×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Search Engine Redirect Issue
3

Search Engine Redirect Issue

Search Engine Redirect Issue

(OP)
This is Windows XP Pro SP3 with Internet Explorer 7. I have a search engine redirect problem which has some very interesting characteristics. First, this problem occurs across all search providers, google, bing, live, etc. Second, it is not user specific. Regardless of the log in name the action occurs consistently. Third, the action is that after you do the search and receive the search results, when you click on the result you are redirected to a solicitation or information page that is somewhat related to the subject matter of your search results. If you click back and go back to the search results and choose the same result a second time, it comes up correctly. And this aspect of the problem where a second and any subsequent click of the result brings up the correct site is consistent across all the search engines. I have run thorough scans using Spyware Terminator, AdAware, MalWareBytes, and Avast. The malware, adware, and spyware scans caught various relatively minor things, but my system still has the issue. My hosts file is unchanged and there is no Internet Explorer Search Page key in the Registry. Additionally, I am evaluating the Non Plug and Play Devices area from the Device Manager to see if anything there might be amiss. Any help would be greatly appreciated.

RE: Search Engine Redirect Issue

I have a wild shot-in-the-dark guess.  Try this test.  Make a copy of your userint.dll (from the windows\system32 folder) and name it test.dll.  Be very careful that you are making a copy, not moving it or renaming it because doing so will render your system inoperable.  Now scan again with Malwarebytes Antimalware and see if it has any issues with this copied file.

RE: Search Engine Redirect Issue

(OP)
That file does not exist on my system, nor do any of these close matches.... usrint.dll, userinit.dll, usrinit.dll

RE: Search Engine Redirect Issue

3
Download hijack this from the link below.Please do this. Click here:

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html?hhTest=1

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Search Engine Redirect Issue

(OP)
Here is the log file....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:44 PM, on 2/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258650454421
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = heritage.local
O17 - HKLM\Software\..\Telephony: DomainName = heritage.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4827466B-3510-4DE9-93E6-A47FF92C1C54}: NameServer = 192.168.0.150,192.168.0.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = heritage.local
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4917 bytes
 

RE: Search Engine Redirect Issue



For these fixes to work you'll need to disable spyware terminator's real time shields, Avasts and Lavasoft's! After you've run the fixes re-enable them as the shields can block the fixes!


* Click here to download ATF Cleaner by Atribune and save it to your
desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
          o If you use Firefox:
                + Click Firefox at the top and choose: Select All
                + Click the Empty Selected button.
                + NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
          o If you use Opera:
                + Click Opera at the top and choose: Select All
                + Click the Empty Selected button.
                + NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
    * Click Exit on the Main menu to close the program.




NOTE: If you have downloaded ComboFix previously please delete that
version and download it again!


Please visit this webpage for instructions for downloading and running
ComboFix.


http://www.bleepingcomputer.com/combofix/how-to-use-combofix




* Click here for info on how to boot to safe mode if you don't already know
how.


http://support.microsoft.com/kb/315222


* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:



have hijack this fix these entries. close all browsers and programmes before clicking FIX.

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe


Then reboot to normal mode and run  Dr web.



* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is
found,
click the yes button when it asks you if you want to cure it. This is only a
short scan.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
* Back at the main window, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the
files found: IPB Image
* If so, click it and then click the next icon right below and select Move
incurable as you'll see in next image:
IPB Image
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it
can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose
save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will
be moved/deleted during reboot.




Post a new hijack this, the combo log,  the dr web scan log and the  log!


 

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Search Engine Redirect Issue

There are many other threads which say this file is for monitoring a Nvidia graphics card for over clocking so don't remove it!



This file ----->  C:\WINDOWS\system32\winsys2.exe

If you do remove it you can reinstall it from hijack this
backup utility or reinstall the file from cd! However it may be a baddie.

go here and upload it and get it checked out!


