8 Steps Completed, but I'm still my search engine still redirects me

[missjane77]

Hello,

I've completed your steps after trying various others programs to no avail. I've completed your steps and fixed various issues, but I'm still having one issue. When I use internet explorer I'm redirected to others sites. Any help would be greatly appreciated. I've attached all logs.

Note: I used Super AnitSpyware prior to seeing your 8-steps, so I've included as I'm not sure if it might be helpful as well. The one labled"ur process" is the one that was done during the 8 steps, white the one labled "preprocesses" was completed before the 8 steps.

Thank you in advance!

 

[Bobbye]

Please reopen HijackThis to 'do system scan only'.[/b]. Check each of the following entries if present. Note: Do not click on "Fix Checked" until all of the entries have been checked:

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

Begin with this first entry below and check ALL of the other 018 Logitech Desktop Messenger:
O18 - Protocol: bw+0 - {5022091F-AFC9-406B-AF99-B6CC2B255456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
-------------------------------------through----------------------------------------------------
O18 - Protocol: offline-8876480 - {5022091F-AFC9-406B-AF99-B6CC2B255456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Then check the following:
O21 - SSODL: cfgproc - {48FCD7D4-FCB3-C755-1F90-0AAB24136288} - (no file)
O24 - Desktop Component 0: (no name) - http://mail.yimg.com/d/combo?/mg/js....js&bc/bc_2.0.4.js&/uh/js/uh-1.3.2.js

Close all Windows except HijackThis and click on "Fix Checked."

Start> Control Panel> Add/Remove Program and uninstall the Logitech Desktop Messenger.

Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.

Empty the Recycle Bin

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  
• Double click on the setup file on the desktop to run
• If prompted to download and install the Recovery Console, please do so.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

.
Rescan with HijackThis and attach new lgo and Combofix report to next reply.

Do you have any idea what these Services are for?
O23 - Service: MSSQL$MICROSOFTSMLBIZ MSSQL$MICROSOFTSMLBIZMcciCMService (MSSQL$MICROSOFTSMLBIZMcciCMService) - Unknown owner - C:\WINDOWS\
O23 - Service: MSSQL$MICROSOFTSMLBIZ MSSQL$MICROSOFTSMLBIZMcciCMService MSSQL$MICROSOFTSMLBIZMcciCMServiceSTCAgent (MSSQL$MICROSOFTSMLBIZMcciCMServiceSTCAgent) - Unknown owner - C:\WINDOWS\
O23 - Service: MSSQL$MICROSOFTSMLBIZ MSSQL$MICROSOFTSMLBIZwinmgmt (MSSQL$MICROSOFTSMLBIZwinmgmt) - Unknown owner - C:\WINDOWS\
I found this information:

The process mcci+McciCMService belongs to the software McciCMService or FlexFx or Adobe AIR or BT Wireless Connection Manager or OpenOffice.org by Motive Communications, Inc (www.motive.com).

The Service entries do not appears to be configured correctly.

 

[missjane77]

Thanks for you helps, here is whate happend:

Instead of deleting 19 files, I deleted 81 filesin O18.


When I went to remove the checks under the web tab none were hecked, so I went on to the next step.


My recycle bin was empty.

Once I ran ComboFix, it gave me an error. "This machine does not have the 'Microsoft Windows recovery console' installed Without it, ComboFix shall not attempt the fixing of some serious infections." Do I click yes or no?

I believe OS23 is ATT wireless internet, we used the flash drive once when our internet was down. Am I correct?

Again, thanks for your time trying to fix my headache.

 

[Bobbye]

Okay. I didn't count the 018 entries, but 81 is more likely than 17. How did you come up with '17'?

As for Combofix, there is a line in the instructions that says this:
If prompted to download and install the Recovery Console, please do so.
(Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

This is not an error. It is advising you that you do not have this and we recommend to that install it. Since you do not have a Recovery Console, you should install one: Run Combofix and when you get the prompts, follow this:
Install Recovery Console- Combofix:

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
  
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.