Browser redirecting

December 22, 2009 at 06:01:14
Specs: Windows XP
Hi, I am having a problem with my internet. It keeps re directing me to a 'supersearch11' site...when I check with my antivirus it finds nothing...I don't know what to do, can anyone help


See More: Browser redirecting

Report •

December 22, 2009 at 08:39:13
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.


1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Next, please download DEFFOGER to you desktop from this link:


1. Double click DeFogger to run the tool.
2. When the utility opens click the Disable button to disable your CD Emulation drivers
3. Click Yes to continue
4. A 'Finished!' message will appear
5. Click OK
6. DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until the instruction is given.

Download Gmer.exe from the following link.


1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.

Report •

January 21, 2010 at 07:19:20
Logfile of random's system information tool 1.06 (written by random/random)
Run by Family at 2010-01-21 10:10:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 222 GB (89%) free of 250 GB
Total RAM: 2038 MB (50% free)

HijackThis download failed

======Scheduled tasks folder======


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\Torrent Downloads\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Documents and Settings\Family\My Documents\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-20 137752]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2009-07-09 65240]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe [2009-11-10 417792]
"GrooveMonitor"=C:\Documents and Settings\Family\My Documents\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-16 208896]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Documents and Settings\Family\My Documents\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]







Report •

January 21, 2010 at 07:20:24
Time Written: 20091230222253.000000-300
Event Type: error

Computer Name: MORPAY
Event Code: 1517
Message: Windows saved user MORPAY\Family registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4632
Source Name: Userenv
Time Written: 20091229194123.000000-300
Event Type: warning

======Environment variables======

"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\


Report •

Related Solutions

January 21, 2010 at 07:28:18
I was not able to click on the second link as it says:
File Not Found
The file was not found on the server. Please try again.
If you are looking for Technical Support, look no further than the forums on the left hand side of this page.

Please advise. I know it took long for this reply but I had was looking for this reply in the wrong email. :-(

Report •

Ask Question