wilkelldad

Hi Elise, You thought I was gone. I think we've got it. I reset the router, changed the passwords, reran some of the scans and fixes we did earlier, and have been searching all afternoon. Not one re-direct. Thanks you for your help gaining control of my cyberworld! Sincerely, David Watch for donation, on my way (Would have gone anyway).

Happy Saturday Elise, I am still being redirected. I thought I'd ask, since at one point we turned off the Spybot teatimer and rescanned...do you think that there is anything else we did along the way may have been hindered by that program? If you don't think that anything dangerous is going on, and really it's just an inconvenience, I may just wait until I have the time to sit down and reformat the hard drive to factory condition. I do appreciate the time you've spent helping me.

Right click menu on only has RUN (not "as administrator") I am running it now.

This time I did the same search in all three browsers, clicked the same three links in each.

:) First search out of the box in FF and IE. Chrome remains unaffected (seemingly).

Ran it and didn't paste log, reran. Here are the logs: All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: David ->Temp folder emptied: 4886 bytes ->Temporary Internet Files folder emptied: 47861 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 4079026 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.9.0 log created on 07182010_120744 Files\Folders moved on Reboot... Registry entries deleted on Reboot... I'll let you know how it performs. Thanks Elise! David

Good morning Elise, It's back. After a night of un-redirected searchs, when clicking on the result of the first search I did this morning, in FF, the page half loaded then hung-up. I hit f5 for a reload and the redirects started. Nothing, yet, in IE. The initial redirect was going to a site that McAfee warned was malicious, thereafter to other search engines. Thoughts?

I am cautiously optimistic At least 50 search in each, IE and FF, with NO REDIRECTS. I'll kick it around over the next day or so before rejoicing. I may have just hit the "on" switch. You're a trooper to keep working with me. I'll let you know. Thanks David

as an FYI...the sdhelper and teatimer boxes were already unchecked when I went there. If this is hiding things I can uninstall the whole program if it helps. Let me know. The result of the OTL scan All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: David ->Temp folder emptied: 5462289 bytes ->Temporary Internet Files folder emptied: 30828605 bytes ->Java cache emptied: 52521834 bytes ->FireFox cache emptied: 36816511 bytes ->Google Chrome cache emptied: 12512444 bytes ->Flash cache emptied: 42114 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41044 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 65787 bytes ->Flash cache emptied: 567 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1510 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 2554944 bytes Total Files Cleaned = 134.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.9.0 log created on 07172010_133059 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF1E79.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF1FCE.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF2687.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF29F0.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF364E.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF3EBE.tmp not found! C:\Documents and Settings\David\Local Settings\Temp\~DF3F2B.tmp moved successfully. C:\Documents and Settings\David\Local Settings\Temp\~DF83CA.tmp moved successfully. Registry entries deleted on Reboot... AGAIN, THANKS FOR YOUR HELP

Just finished this and rebooted. Searched and was redirected. I was able to capture the redirects in screen shots, I don't know if these would help. Thanks for sticking with me.

With the exception of yesterday's (Thursday) redirect, they all occurred at home. Even so, I reset my router and changed the network key and password to the dashboard. redirect. The un-nerving things is, I guess, there is something stealth in here and I suppose I can only hope it's just a pest. I appreciate your help to this point, but I've got to decide whether it's not just time to cry uncle.

The redirects yesterday were while I was in the hotel, on the public network. I never thought about the router. While there have been unexplained delays, almost like an overworked computer, on all of the other computers on my home network. None of the other computers are being redirected. Should I replace the router, then just plan on restoring the computer to factory condition?

Finished the ESET scan. Nothing found. OK....REALLY dumb question here (actually, dumb guy asking question) I have a log file from when all of this began, before I contacted you where MBAM found something. MBAM quarantined and deleted it. I didn't even think of mentioning it, since everything had been cleaned, until I was watching the ESET scan window with 0 infections found. Would this log help? I'll paste it below. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4191 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/12/2010 12:57:56 PM mbam-log-2010-06-12 (12-57-56).txt Scan type: Quick scan Objects scanned: 133504 Time elapsed: 19 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

There are some scanning options here... Remove threats I assume? How about scan archives?

The windows scan is finished, but no log or anything. Is that right?