gcirico
2006-09-27, 18:22
First, let me explain the situation first before inspecting my logs.
I've been trying for weeks now to try and get to the bottom of a malware issue I'm having with a system of mine. The issue only has to do with when I conduct a search on any popular search engine (Google, Yahoo) using IE (let me know if I should test this on FireFox). At random times when I click a search result link returned by the search engine I am instead redirected to random different types of advertising websites. When studying network packet activity, it's almost as though the website being requested (the search result link) is having its DNS resolve to something other than it should be. This led me to check all of my network settings only to find nothing suspicious. Keep in mind that search results are the only currently observed malware symptom on this system.
At one point HiJackThis had reported hijacked nameserver entries (85.255.116.91 & 85.255.112.234) which I of course immediately corrected, and yet, the problem still remained. I examined all other network settings including TCP/IP, hosts file (127.0.0.1 only), and even my networking equipment (router, etc) for issues. However keep in mind; other systems on the network are not affected. I also checked out my LSP chains, but as far I can tell with my knowledge, they appear normal. I also removed a urlsearchhook file last month named newbreed.dll if that matters at this point?
I've gone through all BHOs, ActiveX, Win Services, and startup apps and am at a total loss as to why this randomly occurring redirection is still occurring despite my decent knowledge of malware removal in the past. I'm almost starting to suspect this might be a new/rare hijack embedded within another unseen core system file.
Thus, you guys are my last resort. I've attached a single txt file to this post containing my Hijackthis log along with various Spybot logs. I had to make a few minor modifications to the logs (abbreviations, etc) to keep it under your 19.5KB limit. Given my attached logs of HiJackThis and Spybot, I hope we can discuss this and come to a resolution. I really don’t feel like giving up yet and simply reinstalling Windows. Thanks in advance for any assistance.
I've been trying for weeks now to try and get to the bottom of a malware issue I'm having with a system of mine. The issue only has to do with when I conduct a search on any popular search engine (Google, Yahoo) using IE (let me know if I should test this on FireFox). At random times when I click a search result link returned by the search engine I am instead redirected to random different types of advertising websites. When studying network packet activity, it's almost as though the website being requested (the search result link) is having its DNS resolve to something other than it should be. This led me to check all of my network settings only to find nothing suspicious. Keep in mind that search results are the only currently observed malware symptom on this system.
At one point HiJackThis had reported hijacked nameserver entries (85.255.116.91 & 85.255.112.234) which I of course immediately corrected, and yet, the problem still remained. I examined all other network settings including TCP/IP, hosts file (127.0.0.1 only), and even my networking equipment (router, etc) for issues. However keep in mind; other systems on the network are not affected. I also checked out my LSP chains, but as far I can tell with my knowledge, they appear normal. I also removed a urlsearchhook file last month named newbreed.dll if that matters at this point?
I've gone through all BHOs, ActiveX, Win Services, and startup apps and am at a total loss as to why this randomly occurring redirection is still occurring despite my decent knowledge of malware removal in the past. I'm almost starting to suspect this might be a new/rare hijack embedded within another unseen core system file.
Thus, you guys are my last resort. I've attached a single txt file to this post containing my Hijackthis log along with various Spybot logs. I had to make a few minor modifications to the logs (abbreviations, etc) to keep it under your 19.5KB limit. Given my attached logs of HiJackThis and Spybot, I hope we can discuss this and come to a resolution. I really don’t feel like giving up yet and simply reinstalling Windows. Thanks in advance for any assistance.