Search Engine Sites Redirect Me

June 25, 2010 at 14:23:59
Specs: Windows XP
My Google links and other search engines keep getting redirected to sites such as shopica and others. This has been going on for about awhile now. And honestly I'm not sure what to do.

I've been looking at the entry: http://www.computing.net/answers/se...

and am wondering if I should follow those steps or do something else? Any help would be magical and appreciated ! Thanks :)


See More: Search Engine Sites Redirect Me

Report •

#1
June 25, 2010 at 14:44:03
Those steps are correct. They are the standard procedure for removing the Google redirect virus.

Report •

#2
June 25, 2010 at 14:57:27
Jabuck was one of the best malware removal professionals in computing.net so those instructions are good.
You may also want to try combofix:
http://www.bleepingcomputer.com/com...
Just follow the instructions on the website and you should be fine.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
June 25, 2010 at 20:08:36
I'm trying to use combofix.

i managed to install and such.
but once i actually try to scan the computer using the program my computer just reboots.

any suggestions?


Report •

Related Solutions

#4
June 27, 2010 at 06:24:14
Hi.

I have been having almost identical problems to this described which started after suffering from and cleansing the nasty "AV Anti-Virus" 2010 virus. Seems to now be ok having gone throught he combofix procedure. Certainly I'm not being redirected to random sites anymore when I click on search results nor have I noticed any further advert 'pop ups'. Which is great!

Below is the full log report generated, please could someone let me know if there's anything left over I need to sort out? There's a line 'Restored copy from - Kitty had a snack :p'. Is that anything to worry about?

Many thanks,

----------------------------------------------------------------------------------------

ComboFix 10-06-26.02 - Scott 27/06/2010 13:16:31.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.185 [GMT 1:00]
Running from: c:\documents and settings\Scott\Desktop\toolb.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe7.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Scott\Local Settings\Temporary Internet Files\mcc36.tmp
c:\documents and settings\Scott\Local Settings\Temporary Internet Files\mcc43.tmp
c:\documents and settings\Scott\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\Scott\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\Scott\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\Scott\Local Settings\Temporary Internet Files\mccC.tmp
c:\documents and settings\Scott\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\Scott\Local Settings\Temporary Internet Files\mccF.tmp
c:\documents and settings\Scott\Recent\Thumbs.db
c:\windows\system32\sstray.exe
c:\windows\TEMP\logishrd\LVPrcInj05.dll
D:\AUTORUN.INF

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))
.

2010-06-26 20:12 . 2010-06-27 12:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-26 20:12 . 2010-06-27 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 13:47 . 2010-06-24 13:49 -------- d-----w- c:\documents and settings\Scott\Application Data\AIMP
2010-06-24 13:47 . 2010-06-24 13:47 -------- d-----w- c:\program files\AIMP2
2010-06-24 07:48 . 2010-06-24 07:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-22 19:51 . 2010-06-22 19:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-22 18:15 . 2010-06-22 18:15 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-21 21:20 . 2010-06-21 21:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Malwarebytes
2010-06-21 20:28 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-21 20:28 . 2010-06-21 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-21 20:28 . 2010-06-21 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 20:28 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 01:26 . 2010-06-21 22:50 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\jeaeorbop
2010-06-19 08:47 . 2010-06-19 08:51 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-10 16:33 . 2010-06-10 16:33 -------- d-----w- c:\documents and settings\Scott\Application Data\Motive
2010-06-10 16:28 . 2010-06-10 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-06-10 16:28 . 2010-06-10 16:30 -------- d-----w- c:\program files\Common Files\Motive
2010-06-10 16:27 . 2010-06-10 16:27 -------- d-----w- c:\program files\BT Broadband Desktop Help
2010-06-09 16:04 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 12:41 . 2002-01-01 00:14 450476064 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-27 12:36 . 2002-01-01 00:14 5279996 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-27 12:05 . 2009-10-08 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-10 16:37 . 2001-12-31 23:02 -------- d-----w- c:\documents and settings\Scott\Application Data\MSN6
2010-06-06 02:31 . 2009-05-04 19:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 15:41 . 2010-05-27 15:41 503808 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4fc601a8-n\msvcp71.dll
2010-05-27 15:41 . 2010-05-27 15:41 499712 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4fc601a8-n\jmc.dll
2010-05-27 15:41 . 2010-05-27 15:41 348160 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4fc601a8-n\msvcr71.dll
2010-05-27 15:41 . 2010-05-27 15:41 12800 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-310f7462-n\decora-d3d.dll
2010-05-27 15:41 . 2010-05-27 15:41 61440 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-310f7462-n\decora-sse.dll
2010-05-17 21:28 . 2010-05-18 05:00 2630656 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-05-06 10:41 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2001-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2001-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 21:30 . 2010-04-08 21:30 61440 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6383f03b-n\decora-sse.dll
2010-04-08 21:30 . 2010-04-08 21:30 12800 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6383f03b-n\decora-d3d.dll
2010-04-08 21:30 . 2010-04-08 21:30 503808 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-124e36c7-n\msvcp71.dll
2010-04-08 21:30 . 2010-04-08 21:30 499712 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-124e36c7-n\jmc.dll
2010-04-08 21:30 . 2010-04-08 21:30 348160 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-124e36c7-n\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-05-17 2515552]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-05-17 15:44 2515552 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-05-17 2515552]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-05-17 2515552]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-10-07 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-14 68856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-05-29 520192]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-24 28672]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-04-25 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-27 66864]
Philips Device Manager.lnk - c:\program files\Philips\SA28XX Device Manager\main.exe [2009-1-10 7696118]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [02/02/2010 08:24 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [02/02/2010 08:25 27632]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [09/01/2009 21:35 10976]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [27/09/2008 15:58 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [27/09/2008 15:58 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [27/09/2008 15:58 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [27/09/2008 15:58 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [27/09/2008 15:58 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [27/09/2008 15:58 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [27/09/2008 15:58 110120]
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-27 20:11]

2010-06-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]

2010-06-27 c:\windows\Tasks\User_Feed_Synchronization-{C07391E4-53A1-4C7F-B0E1-69D9F28DAE0E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-nForce Tray Options - sstray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4768)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2010-06-27 14:01:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-27 13:01

Pre-Run: 98,666,795,008 bytes free
Post-Run: 99,248,746,496 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - F963D05216E2ED2C07FEA9317B390A53


Report •

#5
June 27, 2010 at 12:41:44
Beammeup, please start your own thread and post your CF log there so that I can look over it.

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

Ask Question