Right, I was supposedly had a virus and some crap on my computer. So I removed it all. I rescanned NOD32 this morning and it found nothing. But, ever since that night my google has gone strange.

http://img255.imageshack.us/img255/7329/googleproblemxr7.png

I deleted all cookies, temp files, history using CCLeaner and it still shows it like this. Happens in all browsers; Opera, Firefox, IE. It did go back to normal last night but now back to this.


Anyone got any ideas whatsoever?

Yeah your search engine has been hijacked, it means everytime you search on Google then someone makes money (like referrals).

Like when you use 'http://www.letmegooglethatforyou.com' it uses a Google search identical to yours cause they make money from it.

Basically the Virus let in some Spyware to hijack Google for you, it probably isn't harming you anymore but you can't be too safe, get Spybot Search & Destroy.

http://www.download.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html

oh dear that happened to me like 3 weeks ago, i tried everything and after a week i decided to reformat. they are pesky. use another search engine for now. They are almost impossible to get rid of, ad aware supposedly found the problem but it was as good as useless!

Yeah your search engine has been hijacked, it means everytime you search on Google then someone makes money (like referrals).

Like when you use 'http://www.letmegooglethatforyou.com' it uses a Google search identical to yours cause they make money from it.

Basically the Virus let in some Spyware to hijack Google for you, it probably isn't harming you anymore but you can't be too safe, get Spybot Search & Destroy.

http://www.download.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html

I just installed that program and started scanning, I shall post with the results! :)

You have SEHijack.

I had this before on my old computer, scanned and deleted the adware and had to install a newer web browser.

I had the old IE, So I just installed the new one, which worked.

So yeah, you have AdWare, good luck deleting it!

If you get stuck PM me, because this happened to me.

It found some crap, So i told it to fix the problems. Opened a broswer tried google and it was still there. So i scan it again, and see.

uninstall the browser and re-install it once you run adaware

Download, run and post the log from the txt file.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Download, run and post the log from the txt file.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:21, on 28/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Matthew Garner\AppData\Local\Google\Update\GoogleUpdate.ex e
C:\Users\Matthew Garner\AppData\Roaming\Microsoft\svch?st.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: D - {7BF9F344-72CF-344A-9D1B-3B7D25C37D34} - C:\Windows\SysWow64\xsl27629.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MacDrive7.0.4TimeOutPatch] \TimeOutPatch.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3788] command /c del "C:\Users\Matthew Garner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rapid Antivirus.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3579] cmd /c del "C:\Users\Matthew Garner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rapid Antivirus.lnk"
O4 - HKCU\..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthew Garner\AppData\Local\Google\Update\GoogleUpdate.ex e" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4983] command /c del "C:\Users\Matthew Garner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rapid Antivirus.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4894] cmd /c del "C:\Users\Matthew Garner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rapid Antivirus.lnk"

Its the spoiler.

i got this, i'm currently trying to get rid of this as well... doing what you say.

Some of the O2s look a little dodgy. Mainly the no name one. Other than that it looks fairly fine. You need a reboot as well to sort out the run-once entries.

There's something about proxy's settings which could be a cause. Go to Tools > Internet Options > Connections

Make sure it's like this (Mine):
http://img514.imageshack.us/img514/1043/proxysettingsjh4.png

It's probably more complexed than that but you never know...

I'm going to try re-install firefox.

edit: It's a waste of time.

The only one that isn't affected for now is Internet Explorer 64 bit version.

The only one that isn't affected for now is Internet Explorer 64 bit version.
My Chrome is fine as well, but I do not wish to use Chrome..

I got rid of it :)

I got rid of it :)
can you post how you did this?

~ it will be helpful for users across the board.

can you post how you did this?

~ it will be helpful for users across the board.

Well, The program Jordy recommend to be honest. I kept scanning that about like 6 times, fixing it, scanning again. I also fixed/deleted some of the O2 thing Nick said. Then I restarted my PC. I also used some browser scanner thing which may of got rid of 7 dangerous cookies but i didn't let it finish so that could of failed.


Yes, useless info but thats what i did :P

Edit; Restart your PC and see if its worked. Although I don't know what i did, but that spyware scanner doesn't pick anything up now.

Why did you switch from your Mac, Nick?!?!?

Don't mean to start a PC vs Mac thing, this is a personal question... Matt, you missing OS X yet...? :P:P

Don't mean to start a PC vs Mac thing, this is a personal question... Matt, you missing OS X yet...? :P:P

And if that does happen, I just have to sort you all out!. I'm missing parts of OSX such as the virus crap, the dock and wonderful iChat. Yeah :(. Oh well, when I have the money I shall buy a macbook to run along side. Thanks for asking though :)

And if that does happen, I just have to sort you all out!. I'm missing parts of OSX such as the virus crap, the dock and wonderful iChat. Yeah :(. Oh well, when I have the money I shall buy a macbook to run along side. Thanks for asking though :)

Get one of those dock programs for windows, I used to have one years ago and its pretty good. I think its made by stardock

I really like iChat, but i can't communicate with any of my friends as they don't have Macs. It would be great if you could use the MSN network too.