|
| ||
| Browser Redirects to "go.google.com" (or nowhere at all) Hello, My desktop computer is having problems with Internet Explorer. Much of the time (every time?) I click on links in "google" search results, I get redirected to "go.google.com", or I just get "Internet Explorer cannot display the web page". Also, while not a real problem, text fonts in "google" search results are bigger than they used to be. Text fonts are also larger in the AOL web-based e-mail page (of an account I'm in the process of trying to wean the family off), which is also unusable from the problem desktop computer. I'm not at all sure why I can get to this site, but thankful nonetheless. Before looking here, I ran two routine scans: Spybot S&D gave me just two results, both related to "CoolWWWSearch.Svchost32". (Yuck!) McAfee flagged a couple of similar things as well. Sorry, I don't have the exact transcripts right now, but can get them if it's important. I saw a recent thread started by "g3nx" regarding an identical-sounding problem, but I wasn't clear on what was actually done to fix the problem, and jholland1964's warning "that this will not work for every computer or every type of infection and one shouldn't run it unless directed by somebody helping you" makes me hesitate to just start throwing random anti-malware at it. I also read PhilliePhan's "Read me before posting a request for assistance" posting, and I would really like to follow the instructions given there, but I can't get to "bleepingcomputer.com" or any of the other linked pages (except for the Microsoft Windows Malicious Software Removal Tool) due to the browser problems I'm encountering. (I can't get to those pages by clicking or by typing the URL .) So... Is there anything relatively simple I can do to get to the "do this stuff first" pages so I can download any of this stuff to help clean up my computer? Any assistance is greatly appreciated. Pete |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) See if you can do the following; download Malwarebytes' Anti-Malware (MBA-M) to your Desktop. * DoubleClick mbam-setup.exe and follow the prompts to install MBA-M. * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt. If you cannot do that in normal mode then see if you can do it with Safe Mode with Networking. If that is not possible then if you have another computer you can use try the download on it, but it to a disk or flash drive and bring it back to the infected computer and install and run it. If you are able to run it then post back here with the log. Judy |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) Thanks for the reply, Judy. I tried downloading the Malwarebytes' software as you suggest, but, again, Internet Explorer tells me it "cannot display the web page" (whether I click on it or paste it into the browser). Wow, it's frustrating to see the "besttechie.net" URL when my cursor hovers over the link, but I can't get there. If I knew how to run in "Safe Mode with Networking", I would certainly try it, but I'm pretty clueless in that regard, and "google" is not my friend right now. If there is a quick explanation I can follow please let me know. Otherwise, I will go the "sneakernet" route from a friend's computer at a more reasonable time of day. Pete |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) In case your redirection problem is a simple set of alterations to your Hosts File you might try this as a first step: ==download HostsXpert from http://www.funkytoad.com/content/view/13/31/ -click the top button Make Writable if it is available -click Restore MS Hosts File button. If instead you would like to clear your hosts file manually [C:\Windows\system32\drivers\etc\hosts] then apart from the helpful guff from M$ which may or may not exist in your hosts file, this should be the only [or bare minimum!!] entry: 127.0.0.1 localhost Drag Hosts into an empty notepad, edit it and Save. You may find that you are not able to save the changed/corrected file. This is because some security applications, possibly also various malware, will lock your Hosts file [make it read-only] as a protection. Lock/Unlock hosts exists in Zonealarm and Spybot S&D. ZoneAlarm : look under firewall, advanced; Spybot : click Tools, Hosts File, uncheck "Lock Hosts file read-only as protection against hijackers" Or just...[but a Spybot setting may over-ride this command....] do this: Go Start, run, type cmd ...and press Enter. Paste this line into the window at the prompt, press Enter, close the window and try to save the file again. attrib -r -h -s %SystemRoot%\system32\drivers\etc\HOSTS Now try to get MBAM. |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) gerbil, Thanks for the suggestions. I've not tried any of them, but I may yet depending on how things go here. Some helpful souls at my place of employment convinced me to switch to FireFox, thinking that it wouldn't be susceptible to the issues I'm having with Internet Explorer. I had high hopes, but after installing it from a flash drive, I get pretty much the same results as I do from IE, just with different graphics/icons and slightly different wording. Anyway, I downloaded ATF-Cleaner, Malwarebytes' Anti-Malware, and HijackThis to that same flash drive at work, and am now able to at least run some of the suggested cleanup. Thanks, Pete |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) I was able to download some of the suggested cleanup tools to a flash drive at my place of employment, and I copied these to the desktop of the infected computer. Following PhilliePhan's instructions: 4) I looked through the Control Panel's "Add/Remove Programs" and didn't find anything that was obviously suspicious. (Take that with a grain of salt; program names wouldn't need to be all that cleverly disguised to get past me...) 5) I enabled viewing of hidden files. 6) I attempted to download the "Microsoft Windows Malicious Software Removal Tool", but, although I could get to the Microsoft download site, the download would fail with an error. So this step is incomplete. 