C:\WINDOWS\system32\winsys2.exe

http://www.virustotal.com/en/indexf.html


See this thread below.


http://forum-en.msi.com/index.php?topic=107149.msg792532


 

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Search Engine Redirect Issue

My post should have been for userinit.exe (bad typing for the name and bad memory for the extension)

RE: Search Engine Redirect Issue

Your version of Avast is out of date you should update to version five!

http://www.avast.com/free-antivirus-download

you should also get a free firewall, pctools is currently a good free one!

http://www.pctools.com/firewall/


Also download and run these two tools!

Please download
[url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip][color=red]SmitfraudFix[/color][/url]
(by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.



Next, please reboot your computer in Safe Mode by doing the following
:[list]
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, a menu with options should appear;
[*]Select the first option, to run Windows in Safe Mode, then press "Enter".
[*]Choose your usual account.
[/list]Once in Safe Mode, open the SmitfraudFix folder again and
double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter"
to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the
registry?"; answer "Yes" by typing Y and press "Enter" in order to
remove the Desktop background and clean registry keys associated with the
infection.

The tool will now check if wininet.dll is infected. You may be
prompted to replace the infected file (if found); answer "Yes" by typing
Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process;
please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at
C:\rapport.txt




Please download FixWareout from one of these sites:


http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, then make sure
"Run fixit" is checked and click Finish. The fix will begin; follow the
prompts. You will be asked to reboot your computer; please do so. Your
system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will
launch. Close Hijack This, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt,
along with a new Hijack This log.


post the smitfraud and the fixwareout logs!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Search Engine Redirect Issue

(OP)
SMAH:

I do have userinit.exe in windows\system32 and in windows\system32\dllcache.

RE: Search Engine Redirect Issue

(OP)
FixWareout.exe is not loading successfully from either of these sites. The subratam.org doesn't even load at all. The file is not listed on bleepingcomputer's site either.

RE: Search Engine Redirect Issue

ok, run the other fixes and skip that one, post all the requested logs!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Search Engine Redirect Issue

(OP)
I have run the ATF Cleaner with no issues.

I have just run Combo Fix and the log file is below. I will await further instructions before proceeding. The next step would be the Hijack fix of winsys2.exe under safe mode. Please note that I do have an NVideo video adapter. Please advise how you would like me to proceed. Thanks!

ComboFix 10-03-01.04 - Administrator 03/02/2010 10:59:19.1.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2963 [GMT -5:00]
Running from: c:\documents and settings\Administrator.HERITAGE\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100302-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-583907252-1659004503-1177238915-500
c:\windows\system32\MSIMRT.DLL
c:\windows\system32\MSIMRT32.DLL
c:\windows\system32\MSIMUSIC.DLL

