How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Anthony Brewster Your Own Question

Anthony Brewster
Anthony Brewster, Consultant
Category: Computer
Satisfied Customers: 5365
Experience:  MICROSOFT PC SAFETY, WINDOWS LIVE ONECARE, WINDOWS GENUINE, & I.T. SPECIALIST
Type Your Computer Question Here...
Anthony Brewster is online now
A new question is answered every 9 seconds

My browser keeps redirecting me to other sites. I have used

Customer Question

My browser keeps redirecting me to other sites. I have used all sorts of malware, spyware, anti-virus removal tools and nothing works. I've uninstalled and reinstalled Firefox and Opera and that doesn't solve the issue. I did find that I had a trojan called winupdate86 and adware called seekmo. From what all the removal tools tell me both programs are gone, but the browser still acts like it is hijacked.
Submitted: 4 years ago.
Category: Computer
Expert:  Ansh P. replied 4 years ago.

Hello,

 

Have you tried a scan with combofix?

 

Also, what about internet explorer, is it also hijacked?

Customer: replied 4 years ago.
Hi Ansh,

I have not tried a scan with combofix.

Yes internet explorer is also hijacked.

I'm not at the computer right now. If you can tell me what I should do I will in about 6 hours when I am at the computer.

Expert:  Ansh P. replied 4 years ago.

First of all I suggest backup your important files before going for anything because these malware sometimes go to the worst extent.

 

Download and run combofix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

See if that works.

Customer: replied 4 years ago.
I ran combofix and it did not fix the problem. The browser is still hijacked. What should I try next?
Expert:  Ansh P. replied 4 years ago.
Can you tell me the browser is redirecting you to which site?
Customer: replied 4 years ago.
The addresses are long. I did a Google search for 'braves' and got the correct search results page but it also opened a new window with this as the address:

www.nynewsandreports.ts.com/googlejob/uniquegooglejob.html?subid=adn1?subid=adn1?src=google+com_113232

And opened a page with a news article about Google giring Americans to work from home.

When I click on the first search result on the search page (braves.mlb.com) it sends me to briefly to a page at ooxx.co then redirected to this page:

www.bizmore.com/info/index.html

The pages seem to be random as different clicks on the search links goto different sites. Also noticed that after 3 clicks on the search link and getting 3 random redirects it seems to start working normally and send you to the right place, even after closing IE and clearing caches/cookies.
Expert:  Ansh P. replied 4 years ago.

Download and install chrome browser: http://www.google.com/chrome

 

See if the same happening here. Let me know.

Customer: replied 4 years ago.
Yes, same result using Google Chrome the browser redirects to random sites.
Expert:  Ansh P. replied 4 years ago.

Wow. Much of a issue.

 

Restart the computer in safe mode and do a full scan using malwarebytes as well as combofix, give me the log of scan here.

