adobe Reader v5 and v7 on the system. These are vulnerabilities. Update to current v9.xx
Visit this Adobe Reader site to get the most current update. Uninstall any earlier updates as they are vulnerabilities.

To remove the cleaning tools:
Remove all of the tools we used and the files and folders they created

• DownloadOTCleanIt by OldTimer
• Save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.


You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

More details and screenshots for Disk Cleanup in Windows Vista can be found here.

Let me know if you need more help.

Wishing you a Happy Holiday Season!