.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-02 14:00 . 2010-03-02 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-02-26 23:06 . 2010-02-26 23:06 -------- d-----w- c:\program files\Trend Micro
2010-02-25 23:43 . 2010-02-25 22:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-25 22:54 . 2010-02-25 22:54 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-25 22:54 . 2010-02-25 22:54 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-25 22:54 . 2010-02-25 22:54 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-25 22:54 . 2010-02-25 22:54 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-25 22:54 . 2010-02-25 22:54 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-25 22:54 . 2010-02-25 22:54 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-25 22:54 . 2010-02-25 22:54 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-25 22:53 . 2010-02-25 22:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-25 22:53 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-25 22:53 . 2010-02-25 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-25 22:53 . 2010-02-25 22:53 -------- d-----w- c:\program files\Lavasoft
2010-02-23 22:03 . 2010-02-23 22:03 -------- d-----w- c:\documents and settings\Administrator.HERITAGE\Application Data\Malwarebytes
2010-02-23 22:03 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 22:03 . 2010-02-23 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 22:03 . 2010-02-23 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 22:03 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 20:28 . 2010-02-23 20:43 -------- d-----w- C:\Feb2010
2010-02-22 22:45 . 2010-03-02 14:34 -------- d-----w- c:\documents and settings\Administrator.HERITAGE\Application Data\Spyware Terminator
2010-02-22 22:45 . 2010-02-26 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-22 22:45 . 2010-02-22 22:45 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-02-22 22:45 . 2010-02-22 22:45 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-02-22 22:45 . 2010-02-22 22:45 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-22 22:44 . 2010-03-02 14:34 -------- d-----w- c:\program files\Spyware Terminator
2010-02-22 21:00 . 2010-02-22 21:00 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-22 20:27 . 2010-02-22 20:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-15 22:09 . 2010-02-15 22:09 -------- d-----w- c:\program files\Citrix
2010-02-15 22:09 . 2010-02-15 22:09 60744 ----a-w- c:\documents and settings\Administrator.HERITAGE\g2mdlhlpx.exe
2010-02-12 14:51 . 2007-06-19 17:57 229888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2010-02-10 22:44 . 2010-02-10 22:44 -------- d-----w- c:\program files\Microsoft.NET
2010-02-10 22:43 . 2010-02-10 22:43 -------- d-----w- c:\program files\MSXML 6.0
2010-02-10 22:43 . 2010-02-10 22:45 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-10 22:41 . 2010-02-10 22:45 -------- d-----w- C:\Response
2010-02-10 22:25 . 2009-03-31 17:24 745472 ----a-w- c:\windows\system32\TAPIExCt.dll
2010-02-10 22:25 . 2006-01-07 14:56 143360 ----a-w- c:\windows\system32\SpectrumView.dll
2010-02-10 22:25 . 2010-02-10 22:25 -------- d-----w- c:\program files\Common Files\software fx shared
2010-02-10 22:24 . 2010-02-10 22:24 -------- d-----w- c:\program files\CoLinear
2010-02-10 22:22 . 2010-02-10 22:22 -------- d-----w- C:\response10_demo
2010-02-10 22:22 . 2010-02-10 22:05 107513175 ----a-w- C:\response10_demo.zip
2010-02-01 15:56 . 2006-12-14 15:00 110592 ----a-w- c:\documents and settings\Administrator.HERITAGE\Application Data\U3\temp\cleanup.exe
2010-02-01 15:56 . 2010-02-01 15:56 -------- d-----w- C:\LightPics
2010-02-01 15:55 . 2007-02-12 22:46 3096576 ---ha-w- c:\documents and settings\Administrator.HERITAGE\Application Data\U3\temp\Launchpad Removal.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 20:22 . 2009-12-07 19:03 161 ----a-w- c:\windows\daa.bat
2010-02-10 22:24 . 2009-10-22 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 22:23 . 2009-12-01 20:07 20736 ----a-w- c:\documents and settings\Administrator.HERITAGE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 15:53 . 2010-02-25 22:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-01 15:56 . 2009-12-24 20:48 -------- d-----w- c:\documents and settings\Administrator.HERITAGE\Application Data\U3
2010-01-05 10:00 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-07 20:29 . 2009-12-07 19:09 165 ----a-w- c:\windows\mmm.bat
2009-12-02 20:56 . 2009-10-21 21:05 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-19 149280]
"nwiz"="nwiz.exe" [2009-03-28 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 12:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-04-27 17:08 17881088 ----a-w- c:\windows\RTHDCPL.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/25/2010 5:55 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/19/2009 11:03 AM 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/22/2010 5:45 PM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/19/2009 11:03 AM 20560]
R2 MSSQL$RESPONSE;SQL Server (RESPONSE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 8:29 AM 29178224]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/22/2009 10:49 AM 159400]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/22/2009 10:47 AM 1684736]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 22:54]
.
.
------- Supplementary Scan -------
.
TCP: {4827466B-3510-4DE9-93E6-A47FF92C1C54} = 192.168.0.150,192.168.0.100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 11:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A68F8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f14b3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82578DC Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9e1dbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9e2aa21
SendHandler -> NDIS.sys @ 0xb9e0887b
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-03-02 11:02:39
ComboFix-quarantined-files.txt 2010-03-02 16:02

Pre-Run: 383,995,555,840 bytes free
Post-Run: 383,960,973,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 772DA2979139C3308038DDDF8F3078B0

RE: Search Engine Redirect Issue

(OP)
Bringing you up to date with the status of things.