Customer: replied 4 years ago.
ComboFix 09-11-29.06 - Owner 11/30/2009 17:25.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1XXX-XX-XXXX.635 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-30 19:47 . 2009-11-30 19:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-11-29 22:38 . 2009-11-29 22:38 -------- d-----w- c:\program files\Trend Micro
2009-11-29 22:33 . 2009-11-29 22:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-11-29 17:42 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-29 17:41 . 2009-11-29 17:41 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-29 17:41 . 2009-11-29 17:41 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-29 17:41 . 2009-11-29 17:41 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-29 17:41 . 2009-11-29 17:41 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-29 17:41 . 2009-11-29 17:41 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-29 17:41 . 2009-11-29 17:41 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-29 17:41 . 2009-11-29 17:41 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-29 17:41 . 2009-11-29 17:41 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-29 17:41 . 2009-11-29 17:41 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-29 17:41 . 2009-11-29 17:41 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-29 17:41 . 2009-11-29 17:41 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-29 17:39 . 2009-11-29 17:39(NNN) NNN-NNNN----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-29 17:33 . 2009-11-29 17:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-29 17:33 . 2009-10-03 08:15(NNN) NNN-NNNN-c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-29 17:31 . 2009-11-29 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-29 17:31 . 2009-11-29 17:31 -------- d-----w- c:\program files\Lavasoft
2009-11-29 16:26 . 2009-11-29 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-11-29 15:45 . 2009-11-29 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Opera
2009-11-29 15:44 . 2009-11-30 00:17 -------- d-----w- c:\program files\Opera
2009-11-29 04:36 . 2009-11-29 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-11-29 04:24 . 2009-11-29 13:59 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2009-11-29 04:24 . 2009-11-29 14:00 -------- d-----w- c:\program files\CheckPoint
2009-11-29 04:24 . 2009-11-29 04:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-29 03:13 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-29 03:13 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-29 03:13 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-29 03:13 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-29 03:13 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-29 03:13 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-29 03:13 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-29 03:13 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-29 03:12 . 2009-11-24 23:54(NNN) NNN-NNNN----a-w- c:\windows\system32\aswBoot.exe
2009-11-29 03:12 . 2009-11-29 03:12 -------- d-----w- c:\program files\Alwil Software
2009-11-29 02:57 . 2009-11-29 13:48 -------- d-----w- c:\program files\Angle Interactive
2009-11-29 02:57 . 2009-11-29 02:57 -------- d-----w- C:\ProgramData
2009-11-29 02:29 . 2009-11-29 02:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-29 02:29 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 02:29 . 2009-11-29 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 02:29 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 02:29 . 2009-11-29 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 00:11 . 2009-11-29 00:11 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-11-28 23:25 . 2009-11-28 23:25 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-11-28 23:25 . 2009-11-29 16:26 -------- d-----w- c:\program files\IObit
2009-11-27 13:54 . 2009-11-28 22:03 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-11-27 01:18 . 2009-11-27 01:18 -------- d-----w- c:\documents and settings\Owner\Application Data\InterVideo
2009-11-23 00:02 . 2009-11-23 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-21 15:00 . 2009-11-21 15:05 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 18:52 . 2003-08-08 17:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-30 01:43 . 2008-01-26 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-30 01:04 . 2008-01-26 01:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-30 00:18 . 2009-06-13 23:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-29 22:32 . 2005-01-10 02:44 -------- d-----w- c:\program files\Java
2009-11-29 22:20 . 2003-07-24 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-29 17:41 . 2009-11-29 17:40 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-29 17:40 . 2009-11-29 17:40 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-29 17:40 . 2009-11-29 17:40(NNN) NNN-NNNN----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-29 17:40 . 2009-11-29 17:40 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-29 17:40 . 2009-11-29 17:40(NNN) NNN-NNNN----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-29 17:40 . 2009-11-29 17:40 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-29 17:40 . 2009-11-29 17:40 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-29 17:40 . 2009-11-29 17:40 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-29 17:40 . 2009-11-29 17:40 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-29 17:40 . 2009-11-29 17:40 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-29 17:40 . 2009-11-29 17:40 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-29 17:40 . 2009-11-29 17:40(NNN) NNN-NNNN----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-29 17:40 . 2009-11-29 17:39 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-28 23:57 . 2003-07-26 08:57 -------- d-----w- c:\documents and settings\Owner\Application Data\interMute
2009-11-21 15:02 . 2009-03-26 02:47 -------- d-----w- c:\program files\AVG
2009-09-11 14:18 . 2003-08-08 17:30 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 04:10 . 2005-01-28 03:00 1101 -c--a-w- c:\windows\checkip.dat
2009-09-05 04:08 . 2005-01-28 02:58 1251 -c--a-w- c:\windows\ipconfig.dat
2009-09-05 03:49 . 2005-01-10 02:43 79952 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 21:03 . 2003-08-08 17:57 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((( XXX@XXXXXX.XXX )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-08-08 17:56 . 2009-11-30 18:52 96512 c:\windows\system32\dllcache\atapi.sys
- 2003-07-24 08:30 . 2009-11-30 17:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2003-07-24 08:30 . 2009-11-30 20:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2003-07-24 08:30 . 2009-11-30 20:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2003-07-24 08:30 . 2009-11-30 17:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2003-07-24 08:30 . 2009-11-30 20:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2003-07-24 08:30 . 2009-11-30 17:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20(NNN) NNN-NNNN
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05(NNN) NNN-NNNN
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-30 135664]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-05-03 835654]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03(NNN) NNN-NNNN
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"PhiBtn"="c:\windows\System32\drivers\PhiBtn.exe" [2005-08-26 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10(NNN) NNN-NNNN
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14(NNN) NNN-NNNN

