Google redirects to random links

[sierralm]

Also my internet is very slow and my computer freezes frequently. Any help would be appreciated. Thanks

My HJT log is attached it was too long to post on here.

 

[Bobbye]

You are highly infected with malware. You are also overloaded with startup entries that are slowing you down as they are running in the background. Please follow the following steps for cleaning. When through, re-run HijackThis and attach ALL logs:

Step 4> Malwarebytes' Anti-Malware
Step 5> SuperAntiSpyware Home Edition Free Version
Step 6> Update your Java Runtime Environment
Step 7>Highjackthis Instructions
Step 8> Attach the requested logs
1) Malwarebytes Anti Malware log
2) SuperAntiSpyware log
3) Hijackthis log

Here: https://www.techspot.com/vb/post645589-1.html

 

[sierralm]

Sorry that it took so long to respond back. My computer wouldn't let me download any programs or log onto this site. Here are all the requested logs attached.

 

[Bobbye]

I hope you save the mbam log, because I want you to open it and see the malware it cleaned out! You had something of just about everything out there. Look at the sites that were infected. You obviously don't have adequate security to protect the system.

You need to have SuperAntispyware remove ALL the Tracking cookies. You need to change your Cookie settings. One of the best add-ons for Firefox is AdBlock Plus. This will prevent many of those from getting on the system, But I want to to look at that log also so you can be aware of the sites where you are picking up theses things.
AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865

"High Priced\Application Data"- bad! Every Tracking Cookie I've ever heard of is on your system through that! It means that network is making their money by putting junk on systems. ALL of the Tracking Cookies were delivered through them.

Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below:

O2 - BHO: (no name) - {27329e6a-2aa9-4c9d-8422-4b4aa1c63b1b} - C:\WINDOWS\system32\owl.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup>
O4 - HKLM\..\Run: [ivedgfkz] C:\WINDOWS\ivedgfkz.exe
O4 - HKLM\..\Run: [9e3799cb.exe] C:\WINDOWS\system32\9e3799cb.exe
O4 - HKLM\..\Run: [ÿ_zskFHMOFE[] C:\WINDOWS\system32\_zskwrkni05BI^RV`]D\[EFOMHF.exe
O4 - HKLM\..\Run: [IP Changer 2.0] c:\yourapp.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [ÿ_zskFHMOFE[] C:\WINDOWS\system32\_zskwrkni05BI^RV`]D\[EFOMHF.exe
O4 - Global Startup: CaSup.lnk = C:\hp\region\CustAtStartUp.wsf
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Get In Fit In\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: vistax - vistax.dll (file missing)
O21 - SSODL: HfEDPIBMlAIM - {6C97F386-C63D-592C-2B10-CFEC7FE1FC95} - C:\WINDOWS\system32\ylj.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Advanced Micro Devices - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Sage Mode:.
Right click on Start> Explore> Windows> System32> delete the following if found:

\system32\ylj.dll
system32\9e3799cb.exe
system32\_zskwrkni05BI^RV`]D\[EFOMHF.exe (this one may only appear as FOMHF)

Control Panel> Add/Remove Programs> highlight and install the following if found:

C:\Program Files\Seekmo

After that, Reboot, and post a new HijackThis log here in a reply
Please also run MAM to make sure the entries have been removed. Attach the log also.

Edit: I forgot to add- it appears you have two different printers on Startup:
O4 - HKLM\..\Run: [SetDefaultPrinter] "c:\hp\bin\cloaker.exe" c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe

You don't need "either" printer to start on boot. You can start it manually when you need it. Inckude the three process above in items for HijackThis to remove. Then go into the Control Apnel> Administrative Tools> Services> chenge the LExmakr Server to Manual Startup type> Apply> OK.

 

[sierralm]

I did everything you said but I couldn't find those three files or Seekmo. Is it also a problem that I have multiple computer accounts on this computer? There are four different ones. Thank you so much for the help. Also you said previously that I'm not well protected what are some good programs? Is Spy Sweeper a good one?

 

[Bobbye]

Looks pretty good. Still a couple of process running for auto-updates:
Have HijackThis remove these: Check the entries below:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Safe Mode:
Start> Run> type in 'msconfig' without the quotes> enter> Selective Startup> UNCHECK Adobe, Real Player, HP, Limewire and Java. You should then have only Norton and Spysweeper checked. IF you have a laptop, a process for the touchpad needs to start> Apply> OK

Disable this: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

1. Open Internet Explorer.
2. On the Tools menu, click Internet Options.
3. Click the Advanced tab.
4. Click to select the Disable script debugging check box, and then click OK.
5. Close Internet Explorer.

Control Panel> Java> Update tab> UNCHECK 'automatically check for updates> Apply> answer Yes> OK.
Do the same for Adobe and Real Player,, also HP in the programs themselves

Reboot into Normal Mode. You will get a nag message that can be closed after checking 'don't show this message again'. stay in Selective Startup.

To remove the cleaning tools:
* Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
* Click the CleanUp! button.
* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

To remove the old System Restore points:
o Go to Start > All Programs > Accessories > System Tools > System Restore
o Select Create a restore point, and OK it.
o Next, go to Start > Run and type in cleanmgr
o Select the More options tab
o Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Spysweeper would be okay to get. You will need to go online and purchase the full version. But you can also get Spywareblaster and Spybot Search & Destroy instead, free and they are good programs:

For Spybot S&D: http://www.safer-networking.org/en/download/
Spyware Blaster:http://www.javacoolsoftware.com/spywareblaster.html

Let me know if you need any more help. Watch those tracking Cookies. You're getting then through the ISP. They are not good to get or keep.

 

[sierralm]

How do you log in on safe mode? I tried pressing the F8 button when the blue screen appears on start up but nothing happens.

 

[Bobbye]

You have to begin hitting F8 right after the logo, "before" Windows starts to load. Once you see the blue screen, it's too late.