netcomp
asked on
All browser searches get redirected to othersites
I am working on a Vista home computer that every time you do a google or yahoo search, you get a redirected to another site other than what you find in google or yahoo. I have tried combov fix, malwarebytes, norton 2011 and can't get rid of this issue. I will post a Hijack this and see if I can get any help. I also have disable any unkown add-ons and even with No-addon startup, I stil have the same issue. I instaled Google Chrome and have the same issue.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:17:48 ¿.¿, on 08/07/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29
C:\Windows\system32\Dwm.ex
C:\Windows\system32\tasken
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynT
C:\Windows\System32\WLTRAY
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\u
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.ex
C:\Windows\system32\wuaucl
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\youneak\Downloads
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: ooVoo Toolbar - {574be437-25ae-4010-a53e-8
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-8
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: ooVoo Toolbar - {574be437-25ae-4010-a53e-8
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - Global Startup: Driver performer.lnk = C:\Users\youneak\AppData\L
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quicks
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2
O16 - DPF: {2847443C-B6EB-4EDA-8E87-B
O16 - DPF: {6A060448-60F9-11D5-A6CD-0
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2ev
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: dldtCATSCustConnectService
O23 - Service: dldt_device - - C:\Windows\system32\dldtco
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-0610
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\Google
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.ex
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYS
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVER
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdat
--
End of file - 8188 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:17:48 ¿.¿, on 08/07/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29
C:\Windows\system32\Dwm.ex
C:\Windows\system32\tasken
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynT
C:\Windows\System32\WLTRAY
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\u
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.ex
C:\Windows\system32\wuaucl
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\youneak\Downloads
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: ooVoo Toolbar - {574be437-25ae-4010-a53e-8
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-8
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: ooVoo Toolbar - {574be437-25ae-4010-a53e-8
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - Global Startup: Driver performer.lnk = C:\Users\youneak\AppData\L
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quicks
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2
O16 - DPF: {2847443C-B6EB-4EDA-8E87-B
O16 - DPF: {6A060448-60F9-11D5-A6CD-0
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2ev
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: dldtCATSCustConnectService
O23 - Service: dldt_device - - C:\Windows\system32\dldtco
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-0610
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\Google
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.ex
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYS
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVER
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdat
--
End of file - 8188 bytes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your HJT log shows nothing other than some registry clutter - although I have no idea what the Oovoo toolbar is. Is it something you have installed? You might try resetting the IE browser just to clear the decks: Tools - Options - Advanced - Reset.
Please could you post the logs from your most recent Combofix and Mbam scans. They might help in troubleshooting.
Please could you post the logs from your most recent Combofix and Mbam scans. They might help in troubleshooting.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you also post the ComboFix log?
oovootoolbar <-- I would uninstall this toolbar.
Fix these entries in Hijackthis:
O2 - BHO: ooVoo Toolbar - {574be437-25ae-4010-a53e-8
O3 - Toolbar: ooVoo Toolbar - {574be437-25ae-4010-a53e-8
O4 - Global Startup: Driver performer.lnk = C:\Users\youneak\AppData\L
oovootoolbar <-- I would uninstall this toolbar.
Fix these entries in Hijackthis:
O2 - BHO: ooVoo Toolbar - {574be437-25ae-4010-a53e-8
O3 - Toolbar: ooVoo Toolbar - {574be437-25ae-4010-a53e-8
O4 - Global Startup: Driver performer.lnk = C:\Users\youneak\AppData\L
ASKER
Thanks all, the TDSSKiller.zip the the trick . It's all fine now.
I'm glad that it worked.
Please close out the question by accepting the Expert Comment(s) that gave you the solution.
Please close out the question by accepting the Expert Comment(s) that gave you the solution.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER
Could you please close this question so that I can ask a new question. Thank you,
c:\windows\system32\driver
You may have spyware that has edited your hsot file and redirecting you all over the place.