[Inactive] Various Problems

Status
Not open for further replies.
X

Xkzonstr

Okay, so I have a few issues with my computer - mainly regarding IE. It's been bearable till now, but now I'm getting short with it. I'll list them the best way possible and attach a fresh hijack log.

I'm using IE8 with the google toolbar.
I DO have CCleaner, malwarebytes, and AVG 9.0 Free & run all of them regularly.

1) The "Back" button will not go back after the first time being pressed. I understand some sites have a built in mechanism that keeps unexperienced people on the page longer, but I highly doubt Google or Facebook would do that.

2) When I search something up on Google, I end up being redirected to random sites.

Sites that I get redirected to:

- Toseeka
- Shop Overtime
- http://adx.trafficengine.net/

& more.

3) My google spell check keeps saying this:

"Unable to connect to Google Spelling Servers. Please check your Internet connection and try again"

I'm obviously connected to the Internet, otherwise I wouldn't be able to post here.
 

Attachments

  • hijackthis.log
    10.5 KB · Views: 2
Usually the HJT log alone isn't sufficient, but in the case of a DNS Changer malware infection, it provides a start:

Please reopen HJT to 'do system scan only.' Check the following entries:
O17 - HKLM\System\CCS\Services\Tcpip\..\{11022CA4-25B8-48F8-B593-E843E16768DD}: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B08FBCA-5C41-439F-9EFC-D8AC5B7105A6}: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.117,93.188.161.65

Close all Windows except HJT and click on "Fix Checked."

Your searches are being routed through a site in the Ukraine, so do the following:

You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Exit the Command prompt when finished and shut the system down.-

  • [1]. Shut down your computer, and any other computer connected to your router.
    [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
    [3]. Unplug the router. Wait sixty seconds.
    [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
    [5].With the router unplugged, start your computer. Run MBAM again.
    [6].Connect to the router again. The turn the router back on.
    [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
    [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.

When that has been done, please follow the steps HERE for preliminary malware removal.

Leave the 3 logs with your next reply.
 
Bobbye,

I've deleted the the entries you've listed for the Hijack report, DNS flushed + steps, & also did the MBAM & SuperAntiSpyware in complete scans.

MBAM found 0 threats/infections.
Super found 670 ad-ware tracking cookies. I've already had them quarantined, restarted, and removed.

I'll attach a fresh hijack log, & the two scan logs.
 

Attachments

  • SUPERAntiSpyware Scan Log - 03-27-2010 - 09-46-25.log
    43.6 KB · Views: 1
  • mbam-log-2010-03-26 (23-26-26).txt
    853 bytes · Views: 1
  • hijackthis.log
    10.2 KB · Views: 1
You ran a really old version of Malwarebytes:
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

The current version is v1.44 with database more like 3918. It can be found HERE.
Please uninstall the version you now have, download and run the current version and leave the new log. It's possible that the newer version may find undesirable entries. Be sure to check the line for removal.

Have you noticed an improvement in the redirects? I'll decide the next step after reviewing the new log and getting the system update from you.
 
Bobbye,

I downloaded the new version, and did a full scan. It found one infection, and I removed it and restarted.

As to your question, it seems that it still redirects the searches. The google spell check works again though.

New MBAM log attached.
 

Attachments

  • mbam-log-2010-03-27 (12-21-28).txt
    972 bytes · Views: 2
About this:
1) The "Back" button will not go back after the first time being pressed.
Click to expand...
Not likely to be malware related.

2) ToseekA
Click to expand...
ToseekAToolbar for Internet Explorer 1.48 is a legitimate Toolbar/add-on for IE and Firefox. "This harnesses the power of ToseekA's all-in-one search platform, which allows you to search the best of the Web, all in a single search, all from a simple toolbar". Sometimes, toolbars are pre-checked on update sites and if you miss it to uncheck it, you end up with it.

NOTE: Please advise if You are using Firefox. There is an add-on that has been found to cause some of the redirects you mentioned.

3) My google spell check keeps saying this:"Unable to connect to Google Spelling Servers. Please check your Internet connection and try again"
Click to expand...
You are being told that the Google Servers are busy- nothing more.

I'd like you to run Combofix. I can then remove unwanted entries- Viewpoint being one of them and other undesirable files:
Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Important! Save the renamed download to your desktop.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  • Double click on the setup file on the desktop to run
  • If prompted to download and install the Recovery Console, please do so.
    (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  • If prompted to update, please allow.
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
.
Follow this with a new scan using HijackThis. Please paste both results in your next reply.
 
Status
Not open for further replies.

Similar threads

A
Google delisted six billion alleged 'pirate' links in ten years
Replies
13
Views
1K
Wye43
W
Jimmy2x
Browser-based spell check from Google and Microsoft can lead to stolen personal data
Replies
1
Views
651
Tantor
T
Bob O'Donnell
Microsoft Copilot enables next-gen AI for Word, Excel and other Office applications
Replies
10
Views
978
Dimitrios
Dimitrios

Latest posts

Back