First, regarding the NVideo adapter, please note that no overclocking is enabled on this machine if that is the sole purpose of winsys32.exe.

Second, I have run ATF Cleaner and Combo Fix at this point. There were no issues as I went through the documented procedures. The Combo Fix log is in the post above.

Third, waiting to hear back from you on the next step, I decided to safe boot the machine in preparation for the Hijack This fix. The unit will not safe boot successfully at this point. It goes throungh the prompts, I select Safe Mode, then I select Windows XP Pro, it begins to load drivers for about 2 or 3 seconds and then retarts the boot process. It appears that the machine does boot properly in normal mode. I rebooted it and let it come to a login prompt, but I did not login as I did not want it to run the boot process through the Registry and possibly affect the work done to this point. I just shut down at the login prompt and again attempted a Safe boot with the same results. Please advise. Thanks!

RE: Search Engine Redirect Issue

If you haven't done so already, backup you data. You can always scan your backup and clean as needed.

I would suggest finding or creating a BART PE bootable disk and while running from BART, do a chkdsk c:/r to isolate the boot problem in safe mode.

I see you have or had a rootkit.  Download MER and use it carefully to remove that problem.

Say what happens next.

Best Regards,
David.

 

RE: Search Engine Redirect Issue

Thanks KJ, that's what I meant.

David.

RE: Search Engine Redirect Issue

just run dr web and smitfraud and post their logs, then run a full sweep with malwarebytes and superantispyware, remember to disable adwatch and spyware terminator as they'll interfere with the fixes!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Search Engine Redirect Issue

(OP)
Well, I can report that the redirect symptoms associated with the malware/virus resident on my machine have been corrected. Dr Web CureIt identified 2 infected instances of atapi.sys and cured them upon reboot. Clearly, this damaged driver is also the reason for the machine's failure to boot successfully in Safe Mode. Safe Mode now functions properly. The DrWeb log is quite long (40,000 lines). Shall I post all of that? Here is the SmitFraudFix log.....

SmitFraudFix v2.424

Scan done at 16:21:31.81, Wed 03/03/2010
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4827466B-3510-4DE9-93E6-A47FF92C1C54}: NameServer=192.168.0.150,192.168.0.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4827466B-3510-4DE9-93E6-A47FF92C1C54}: NameServer=192.168.0.150,192.168.0.100
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4827466B-3510-4DE9-93E6-A47FF92C1C54}: NameServer=192.168.0.150,192.168.0.100


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Please advise next step. Machine seems to be functioning normally. Thanks!

RE: Search Engine Redirect Issue

(OP)
I will also proceed to run MalwareBytes and SuperAntiSpyWare and report back. See above post for current status. Thanks!

RE: Search Engine Redirect Issue

(OP)
MalWareBytes log below. Now proceeding with SuperAntiSpyware.

Malwarebytes' Anti-Malware 1.44
Database version: 3787
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/3/2010 5:20:23 PM
mbam-log-2010-03-03 (17-20-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 327040
Time elapsed: 29 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

RE: Search Engine Redirect Issue

(OP)
SuperAntiSpyware completed with 10 items found, all tracking cookies. Please advise on any remaining procedures. Thanks!

RE: Search Engine Redirect Issue

run dr web and post its log as well and post a hijack this log!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Search Engine Redirect Issue

(OP)
The Dr Web log is 83000K. How do I go about posting that?

RE: Search Engine Redirect Issue

(OP)
Here is the HikackThis log ....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:22 PM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258650454421
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = heritage.local
O17 - HKLM\Software\..\Telephony: DomainName = heritage.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4827466B-3510-4DE9-93E6-A47FF92C1C54}: NameServer = 192.168.0.150,192.168.0.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = heritage.local
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4281 bytes



RE: Search Engine Redirect Issue

just post  he part where it lists viruses that it found, if it didn't find any then your ok!?

