Redirected Google Results & Mystery Sites Running in Background

By 7bars · 6 replies
Jan 9, 2010
  1. Please help me, I have been having crazy problems with my system for the past week and have tried so many scans to no avail. But in my desperate search for a fix, I think my luck changed as I stumbled onto this site that gave a very comprehensive 8-step malware remove guide. I followed the steps but I still have the following problems:

    1. When I click on google results in IE they go to other sites (not always but probably 40% of the time). I have to hit the Back button several times then re-clicking the result before it brings me to the correct site - or may have to restart google and restart the search.

    2. Out of the blue another site will launch in the background. For example, I will be using MS Word and then suddenly Word becomes unselected (i.e. the bar on the top of the Word screen turns a lighter shade and I can't interact with it until I click on it again). At this point I don't see anything else being opened on my task bar but when I click on Alt-Tab I see that in the background IE is active and is running some random site (common sites are "clickfeedmanager" or "" or some other random site). When I try to select this IE site, nothing comes up.

    3. Whenever I do a google search it takes an abnormal amount of time for the search to be completed. At first I thought it was my internet connection but when I go to a site directly by typing it's URL into IE, it loads at a normal speed - only google results show a slow speed.

    4. When I download a malware or adware program and try to install it or when I try to run some already installed malware programs (e.g. Spybot), an hour glass would appear for 15 seconds then nothing happens. Luckily I was able to run Malwarebytes and SuperAntiSpyware.

    I've attached my Malwarebytes, SuperAntiSpyware, and Hijack This log files. Also, I did a virus scan using NOD32 and it detected but can't clean the "Win32/Olmarik Torjan". Not sure whether that is relevant but I thought I would include in case it is the source of my misery.

    Please please help me!

    Thank you in advance.

    Attached Files:

  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Try running This Scanner

    Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    Click on the Upload button
    If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    Paste the contents of the Clipboard in your next reply

    Also scan these,


    If this scan runs for you, please paste the log in next reply
  3. 7bars

    7bars TS Rookie Topic Starter

    Thank you for your advice. I followed your instructions and did all three scans and each of them resulted in "Scanners did not find malware".

    I tried clicking on the "Copy to clipboard" link but nothing happens, so I don't have a log file to post.
  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    we will work on the Hijackthis log:

    Fix or remove these entries...
    O2 - BHO: (no name) - {82fc93e7-5884-4626-9b4d-01a7cec12be0} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - (file missing)
    O15 - Trusted IP range:
    O15 - Trusted IP range:
    O15 - Trusted IP range:
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} -
    O20 - Winlogon Notify: BOOTVER - BOOTVER.dll (file missing)
    O24 - Desktop Component 1: Warning homepage - (no file)

    Do you know what this is? If not, "fix" it

    O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} (DAX Control) -

    Run this Temp File Cleaner Dowload
  5. 7bars

    7bars TS Rookie Topic Starter

    I removed the 9 enteries you listed above (I recognized the last one so I didn't remove it) using the Hijackthis "Fixed checked" option but the problems still persist.

    I also tried to run the setup.exe file for Temp File Cleaner Download but I keep getting the error message that it is not a valid Win32 application.
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Run Combofix:

    Download it HERE

    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Important! Save the renamed download to your desktop.
    Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    Double click on Combo-Fix.exe and Run- follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    Wait for the scan to be completed.
    If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Then rescan with HijackThis.
    Attach Combofix report and new HijackThis log to next reply.
  7. 7bars

    7bars TS Rookie Topic Starter

    Thank you for walking me through Combofix!!! It seemed to have fixed my problems, as I ran several google searches and no redirecting :grinthumb I hope the problem is really gone for good.

    I've posted the new Hijackthis log and the Combofix report.

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...