hijacked google searches

Dell / Dimension 4600i...
June 14, 2009 at 19:04:33
Specs: Microsoft Windows XP Home Edition, 2.793 GHz / 509 MB
I'm having a problem with hijacked google seaches. When I click on links, I am frequently rerouted to ad and shopping sites.

I have tried SpyBot, Spyware Doctor, Malwarebytes, and more .. none are detecting a problem. Any help would be greatly appreciated. Thank you.


See More: hijacked google searches

Report •


#1
June 14, 2009 at 19:31:43
Can you post you last malwarebytes scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
June 14, 2009 at 21:18:25
Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 3

6/15/2009 12:15:51 AM
mbam-log-2009-06-15 (00-15-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 251706
Time elapsed: 56 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#3
June 14, 2009 at 21:20:17
Do you want to try to remove infection manually?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
June 15, 2009 at 00:04:02

have you tried to clear your cookies and other temp files from the net?

Want A Weekly Update on Latest System Security Problem http://www.systemsecurityinstitute.org


Report •

#5
June 15, 2009 at 05:46:27
Yes, I have cleared all cookies and temp files.

A new and unwelcome development is that in the last 24 hours, I'm frequently getting the blue screen when I attempt to log in at startup. I have added and removed some programs in the last few days (anti-spyware, anti-virus, etc.), but I have not made any manual changes thus far.

I would like to try to remove it manually. Thanks for the help.


Report •

#6
June 15, 2009 at 06:05:32
Hi,
Note: I can help you remove virus manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#7
Report •

#8
June 15, 2009 at 07:49:19
Does it only happen in firefox?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#9
June 15, 2009 at 07:57:28
Nope, it happens both in Firefox and IE.

Report •

#10
June 15, 2009 at 08:51:19
Go to Control Panel --> Add/Remove Programs and uninstall:

Coupon Printer for Windows

Make sure it uninstalled properly. Reboot and check and see if your problem is solved.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#11
June 15, 2009 at 08:59:45
Won't allow me to uninstall. Getting the following error message:

Invalid uninstall control file: C:\Program Files\Coupons\Uninstall\uninstall.xml


Report •

#12
June 15, 2009 at 09:09:52
Download Dr. Web CureIt! (about 10 Mbytes, developed by "Doctor Web"): ftp://ftp.drweb.com/pub/drweb/cureit/setup.exe

Start the program:

1) Select update

2) Select Scan. Change the scan type to Complete scan Start the scan.

3) once scan complete post scan log located in %USERPROFILE%\DoctorWeb\CureIt.log .

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#13
June 15, 2009 at 13:56:44
The log is big (kept getting the blue screen when trying to open it). I uploaded it to rapidshare.com.


http://rapidshare.com/files/2449447...


Report •

#14
June 15, 2009 at 14:07:19
What did blue screen say? Did you fix what it found? Is your problem solved?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#15
June 15, 2009 at 14:43:57
Sorry for the delay, my system slowed down and froze up several times.

Still having problems. Blue screen stop error info was:

Error code 100000d1, parameter1 e220f000, parameter2 00000002, parameter3 00000000, parameter4 ef56fe85


Report •

#16
June 15, 2009 at 14:54:53
That blue screen is because of Hardware/driver issue. First go to windows update and see if you have any driver updates available. If you do post back which drivers and update them.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#17
June 15, 2009 at 15:27:37
The only updates it shows are IE 8 and Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5

Should I install?


Report •

#18
June 15, 2009 at 15:36:22
Install the updates after ad-ware is removed. Run these in order numbered:

1) http://onecare.live.com/site/en-Us/...

2) http://onecare.live.com/site/en-Us/...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#19
June 15, 2009 at 20:03:10
Problem appears to be fixed. Google searches are working, and no more problems at startup. Thanks very much for your help!

Report •

#20
June 15, 2009 at 20:22:09
No problem.Glad it got fixed. Dr. web fixed it and blue screen is hopefully fixed as well.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question