Your log looks clean now, is your computer running better now?


Have you a firewall, you really need one if you haven't and windows doesn't block incoming threats!


Your version of Avast is out of date you should update to version five!

http://www.avast.com/free-antivirus-download

you should also get a free firewall, pctools is currently a good free one!

http://www.pctools.com/firewall/





You should now turn off system restore to flush out the bad restore points
and
then re-enable it and make a new clean restore point.


How to turn off system restore

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam


http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405




Here's some free tools to keep you from getting infected in the future.


To stop reinfection get spywareblaster from


http://www.javacoolsoftware.com/downloads.html


get the hosts file from here.Unzip it to a folder!



http://www.mvps.org/winhelp2002/hosts.htm


put it into : or click the mvps bat and it should do it for you!


Windows XP      =      C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K     =     C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME     =     C:\WINDOWS



ie-spyad.Puts over 5000 sites in your restricted zone so you'll be protected

when you visit innocent-looking sites that aren't actually innocent at all.


http://www.spywarewarrior.com/uiuc/resource.htm




Use either Arovax or spyware terminator, you could try both and see
what one you like!


Arovax shield.

http://www.arovaxshield.com/


Spyware Terminator

http://www.spywareterminator.com/dnl/landing.aspx


In spyware terminator, click real time protection and tick the box to use
real time protection and tick all the boxes except file exceptions shield.
If your confident in using its advanced feature, click advanced and tick
the HIPS box.

If you want to install and uninstall programs it is best to
temporarily disable Spyware terminator and then re-enable it after you
have installed or uninstalled a program as it will create a lot of pop ups
asking you do you wish this to happen!

Right click spyware terminator on the bottom right of your status bar and
choose exit.Then tick the box and that is spyware terminator disabled!




I would also suggest switching to Mozilla's firefox browser, it's safer, has
a built in pop up blocker, blocks cookies and adds. Mozilla Thunderbird is
also a good
e-mail client.

http://www.mozilla.org/


Another good and free browser is Opera!

http://www.opera.com/


Read here to see how to tighten your security:

http://forums.techguy.org/t208517.html


A good overall guide for firewalls, anti-virus, and anti-trojans as well as
regular spyware cleaners.

http://www.firewallguide.com/anti-trojan.htm



you can mark your own thread solved through thread tools at the top of
the page.



 

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

RE: Search Engine Redirect Issue

(OP)
Thanks for all your help! I learned a lot which I can take with me when situations arise again.

RE: Search Engine Redirect Issue

Pechenegs,

Nice job, very thorough and patient, and a star.

Regards,
David.

RE: Search Engine Redirect Issue

Here here, lots of excellent info all in one thread!

RE: Search Engine Redirect Issue

(OP)
Last question, I was wanting to know if any or all of these tools, particularly Dr Web, SmitFraud, and Combo Fix, would have any issues being used in a Windows 7 environment? Thanks!

RE: Search Engine Redirect Issue

A quick word about Spyware Terminator

Most new W7 Laptops (in the UK anyway ) now seem to come with W7 64bit OS  pre-installed.
This means that SWT wont run correctly (the real time shield wont run making it effectivly usless).
I dont know how far off of a 64bit compatable release they are, watch this space.
  

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: Search Engine Redirect Issue

most of these tools should be ok, as win 7 can run many tools that xp use, however, you'll only know if you try and run them!

In vista, we had many problems as most tools and also including many anti viruses , ant spyware tools initially weren't compatible with Vista and wouldn't run, like combo, smitfraud etc!!

However, I have just within the last 3 weeks bought and installed win 7 and virtually all my software programs run ok in Win 7, the only one that didn't was Arovax which hasn't been developed or updated since about 2007-8 so it isn't compatible with anything after Xp or Vista?

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close