Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome Search Redirecting to cse.google.com


  • Please log in to reply
13 replies to this topic

#1 DiscoverySound

DiscoverySound

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 04 September 2015 - 11:11 PM

Hello Forum,

 

I am a newb here and recently had some problems with the computer after letting my brother use it.  I noticed today when I was doing a search that whenever I search either from google.com or the chrome url bar I get redirected to cse.google.com/?cse ect...

 

I have AVG but nothing shows.  I downloaded a recommended program called spyhunter which found 323 errors, but wanted me to pay for the service.  I then downloaded spybot, and malwarebytes which found less than spyhunter (only 240) and proceeded to cleanup.  

 

After the PC restarted, it went into a chkdsk mode then to windows.  But the Chrome still

redirects to cse.google.com for results.  I have never made a custom search.

 

I have Windows 7Ultimate 64bit

 

Please tell me what you need me to do as I know there is more information you will need, but I am afraid to touch the computer right now.  I am on here from a laptop I have for traveling.

 

Someone told me it was sysdate but I dont know what that means.  Is it a redirect virus?  Why would someone make adware or virus for Google?  Please help.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:09:42 PM

Posted 05 September 2015 - 02:35 AM

Hello and welcome to BC,

 

SpyHunter is a rogue software and you should uninstall it. Please read this topic about SpyHunter:  http://www.bleepingcomputer.com/forums/t/550005/spyhunter-vs-malwarebytes-vs-iobit/?p=3491488

 

SpyBot is outdated program, so uninstall it also.

 

------

 

Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

------------

 

Run MBAM again:

 

     §  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

-----------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

-------------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

-------------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 DiscoverySound

DiscoverySound
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 17 September 2015 - 11:33 AM

Hey thank you so much for your help.  I was just able to access my computer again.  I am going to do what you said this evening.  And reply so please dont close this just yet.  I have just been able to access my stuff and want to do a clean sweep before completely reinstalling my OS again,...

 

Thank you so much for your patience.  

 

Be back tonight after work.



#4 CodeSmasha

CodeSmasha

  • Banned
  • 524 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 17 September 2015 - 08:01 PM

By the looks of it shows that it's a custom search engine (CSE) and is not considered as malware, because Google owns it.



#5 NikhilValaboju

NikhilValaboju

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 26 September 2016 - 01:59 AM

Hey there, I've had a similar experience wherein two things happened:
1. The redirecting to cse.google.com.
2.I couldn't access internet.
Then I've opened your forum through another laptop and have run all the applications you stated, in the same order.
Now I can access the internet and I guess the problem is solved, but nevertheless, I'm posting all the text logs just so that you would know something to do about it.
Thank you so much for the suggestion. :)
You're a life saver !
 
-----------------------------------------------------------------------------Rkill text log----------------------------------------------------------------------

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/26/2016 11:09:13 AM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Nikhil Valaboju\Desktop\rkill\rkill-09-26-2016-11-09-18.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
 * fcvsc [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * wfpcapture [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/26/2016 11:14:09 AM
Execution time: 0 hours(s), 4 minute(s), and 56 seconds(s)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
-----------------------------------------------------------------------------Malwarebytes text log-------------------------------------------------------------
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26-09-2016
Scan Time: 11:08
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Nikhil Valaboju
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392907
Time Elapsed: 33 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.SafeGuard.ChrPRST, C:\Program Files\XBox\XBLive.exe, 1672, Delete-on-Reboot, [a9bd8ed3336649eda8a0e70ddc26f20e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\RELTEK, Quarantined, [8fd70f523465a78f69fda0ba8b794fb1], 
PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBOX, Quarantined, [a9bd8ed3336649eda8a0e70ddc26f20e], 
 
