Google redirects to random links

By sierralm · 7 replies
Sep 11, 2008
  1. Also my internet is very slow and my computer freezes frequently. Any help would be appreciated. :) Thanks

    My HJT log is attached it was too long to post on here.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You are highly infected with malware. You are also overloaded with startup entries that are slowing you down as they are running in the background. Please follow the following steps for cleaning. When through, re-run HijackThis and attach ALL logs:

  3. sierralm

    sierralm TS Rookie Topic Starter

    Sorry that it took so long to respond back. My computer wouldn't let me download any programs or log onto this site. Here are all the requested logs attached.

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    I hope you save the mbam log, because I want you to open it and see the malware it cleaned out! You had something of just about everything out there. Look at the sites that were infected. You obviously don't have adequate security to protect the system.

    You need to have SuperAntispyware remove ALL the Tracking cookies. You need to change your Cookie settings. One of the best add-ons for Firefox is AdBlock Plus. This will prevent many of those from getting on the system, But I want to to look at that log also so you can be aware of the sites where you are picking up theses things.
    AdBlock Plus:

    "High Priced\Application Data"- bad! Every Tracking Cookie I've ever heard of is on your system through that! It means that network is making their money by putting junk on systems. ALL of the Tracking Cookies were delivered through them.

    Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below:
    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Sage Mode:.
    Right click on Start> Explore> Windows> System32> delete the following if found:
    Control Panel> Add/Remove Programs> highlight and install the following if found:
    After that, Reboot, and post a new HijackThis log here in a reply
    Please also run MAM to make sure the entries have been removed. Attach the log also.

    Edit: I forgot to add- it appears you have two different printers on Startup:
    O4 - HKLM\..\Run: [SetDefaultPrinter] "c:\hp\bin\cloaker.exe" c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe

    You don't need "either" printer to start on boot. You can start it manually when you need it. Inckude the three process above in items for HijackThis to remove. Then go into the Control Apnel> Administrative Tools> Services> chenge the LExmakr Server to Manual Startup type> Apply> OK.
  5. sierralm

    sierralm TS Rookie Topic Starter

    I did everything you said but I couldn't find those three files or Seekmo. Is it also a problem that I have multiple computer accounts on this computer? There are four different ones. Thank you so much for the help. Also you said previously that I'm not well protected what are some good programs? Is Spy Sweeper a good one?
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Looks pretty good. Still a couple of process running for auto-updates:
    Have HijackThis remove these: Check the entries below:
    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Safe Mode:
    Start> Run> type in 'msconfig' without the quotes> enter> Selective Startup> UNCHECK Adobe, Real Player, HP, Limewire and Java. You should then have only Norton and Spysweeper checked. IF you have a laptop, a process for the touchpad needs to start> Apply> OK

    Disable this: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    Control Panel> Java> Update tab> UNCHECK 'automatically check for updates> Apply> answer Yes> OK.
    Do the same for Adobe and Real Player,, also HP in the programs themselves

    Reboot into Normal Mode. You will get a nag message that can be closed after checking 'don't show this message again'. stay in Selective Startup.

    To remove the cleaning tools:
    * Download OTCleanIt (
    * Click the CleanUp! button.
    * It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    To remove the old System Restore points:
    o Go to Start > All Programs > Accessories > System Tools > System Restore
    o Select Create a restore point, and OK it.
    o Next, go to Start > Run and type in cleanmgr
    o Select the More options tab
    o Choose the option to clean up system restore and OK it.
    This will remove all restore points except the new one you just created.

    Spysweeper would be okay to get. You will need to go online and purchase the full version. But you can also get Spywareblaster and Spybot Search & Destroy instead, free and they are good programs:

    For Spybot S&D:
    Spyware Blaster:

    Let me know if you need any more help. Watch those tracking Cookies. You're getting then through the ISP. They are not good to get or keep.
  7. sierralm

    sierralm TS Rookie Topic Starter

    How do you log in on safe mode? I tried pressing the F8 button when the blue screen appears on start up but nothing happens.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You have to begin hitting F8 right after the logo, "before" Windows starts to load. Once you see the blue screen, it's too late.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...