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin700.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin700.exe.lnk
backup=c:\windows\pss\TrayMin700.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/29/2009 12:42 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM(NNN) NNN-NNNN
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/28/2009 10:13 PM 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/28/2009 10:13 PM 20560]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [11/29/2009 11:26 AM 312592]
S2 mrtRate;mrtRate; [x]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2/6/2007 12:07 AM(NNN) NNN-NNNN
S3 PentaxUsb;PENTAX Optio 60 on USB;c:\windows\system32\drivers\CoachUsb.sys [1/29/2006 12:53 AM 50976]
S3 PentaxVc;PENTAX Optio 60 Video Capture;c:\windows\system32\drivers\CoachVc.sys [1/29/2006 12:53 AM 44256]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [1/31/2007 12:11 AM 541568]
S3 XIRLINK;eVision 123 digital camera;c:\windows\system32\drivers\ucdnt.sys [8/18/2005 9:37 PM 805808]
S4 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [7/15/2005 3:38 PM 139264]
.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:40]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134907574-2749578613-2750616050-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-30 19:47]

2009-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134907574-2749578613-2750616050-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-30 19:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 17:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x869C7618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf743ecb8
\Driver\atapi -> atapi.sys @ 0xf73f6852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(288)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1344)
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-30 18:07
ComboFix-quarantined-files.txt 2009-11-30 23:06
ComboFix2.txt 2009-11-30 18:22

Pre-Run: 87,787,888,640 bytes free
Post-Run: 87,753,920,512 bytes free

- - End Of File - - A40FC49BD837AC2356FDFD03D593AAF7


Malwarebytes' Anti-Malware 1.41
Database version: 3253
Windows 5.1.2600 Service Pack 3 (Safe Mode)

11/30/2009 5:10:20 PM
mbam-log-2009-11-30 (17-10-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 275429
Time elapsed: 1 hour(s), 48 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Expert:  Ansh P. replied 4 years ago.
Please post the log in a proper format. Its all clogged up.
Customer: replied 4 years ago.
I copied and pasted the log into this window and is formatted correctly. I do not know how else to send the information using this window. I can save it as a text file and email it.
Expert:  Ansh P. replied 4 years ago.

Paste it into this site: http://pastebin.com/

 

Send me the link.

Customer: replied 4 years ago.
http://pastebin.com/m6a125592
Expert:  Ansh P. replied 4 years ago.

No infections. You are still getting hijacked?

Customer: replied 4 years ago.
Yes all the time in all browsers - IE, Opera, and Google Chrome
Expert:  Ansh P. replied 4 years ago.
Sorry but I am out of options, I should open this up for other experts.
Customer: replied 4 years ago.
Ok thanks for trying
Expert:  Anthony Brewster replied 4 years ago.

Hello, please shut down the computer and turn it off. Then power it back on and lets go into Safemode with Networking.

 

1) Turn on the computer

2) Start tapping/pressing F8 until you see Advanced Options Menu

3) Select Safemode with Networking and press enter

4) Press enter for OS/XP

5) Choose your account (not admin)

6) Click yes to continue in safemode

 

Now, please download and run SmitFradFix.

 

GUIDE

 

http://siri.geekstogo.com/SmitfraudFix.php

 

 

Download Link

 

http://tinyurl.com/smitfradfix <<<<<<< CLICK TO DOWNLOAD

 

 

1) Download SmitFradFix

2) Run SmitFradFix (Safemode Recommended)

3) Press 2 (and press enter)

4) Press Y (for clean registry) and press enter

5) Wait for the notepad with your log report.

 

AFTER THIS DO THIS.

 

1) Run SmitFradFix again

2) Press 5 (Search and Clean DNS HiJack) and press enter

3) When complete press Q for quit and press enter


Now restart your computer and test it out.


BEST OF LUCK!
GOD BLESS!

 

:)

Customer: replied 4 years ago.
Still no luck. I ran Smitfradfix and followed your directions exactly. The browser still opens up new tabs to weird websites and sometimes the websites try to download new trojans but the avast antivirus program I am running stops the trojans. Until yesterday everything was running smoothly. Somehow I picked up a trojan called winupdate.exe and it released all sorts of other malware all over my machine.
Expert:  Anthony Brewster replied 4 years ago.

Thanks. Please try this.

 

 

1) Click Start

2) Click Control Panel

3) Click User Accounts

4) Click Create A New User (with admin rights)

 

Now after you have your new account created, restart the computer and log into the account and test your computer out to see if its working now.

 

If it is working now, go back to the control panel / user acconts, and delete the old account out (BUT KEEP FILES) and your data will transfer into a single folder and it will be placed on the new desktop.

 

 

:)

 

 

Customer: replied 4 years ago.