Registry Values: 2
PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\RELTEK|channel, instalmsterin20, Quarantined, [8fd70f523465a78f69fda0ba8b794fb1]
PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBOX|ImagePath, C:\Program Files\XBox\XBLive.exe, Quarantined, [a9bd8ed3336649eda8a0e70ddc26f20e]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
CrackTool.Agent, C:\Users\Nikhil Valaboju\Desktop\patch.exe, Quarantined, [91d5da8787128caa0a58e8c0936d3cc4], 
PUP.Optional.BestPriceNinja, C:\Users\Nikhil Valaboju\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [b0b69bc6b7e28babbbea143d0df7946c], 
PUP.Optional.BestPriceNinja, C:\Users\Nikhil Valaboju\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [5a0cd1904d4c2511a302ee63b74d47b9], 
PUP.Optional.SafeGuard.ChrPRST, C:\Program Files\XBox\XBLive.exe, Delete-on-Reboot, [a9bd8ed3336649eda8a0e70ddc26f20e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------AdwCleaner text log------------------------------------------------------------------------
# AdwCleaner v6.020 - Logfile created 26/09/2016 at 11:59:16
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-25.1 [Local]
# Operating System : Windows 10 Pro  (X64)
# Username : Nikhil Valaboju - DESKTOP-OLHO6K9
# Running from : C:\Users\Nikhil Valaboju\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: WindowsSecurity
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\Windows Security
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Windows Security
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Nikhil Valaboju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo.com
[-] [C:\Users\Nikhil Valaboju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aurora-blu-ray-media-player.en.softonic.com
[-] [C:\Users\Nikhil Valaboju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mortal-kombat-x.en.softonic.com
[-] [C:\Users\Nikhil Valaboju\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M52B3C60C-F17E-4925-882E-E70F84479807&SearchSource=55&CUI=&UM=5&UP=SP5FA3835D-16F2-4BE5-94BC-AAD5350838EB&SSPV=
[-] [C:\Users\Nikhil Valaboju\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.mystartsearch.com/?type=hp&ts=1425780467&from=wpc&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX41EA1VWP82VWP82
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [9777 Bytes] - [26/09/2016 10:47:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [1942 Bytes] - [26/09/2016 11:59:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [10545 Bytes] - [26/09/2016 10:44:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [9284 Bytes] - [26/09/2016 10:47:23]
C:\AdwCleaner\AdwCleaner[S2].txt - [2272 Bytes] - [26/09/2016 11:58:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2235 Bytes] ##########
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------JunkRemovalTool Log---------------------------------------------------------------------
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Pro x64
Ran by Nikhil Valaboju on 26-09-2016 at 11:52:06.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\users\Public\Documents\pc faster
 