7) I ran ATF-Cleaner.exe with no apparent problems. I'm using FireFox at the moment based on suggestions from people at my workplace who are far more knowledgeable about this stuff than me, so I followed the ATF-Cleaner instructions specific to FireFox as well. 8) I ran Malwarebytes' Anti-Malware tool as detailed. It appeared to download updates properly. After clicking "Remove All", the results of the scan follow: Malwarebytes' Anti-Malware 1.28 Database version: 1143 Windows 5.1.2600 Service Pack 2 9/12/2008 11:44:08 PM mbam-log-2008-09-12 (23-44-08).txt Scan type: Full Scan (C:\|) Objects scanned: 120051 Time elapsed: 38 minute(s), 58 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssserf.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\DRIVERS\tdssserv.sys (Trojan.Agent) -> Delete on reboot. I haven't gone to step #9 -- I hate to be the anal-retentive engineer, but Malwarebytes' Anti-Malware tells me that my "computer needs to be restarted to complete the removal process" and asks if I would like to continue, but PhilliePhan's instructions don't address this. Should I restart before continuing with the ESET scan? Thanks, Pete |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) I had the same infection, and a combination of Malabyte and Spybot solved it immediately. Safe Mode: Reboot, press F8 until the Safe Mode screen comes up. Yes, go to step 9. This is a very nasty piece of spyware. |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) Quote:
They are probably running and cannot be removed if running. MBA-M will delete them BEFORE they begin to run when the computer is rebooted. THEN once the computer is fully booted follow his instructions for ESET Scanner. Judy |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) Thanks Judy. Okay, I rebooted to let MBA-M do its thing. Then I ran ESET scanner and HiJackThis. ESET scanner log and HiJackThis log and uninstall list follow. ESET scanner log: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3439 (20080912) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=cb7d5368d940f947a215fa159ab96aec # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2008-09-13 01:19:23 # local_time=2008-09-13 09:19:24 (-0500, Eastern Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=215930 # found=6 # scan_time=2205 C:\Avenger\tdssadw.dll Win32/Agent.ODG trojan 41569535CD2CF991B6D14B17CDEBC304 C:\Avenger\tdssl.dll Win32/Agent.ODG trojan B4EE00C2DF0BC7E9F643A0E6B8CAA828 C:\Avenger\tdsslog.dll Win32/Agent.OBU trojan AE7C5EDD787BCDD8ED5966BDF02F1B46 C:\Avenger\tdssmain.dll Win32/Agent.ODG trojan FC721FC58B17243C313C04BBBD63172A C:\Avenger\tdssserf.dll Win32/Agent.ODG trojan 67E17F3C7F3C0134CAC7374FD013D9F4 C:\Avenger\tdssserv.sys Win32/Agent.ODG trojan 2123178EDB1752D426B3C0674627F1F2 HiJackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:03:15 AM, on 9/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Kerri\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab O23 - Service: McAfee Application Installer Cleanup (0273671221200107) (0273671221200107mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\027367~1.EXE (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7710 bytes HiJackThis uninstall_list.txt: Ad-Aware Adobe Acrobat 5.0 Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adventures in Typing with Timon and Pumbaa AnswerWorks 4.0 Runtime - English AOL Coach Version 1.0(Build:20020605.1) AOL Coach Version 2.0(Build:20041026.5 en) AOL Deskbar AOL Toolbar AOL Uninstaller (Choose which Products to Remove) AOL You've Got Pictures Screensaver BCM V.92 56K Modem Blues Clues School Bob the Builder - Bob Builds a Park Classic PhoneTools Clifford Learning Activities Clifford Phonics Clifford Thinking Adventures Comcast Universal Installer v1.2 Compatibility Pack for the 2007 Office system Dell Modem-On-Hold Dell Picture Studio - Dell Image Expert Dell Solution Center DellSupport Digital Line Detect Dragon Tales DVDSentry Easy CD Creator 5 Basic ESET Online Scanner G-Police Half-Life HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) hp instant support HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 2100 series hp psc 2100 series Intel(R) PRO Ethernet Adapter and Software Intel(R) PROSet II John Deere American Farmer TM v1.0 JumpStart Spanish M&Ms The Lost Formulas Malwarebytes' Anti-Malware McAfee SecurityCenter Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Data Access Components KB870669 Microsoft Encarta Encyclopedia Standard 2003 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2003 Microsoft Money 2003 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Disc 2 Microsoft Office 2000 SR-1 Premium Microsoft PhotoDraw 2000 V2 Microsoft Picture It! Photo 7.0 Microsoft Word 2002 Microsoft Works 2003 Setup Launcher Microsoft Works 7.0 Microsoft Works Suite Add-in for Microsoft Word Modem Helper Mozilla Firefox (3.0.1) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MUSICMATCH Jukebox NVIDIA Display Driver NVIDIA Windows 2000/XP Display Drivers Paint Shop Pro 7 Personalized Learning Center PowerDVD Pure Networks Port Magic QuickTime QuickTime for Windows (32-bit) Reader Rabbit Personalized 1st Grade RealPlayer Savings Bond Wizard Scholastic's I SPY Junior Scholastic's I SPY School Days Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Shockwave Sierra Utilities Spybot - Search & Destroy Thomas & Friends - Trouble on the Tracks TurboTax Basic 2005 TurboTax Basic 2006 TurboTax Basic 2007 TurboTax ItsDeductible 2005 TurboTax ItsDeductible 2006 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Viewpoint Media Player WexTech AnswerWorks Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Junglebook Compatiblity Fix Windows XP Service Pack 2 |
| ||
| Re: Browser Redirects to "go.google.com" (or nowhere at all) First of all please disable the Spybot TeaTimer; To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Reboot. Next go back to the ESET Scanner, run the scan again and have it FIX or REMOVE everything found. Reboot. Then run a NEW full system scan with HiJackThis. Place checkmarks next to the following entries if they still remain; O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O4 - Startup: PowerReg Scheduler V3.exe Once you have placed the checkmarks then click the Fix Checked button. Exit HJT and reboot. You also need to do a search for that PowerReg program, it is most definitely malware. It would most likely be located in UserProfile (this would be you so substitute your name)\Start Menu\Programs\Startup If you find it, delete it. Run a new HJT scan after doing all the above, INCLUDING the fixes with the ESET scanner and post those logs here. |
| All times are GMT -4. The time now is 12:03 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC