Redirect Situation (including HJThis log)

Hewlett-packard / Hp d530 sff(ds034s)
February 17, 2010 at 22:17:25
Specs: Microsoft Windows XP Home Edition, 2.394 GHz / 1023 MB
The subject says it all. No matter what browser, what search engine I use, I get redirected to those bogus "empty" sites! You know what I mean when I say empty site, like when you go to a site that hasn't been used for anything and it's like the worst search engine ever?

Here's the HijackThis log ~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:55 PM, on 2/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Perfect World Entertainment\Perfect World International\patcher\patcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\PROGRA~1\FLOCK\FLOCK.EXE
C:\Documents and Settings\Goat\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: SpeedDate Toolbar - {75370b21-f8ab-478c-9bd0-ef3654f45660} - C:\Program Files\SpeedDate\tbSpee.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O3 - Toolbar: SpeedDate Toolbar - {75370b21-f8ab-478c-9bd0-ef3654f45660} - C:\Program Files\SpeedDate\tbSpee.dll
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\system32\a2d9o.dll, HUI_proc (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\system32\a2d9o.dll, HUI_proc (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetec...
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite...
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr0...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AB4044E-8D7B-4028-9748-1445D412B96B}: NameServer = 83.149.115.157,4.2.2.1,24.116.2.50 24.116.2.34
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

--
End of file - 5145 bytes


I've tried multiple antimalware/antispyware/antivirus and all to no avail.

Suggestions?


See More: Redirect Situation (including HJThis log)

Report •

#1
February 18, 2010 at 23:06:14
So, it's gone FINALLY. I did a few different things suggested from other posts across the web, and none of them worked at first. I'm not sure if I had a different breed of it, or if it was a different thing entirely, but it's finally fixed. I ran...

AVZ4
SuperAntiSpyware
CounterSpy
FindAWF
TDSSKiller
ESET Trial
Hitman Pro
ClamWin
OTM
SpyBot
Spyware Terminator
DDS
Hijack This
AVG 9.0 Free
MalwareBytes' AntiMalware
ComboFix
SDFix
Kaspersky 2010 Trial
Windows Malicious Software Removal Tool

Now, I don't know which one of these actually fixed the damn thing! Sorry for that, but on the plus side, ONE of these fixed it, and it works well now! BUT ~ there's one thing that I had to do before any of them would work. (I ran all of them, and it didn't work, then I did this next important step, ran them all again and it's fixed!)

Start
Connect To
Show All Connections
**Right click your active internet connection**
**Click properties**
**Click Internet Protocol (TCP/IP)**
**Click properties button**
**It should be set to Obtain IP automatically and Obtain DNS automatically. If it's not, set it to that**

I forgot to remember the DNS server it was routing through, but all results were from way of SearchClick8.

If this ends up helping you, leave a reply saying thanks ~ and try to include all of the search terms you used to attempt to find a fix. This way people can Google similar terms and stumble across a way that works!


:::SEARCH TERMS I USED LOOKING FOR A FIX:::
Google Search Engine Results Redirect Virus MalWare SpyWare
SearchClick8
Registry Editor RegEdit MSConfig Task Manager LOCKED


Report •
Related Solutions


Ask Question