 
 
~~~ Chrome
 
 
[C:\Users\Nikhil Valaboju\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Nikhil Valaboju\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Nikhil Valaboju\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Nikhil Valaboju\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26-09-2016 at 11:54:49.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 


#6 sbvickycroft

sbvickycroft

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 03 October 2016 - 01:42 PM

rKill and JRT rocks. Thanks a lot bro  :guitar:



#7 wailfayez

wailfayez

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 09 November 2016 - 07:09 PM

Hello Forum,

 

I am a newb here and recently had some problems with the computer after letting my brother use it.  I noticed today when I was doing a search that whenever I search either from google.com or the chrome url bar I get redirected to cse.google.com/?cse ect...

 

I have AVG but nothing shows.  I downloaded a recommended program called spyhunter which found 323 errors, but wanted me to pay for the service.  I then downloaded spybot, and malwarebytes which found less than spyhunter (only 240) and proceeded to cleanup.  

 

After the PC restarted, it went into a chkdsk mode then to windows.  But the Chrome still

redirects to cse.google.com for results.  I have never made a custom search.

 

I have Windows 7Ultimate 64bit

 

Please tell me what you need me to do as I know there is more information you will need, but I am afraid to touch the computer right now.  I am on here from a laptop I have for traveling.

 

Someone told me it was sysdate but I dont know what that means.  Is it a redirect virus?  Why would someone make adware or virus for Google?  Please help.

I had exactly the same problem on windows 8. 

I have turned all chrome settings into default settings, then I used Spybot and scanned the PC and solved all the issues found. on that time nothing of the problem has been solved, but after restart every thing went fine and the search in chrome became normal again.

 

Thanks for every one for help.



#8 flashvishesh

flashvishesh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 November 2016 - 03:48 PM

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/12/2016 02:05:00 AM in x64 mode.
Windows Version: Windows 10 Home Single Language 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\Windows Security\winsecurity.exe (PID: 5972) [AU-HEUR]
 * C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (PID: 1288) [AU-HEUR]
 * C:\Users\Admin\AppData\Roaming\BitTorrent\updates\7.9.9_42607\utorrentie.exe (PID: 7928) [UP-HEUR]
 * C:\Users\Admin\AppData\Roaming\BitTorrent\updates\7.9.9_42607\utorrentie.exe (PID: 4624) [UP-HEUR]
 
4 proccesses terminated!
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Admin\Desktop\rkill\rkill-11-12-2016-02-05-13.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 * AppMgmt [Missing Service]
 * CSC [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]
 
 * agp440 [Missing ImagePath]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com
  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com
 
Program finished at: 11/12/2016 02:06:50 AM
Execution time: 0 hours(s), 1 minute(s), and 50 seconds(s)
 
 
what am i suppose to do after this please someone help me


#9 flashvishesh

flashvishesh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 November 2016 - 04:16 PM

# AdwCleaner v6.030 - Logfile created 12/11/2016 at 02:34:00
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-10.1 [Server]
# Operating System : Windows 10 Home Single Language  (X64)
# Username : Admin - LAPTOP-90G9VRUH
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: WindowsSecurity
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\EA927101-1469904534-11E5-BA4C-507B9D39C4E4
[-] Folder deleted: C:\Users\Admin\AppData\Local\tuto_monetize_120160730
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\SpringFiles
[-] Folder deleted: C:\ProgramData\CloudPrinter
[-] Folder deleted: C:\ProgramData\Logic Handler
[-] Folder deleted: C:\ProgramData\Windows Security
[-] Folder deleted: C:\ProgramData\Holdtams
[#] Folder deleted on reboot: C:\ProgramData\holdtams
[#] Folder deleted on reboot: C:\ProgramData\Application Data\CloudPrinter
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Logic Handler
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Windows Security
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Holdtams
[#] Folder deleted on reboot: C:\ProgramData\Application Data\holdtams
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jogotempo
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
[-] Folder deleted: C:\Program Files (x86)\jogotempo
[-] Folder deleted: C:\Program Files (x86)\Max Driver Updater
[-] Folder deleted: C:\Program Files (x86)\DPower
[-] Folder deleted: C:\Program Files (x86)\host
[#] Folder deleted on reboot: C:\Program Files (x86)\DPower
 
 
***** [ Files ] *****
 
[-] File deleted: C:\WINDOWS\SysWoW64\findit.xml
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Key deleted: HKU\S-1-5-21-1940338173-3842500405-2796285277-1001\Software\MICROSOFT\OTUT
[-] Key deleted: HKU\S-1-5-21-1940338173-3842500405-2796285277-1001\Software\SrpnFiles
[-] Key deleted: HKU\S-1-5-21-1940338173-3842500405-2796285277-1001\Software\Wizzlabs
[-] Key deleted: HKU\S-1-5-21-1940338173-3842500405-2796285277-1001\Software\MICROSOFT\IDSC
[-] Key deleted: HKU\S-1-5-21-1940338173-3842500405-2796285277-1001\Software\Safer Technologies
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\OTUT
[#] Key deleted on reboot: HKCU\Software\SrpnFiles
[#] Key deleted on reboot: HKCU\Software\Wizzlabs
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\IDSC
[#] Key deleted on reboot: HKCU\Software\Safer Technologies
[-] Key deleted: HKLM\SOFTWARE\jogotempo
[-] Key deleted: HKLM\SOFTWARE\MPC
[-] Key deleted: HKLM\SOFTWARE\SrpnFiles
[-] Key deleted: HKLM\SOFTWARE\SkypeUpdateEx
[-] Key deleted: HKLM\SOFTWARE\mtHoldtam
[-] Key deleted: HKLM\SOFTWARE\WIN\win_en_77