Created a new user account with admin rights and the I went into Internet Explorer and was redirected a few times to various sites so it appears the browser is still hijacked.

Expert:  Anthony Brewster replied 4 years ago.

Thanks. Do this.

 

 

1) Click Start

2) Click Run

3) Type Drivers and press enter

4) Open the ETC folder

5) Look for hosts.

 

This is where is it located directly (C:\Windows\System32\drivers\etc)

 

 

For the HOSTS file, on the right hand side, what is the FILE SIZE? Its is 1KB or what?

 

 

Thanks!

Customer: replied 4 years ago.
Yes the hosts file is 1kb
Expert:  Anthony Brewster replied 4 years ago.

Thanks. Then its not a virus or spyware causing this. If you are getting redirected this would have been a bigger file.

 

 

It sounds to me like the OS is corrupted or having registry issues. I would suggest CCLEANER but you have already done that. ComboFix is extremely poweful to remove anything and yet you got nothing.

 


So there is only 1 thing left to do.

 

 

1) Backup all of your important data

2) Re-Install Windows XP

3) Install Security Protection

4) Download Windows Updates

5) Done!

 

 

BEST OF LUCK!
GOD BLESS!

 

 

:)

Customer: replied 4 years ago.
I am not convinced that it is not a virus since my browser redirects me to sites that try to download trojans and all this started when the winupdate86.exe trojan appeared on my system on Saturday 11/28.

I noticed the browser only redirects me when I'm using a search feature and click a link. If I am in a website, such as Just Answer, the browser opens the correct page.
Customer: replied 4 years ago.
My browser is redirecting to junk sites only when using search engines, otherwise it works.

JustAnswer in the News:

 
 
 
Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.
 
 
 

What Customers are Saying:

 
 
 
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
< Last | Next >
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
  • I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you! RP Austin, TX
  • Hi John, Thank you for your expertise and, more important, for your kindness because they make me, almost, look forward to my next computer problem. After the next problem comes, I'll be delighted to correspond again with you. I'm told that I excel at programing. But system administration has never been one of my talents. So it's great to have an expert to rely on when the computer decides to stump me. God bless, Bill Bill M. Schenectady, New York
  • The Expert answered my Mac question and was patient. He answered in a thorough and timely manner, keeping the response on a level that could understand. Thank you! Frank Canada
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
  • This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!! Alex Los Angeles, CA
  • Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult. GP Hesperia, CA
 
 
 

Meet The Experts:

 
 
 
  • Andy's Avatar

    Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
< Last | Next >
  • http://ww2.justanswer.com/uploads/EN/Engineer1010/2012-6-9_132423_jaj12a.64x64.jpg Andy's Avatar

    Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
  • http://ww2.justanswer.com/uploads/BA/barrenrock/2011-10-19_215925_JamesJAFinal.64x64.jpg James's Avatar

    James

    Sr. Computer Support Expert

    Satisfied Customers:

    8376
    20 years of experience building, fixing and servicing PCs and operating systems.
  • http://ww2.justanswer.com/uploads/zeyank/2009-09-26_154244_P8110079.png Ryan H.'s Avatar

    Ryan H.

    Computer Support Specialist

    Satisfied Customers:

    1741
    A+ Certified Technician - 10 Years experience working with all types of computer systems.
  • http://ww2.justanswer.com/uploads/JA/jadedangel57/2011-11-8_193134_janenewsm.64x64.jpg Jane Lefler's Avatar

    Jane Lefler

    Sr Prog Analyst / Technician

    Satisfied Customers:

    0
    Computer Programmer / Technician/ Consultant 16+ years
  • http://ww2.justanswer.com/uploads/RO/robmpreston/2013-9-23_233814_mijiFZm.64x64.jpg RPI Solutions's Avatar

    RPI Solutions

    Support Specialist

    Satisfied Customers:

    3476
    5+ Years in IT, BS in Computer Science
  • http://ww2.justanswer.com/uploads/BA/barunrath/2012-7-5_201954_Profilepic2.64x64.jpg B. Rath's Avatar

    B. Rath

    Computer Support Specialist

    Satisfied Customers:

    8671
    Certified Computer/Networking Support Specialist.
  • http://ww2.justanswer.com/uploads/FS/fszcze/2012-6-18_181848_500test.64x64.jpg Frederick S.'s Avatar

    Frederick S.

    Computer Specialist

    Satisfied Customers:

    7240
    Computer technician and founder of a home PC repair company.