Inactive Browser hijacked in search

[tmmmandm]

my browser is hijacked whenever i do a search
sometimes the first click works ok, but every subsequent search is jacked to some spammy page

I have cleaned the system for 4 days with every tool at my disposal. All scans come back clean, yet this hijacking still occurs

I tried to upload my 3 files here, but this system wont allow it. says i already uploaded here:
https://www.techspot.com/vb/post876322-44.html

Please help

 

[Bobbye]

I will check the logs and handle them on this thread. I've asked the moderator to move the logs to this thread.

 

[Bobbye]

This is most likely the problem:
O18 - Filter hijack: text/html - {20aaac1e-cd9f-4fe4-9b75-d4b99a7d0e24} - C:\WINDOWS\system32\mst123.dll
MST123.DLL = (Adware.Vundo/Variant-MSFake)

It is usually found in Superantispyware, but got through yours. There were also 2 Favorites that were infected. If you still have either of these, please delete them:
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\TRISH\FAVORITES\HOME\AFFILIATES\PUBLISHERS.URL
C:\DOCUMENTS AND SETTINGS\TRISH\FAVORITES\HOME\TOOLS\KEYCODE.DIRECTTRACK.URL

Please run the following programs:
Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  
• Double click on the setup file on the desktop to run
• If prompted to download and install the Recovery Console, please do so.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

.
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

You also need to reset the Cookies to prevent the Tracking Cookies. It appears that you don't remove them:
Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

Please leave the Combofix report and Eset AV scan in your next reply.

Please don't run any other cleaning program or scanners while I am helping you unless I instruct you to. Don't run a Registry cleaner or make any changes to the Registry.

 

[Bobbye]

Due to inactivity, this thread is being closed. If the original member needs further help with this, please send a PM to the helper and the thread can be reopened.