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B552B283-6EBC-457E-8187-01682C83F26C}_is1
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\OTUT
[#] Key deleted on reboot: [x64] HKCU\Software\SrpnFiles
[#] Key deleted on reboot: [x64] HKCU\Software\Wizzlabs
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\IDSC
[#] Key deleted on reboot: [x64] HKCU\Software\Safer Technologies
[-] Value deleted: HKU\S-1-5-21-1940338173-3842500405-2796285277-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Caster]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key deleted: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Value deleted: HKCU\Environment [SNF]
[-] Value deleted: HKCU\Environment [SNP]
[#] Key deleted on reboot: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4358 Bytes] - [12/11/2016 02:34:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [4241 Bytes] - [12/11/2016 02:33:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4504 Bytes] ##########


#10 flashvishesh

flashvishesh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 November 2016 - 04:28 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home Single Language x64 
Ran by Admin (Administrator) on 12-11-2016 at  2:49:54.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 7 
 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12-11-2016 at  2:54:51.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
so i have done all the 3 tests please guide me what am i suppose to do now. Thank You


#11 vatsaadiraju2

vatsaadiraju2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 November 2016 - 07:05 PM

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/12/2016 05:26:03 AM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\nutsrv4.exe (PID: 3560) [WD-HEUR]
 * C:\ProgramData\Windows Security\winsecurity.exe (PID: 2216) [AU-HEUR]
 * C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (PID: 4672) [AU-HEUR]
 
3 proccesses terminated!
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * Advanced Explorer Setting Removed:  HideIcons [HKCU]
 
Backup Registry file created at:
 C:\Users\ADIRAJU SRIVATSA\Desktop\rkill\rkill-11-12-2016-05-26-17.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * agp440 [Missing ImagePath]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  0.0.0.1 mssplus.mcafee.com
  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com
 
Program finished at: 11/12/2016 05:28:31 AM
Execution time: 0 hours(s), 2 minute(s), and 27 seconds(s)
 


#12 wailfayez

wailfayez

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 12 November 2016 - 05:18 PM

 

Hello Forum,

 

I am a newb here and recently had some problems with the computer after letting my brother use it.  I noticed today when I was doing a search that whenever I search either from google.com or the chrome url bar I get redirected to cse.google.com/?cse ect...

 

I have AVG but nothing shows.  I downloaded a recommended program called spyhunter which found 323 errors, but wanted me to pay for the service.  I then downloaded spybot, and malwarebytes which found less than spyhunter (only 240) and proceeded to cleanup.  

 

After the PC restarted, it went into a chkdsk mode then to windows.  But the Chrome still

redirects to cse.google.com for results.  I have never made a custom search.

 

I have Windows 7Ultimate 64bit

 

Please tell me what you need me to do as I know there is more information you will need, but I am afraid to touch the computer right now.  I am on here from a laptop I have for traveling.

 

Someone told me it was sysdate but I dont know what that means.  Is it a redirect virus?  Why would someone make adware or virus for Google?  Please help.

I had exactly the same problem on windows 8. 

I have turned all chrome settings into default settings, then I used Spybot and scanned the PC and solved all the issues found. on that time nothing of the problem has been solved, but after restart every thing went fine and the search in chrome became normal again.

 

Thanks for every one for help.

 

After restarting, the problem of redirecting happened again. I searched for simpler way for resolving it. Malwarebytes Anti-Malware resolved the problem easily and permanently. I would really recommend it for this annoying problem.



#13 andri13

andri13

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 16 November 2016 - 12:46 PM

it usefull program...thx u very2 much... i dunno how to thanks but its very2 usefull.

 

# AdwCleaner v6.030 - Logfile created 17/11/2016 at 00:38:12
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-15.1 [Server]
# Operating System : Windows 10 Enterprise  (X64)
# Username : espacio - DESKTOP-EEE2N8F
# Running from : C:\Users\espacio\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: TheScreenSnapshotService
[-] Service deleted: GoogleChromeUpService
[-] Service deleted: WindowsSecurity
[-] Service deleted: WinSAPSvc
[-] Service deleted: Archer
[-] Service deleted: ucdrv
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\espacio\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\espacio\AppData\Roaming\ScreenSnapshotTool
[-] Folder deleted: C:\Users\espacio\AppData\Roaming\ASPackage
[-] Folder deleted: C:\Users\espacio\AppData\Roaming\vnlgp
[-] Folder deleted: C:\Users\espacio\AppData\Roaming\UPUpdata
[-] Folder deleted: C:\Users\espacio\AppData\Roaming\gplyra
[-] Folder deleted: C:\Users\espacio\AppData\Roaming\Kuaizip
[-] Folder deleted: C:\Users\espacio\AppData\Roaming\Softlink
[-] Folder deleted: C:\ProgramData\ToolsUpdatePlatform
[-] Folder deleted: C:\ProgramData\WindowsMsg
[-] Folder deleted: C:\ProgramData\Windows Security
[-] Folder deleted: C:\ProgramData\ChelfNotify
[-] Folder deleted: C:\ProgramData\Thunder Network
[-] Folder deleted: C:\ProgramData\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\thunder network
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ToolsUpdatePlatform
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WindowsMsg
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Windows Security
