Search redirect problem
- Thread starter Michael D
- Start date
- Status
Good Morning Jeff,
I could not figure out how to copy and paste the information. Attached is the scan log main page showing the three recent scans. First the quick scan, then the full scan, then the boot-time scan.
I will attach the others - I got hacked so it might be related to that and not the redirect. I don't want to convolute the thread so let me know ok?
Michael
I could not figure out how to copy and paste the information. Attached is the scan log main page showing the three recent scans. First the quick scan, then the full scan, then the boot-time scan.
I will attach the others - I got hacked so it might be related to that and not the redirect. I don't want to convolute the thread so let me know ok?
Michael
I feel like a real pain, and you have said don't worry about it but anyway 
So, these infected files are in the chest, should I leave them there or hit the apply button for another action, or even can I? I don't know what is best, I thought (very dangerous I know!) that them being in the chest was good, but I don't know very much.
Michael
So, these infected files are in the chest, should I leave them there or hit the apply button for another action, or even can I? I don't know what is best, I thought (very dangerous I know!) that them being in the chest was good, but I don't know very much.
Michael
jeffce
Emeritus
Hi,
Nope...don't worry. You are not a pain.
Some of those are just in restore points and when we remove our tools they will be removed. As long as Avast is picking up the infections and you are able to remove them you are fine. As a matter of fact, Avast just picked up one for me too just today.
Nope...don't worry. You are not a pain.
Some of those are just in restore points and when we remove our tools they will be removed. As long as Avast is picking up the infections and you are able to remove them you are fine. As a matter of fact, Avast just picked up one for me too just today.
Ok, I am baffled about all this...
I did some searches and I am randomly getting thrown around to these rouge sites still.
I have a MSword copy (without the links) of the searches, and a screen shot of another site called Glam - at first glance it looks pretty good but if you look twice it is very poorly put together, not like the one I saw, I think it was Style or something? but that one did look sharp. Anyway this seems a tough nut to crack.
Let me know if this would help you and I can copy/paste or attach whatever.
Bottom line is that I am still getting redirected.
I did some searches and I am randomly getting thrown around to these rouge sites still.
I have a MSword copy (without the links) of the searches, and a screen shot of another site called Glam - at first glance it looks pretty good but if you look twice it is very poorly put together, not like the one I saw, I think it was Style or something? but that one did look sharp. Anyway this seems a tough nut to crack.
Let me know if this would help you and I can copy/paste or attach whatever.
Bottom line is that I am still getting redirected.
jeffce
Emeritus
Hi,
I sure appreciate your patience...
RKill
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download the following tool. Boot to Safe Mode with Networking and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
Do not reboot your computer after running rkill as the malware programs will start again.
----------
Now...from Safe Mode with Networking open Malwarebytes, update it and run a Full Scan. Save the log.
----------
Run a new scan with ESET online scanner. Save that log as well.
In your next reply please post the new logs made by Malwarebytes and ESET online scanner.
I sure appreciate your patience...
RKill
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download the following tool. Boot to Safe Mode with Networking and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
Do not reboot your computer after running rkill as the malware programs will start again.
----------
Now...from Safe Mode with Networking open Malwarebytes, update it and run a Full Scan. Save the log.
----------
Run a new scan with ESET online scanner. Save that log as well.
In your next reply please post the new logs made by Malwarebytes and ESET online scanner.
Well after all that I seem to have lost the online scanner log. :slap:
Here is the rkill log even though you didn't ask for it. I ran this after everything,out of curiosity, but it looked the same as this save the date and time.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 04/27/2012 at 17:51:28.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 04/27/2012 at 17:51:31.
and here is malwarebytes:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.27.10
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: MICHAEL-9L4P8YF [administrator]
4/27/2012 2:56:30 PM
mbam-log-2012-04-27 (14-56-30).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329841
Time elapsed: 42 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
I can run another online scan if you need me too. Maybe because I was in safe mode I couldn't access it... but I don't know - the last time I know it was a little tricky to get it first before shutting down the program. Anyway, that is a disappointment. Please let me know, it does take quite some time to do.
Michael
Here is the rkill log even though you didn't ask for it. I ran this after everything,out of curiosity, but it looked the same as this save the date and time.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 04/27/2012 at 17:51:28.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 04/27/2012 at 17:51:31.
and here is malwarebytes:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.27.10
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: MICHAEL-9L4P8YF [administrator]
4/27/2012 2:56:30 PM
mbam-log-2012-04-27 (14-56-30).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329841
Time elapsed: 42 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
I can run another online scan if you need me too. Maybe because I was in safe mode I couldn't access it... but I don't know - the last time I know it was a little tricky to get it first before shutting down the program. Anyway, that is a disappointment. Please let me know, it does take quite some time to do.
Michael
Hi again Jeff,
I guess I will not turn the computer off. I can't get the results anyway I know how.
The scan takes about an hour and a half and I don't want to lose it if it is salvageable.
I am in safe mode with networking and the scan has finished - attached is a screen shot if that means anything (probably not). I just can not get to the scan results... The first time we did this, I noticed it at the top left at the last minute before I shut down the program.
Michael
I guess I will not turn the computer off. I can't get the results anyway I know how.
The scan takes about an hour and a half and I don't want to lose it if it is salvageable.
I am in safe mode with networking and the scan has finished - attached is a screen shot if that means anything (probably not). I just can not get to the scan results... The first time we did this, I noticed it at the top left at the last minute before I shut down the program.
Michael
The system seems a little slower on the refresh, and things load slower, but this might be my perception. It seems a little sluggish.
I don't know if you changed many settings but this machine was set up as a audio computer originally, I changed the settings so the audio would run better. I have switched machines and have another computer for the studio -
I am not a big computer audio guy either and most of my recording is done old school, but the computer is necessary today.
Sorry for all that unnecessary garble.
...and yes I am still getting redirected --- :sad:
I don't know if you changed many settings but this machine was set up as a audio computer originally, I changed the settings so the audio would run better. I have switched machines and have another computer for the studio -
I am not a big computer audio guy either and most of my recording is done old school, but the computer is necessary today.
Sorry for all that unnecessary garble.
...and yes I am still getting redirected --- :sad:
Hey Jeff,
Still with me? I know you are doing your best... I wanted to let you know something I have noticed.
I am getting directed as you know. When I click on a link on a search page it goes directly to Happili or similar and if I hit the "go back one page button" and click the link again it goes to the link correctly - I hope this helps.
Michael
Still with me? I know you are doing your best... I wanted to let you know something I have noticed.
I am getting directed as you know. When I click on a link on a search page it goes directly to Happili or similar and if I hit the "go back one page button" and click the link again it goes to the link correctly - I hope this helps.
Michael
jeffce
Emeritus
Hi,
- Download OTL to your desktop.
- Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please attach the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
- Status