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ChelfNotify
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Thunder Network
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\thunder network
[-] Folder deleted: C:\Users\Public\Documents\Guid
[-] Folder deleted: C:\Program Files (x86)\ScreenSnapshotTool
[-] Folder deleted: C:\Program Files (x86)\CleanBrowser
[-] Folder deleted: C:\Program Files (x86)\GreatMaker
[-] Folder deleted: C:\Program Files (x86)\mpck
[-] Folder deleted: C:\Program Files (x86)\WinArcher
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\ScreenSnapshotTool
 
 
***** [ Files ] *****
 
[#] File deleted: C:\WINDOWS\SysNative\drivers\KuaiZipDrive2.sys
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\KuaiZipDrive2
[-] Key deleted: HKCU\Software\352ebcf84b17a77c66efefafb59b7ce8
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\Installer
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\osTip
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\MICROSOFT\OTUT
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\UCBrowserPID
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\Maoha
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\osTip
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\OTUT
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\UCBrowserPID
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\Maoha
[-] Key deleted: HKLM\SOFTWARE\UCBrowserPID
[-] Key deleted: HKLM\SOFTWARE\SkypeUpdateEx
[-] Key deleted: HKLM\SOFTWARE\trotuxSoftware
[-] Key deleted: HKLM\SOFTWARE\Maoha
[-] Key deleted: HKLM\SOFTWARE\WinArcher
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\osTip
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\OTUT
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID
[#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\Maoha
[-] Key deleted: [x64] HKLM\SOFTWARE\ScreenSnapshotTool
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{61FFE1F9-137D-4c31-A181-3415FCAA5946}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vnlgp
[-] Key deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[-] Data restored: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\id.hao123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\id.hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\id.hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\id.hao123.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Codec Settings UAC Manager]
[-] Value deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [osmsg]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [vnlgp]
[-] Value deleted: HKU\S-1-5-21-815856777-3922167081-717102202-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gplyra]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gplyra]
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\espacio\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\espacio\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\espacio\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\espacio\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\espacio\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\espacio\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: trotux
[-] [C:\Users\espacio\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Deleted: hxxp://www.trotux.com/?z=5764fb158036bf0a4844ce9g0z4mbt6geb0e3eaect&from=isr&uid=ST2000DM001-1CH164_Z1E9LR00XXXXZ1E9LR00&type=hp
[-] [C:\Users\espacio\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] Deleted: hxxp://www.trotux.com/?z=5764fb158036bf0a4844ce9g0z4mbt6geb0e3eaect&from=isr&uid=ST2000DM001-1CH164_Z1E9LR00XXXXZ1E9LR00&type=hp
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [11763 Bytes] - [17/11/2016 00:38:12]
C:\AdwCleaner\AdwCleaner[S0].txt - [10989 Bytes] - [17/11/2016 00:36:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11911 Bytes] ##########


#14 Autumne

Autumne

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 06 January 2017 - 05:07 AM

Hello and welcome to BC,

 

SpyHunter is a rogue software and you should uninstall it. Please read this topic about SpyHunter:  http://www.bleepingcomputer.com/forums/t/550005/spyhunter-vs-malwarebytes-vs-iobit/?p=3491488

 

SpyBot is outdated program, so uninstall it also.

 

------

 

Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

------------

 

Run MBAM again:

 

     §  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

-----------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

-------------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

-------------

 

Hi there,

 

The Google Chrome browser on my laptop keeps on redirecting to cse.google.com whenever I typed something to search in the omnibox. There were also a handful of websites that I couldn't access properly, which I was able to before the redirecting issue arose. I think it was from .zip and .exe files that I got from a torrent (downloaded a day before the problem arose) that prompted me to install something to my computer, which I managed to halt before anything was installed. I immediately deleted permanently those files too.

 

I'd tried your method a couple of times - I think about 3-4 rounds of all the steps. Yet, it doesn't solve the problem of redirecting - just that I could access the websites that I was unable to access properly when the problem arose, except for Whatsapp Web which I can't access at all (it says to make sure my computer is connected to the Internet, which it is - I could access other sites but not Whatsapp Web).

 

I was about to give up and just use Mozilla Firefox for good until I tried to changed my DNS settings to Google DNS. I restarted my laptop and it worked. No more redirecting from google.com to cse.google.com. I would like to ask for your opinion on why is this so - why doesn't your method work? It clear almost all of the malwares from my laptop yet it doesn't stop the redirecting problem, but a change of the DNS settings did. Please help!

 

Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users