find-quick-results.com virus (OTS added)

I need help ridding my computer of the find-qucik-results.com.

I have scanned with avast (reg. & safe mode) / avg / mcafee / malwarebytes (reg. & safe mode) without results.

I am running Win7 64 on a Compaq laptop. Every search redirects to find-quick-results.com and then onto a site they want.

I have also used Combofix, but nothing finds it. Any help would be greatly appreciated.

Follow the guide here > http://forum.avast.com/index.php?topic=53253.0 and Post the OTS LOG!.
Regards

Also download aswMBR from here http://public.avast.com/~gmerek/aswMBR.htm
Download,open it,press scan and post the log.I’m smelling TDL3 ;D

I have scanned with avast (reg. & safe mode) / avg / mcafee / malwarebytes (reg. & safe mode) without results.
I hope you have uninstalled AVG and McAfee again ?.....since installing multiple AV is not smart

You may try this, it removes some redirects

Kaspersky TDSS Killer http://support.kaspersky.com/faq/?qid=208283363

and as suggested also post the OTS log

I made the OTS, but cannot post the .txt file. Should I just paste in the readout or is there a trick to posting it. I don’t want to post it in several parts, unless that is the way to do it.

I did install and uninstall the anti-virus seperately.

The TDSS killer did not find any problems.

Thanks

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-26 08:26:40

08:26:40.440 OS Version: Windows x64 6.1.7601 Service Pack 1
08:26:40.440 Number of processors: 1 586 0x170A
08:26:40.456 ComputerName: COMPAQLAPTOP-PC UserName: CompaqLaptop
08:26:42.094 Initialize success
08:26:53.310 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
08:26:53.310 Disk 0 Vendor: WDC_WD2500BEVT-00A23T0 01.01A01 Size: 238475MB BusType: 11
08:26:55.385 Disk 0 MBR read successfully
08:26:55.385 Disk 0 MBR scan
08:26:55.385 Disk 0 unknown MBR code
08:26:55.385 Service scanning
08:26:57.163 Disk 0 trace - called modules:
08:26:57.179 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:26:57.179 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80027144a0]
08:26:57.179 3 CLASSPNP.SYS[fffff8800100143f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800226d060]
08:26:57.194 Scan finished successfully
08:27:13.060 Disk 0 MBR has been saved successfully to “C:\Users\CompaqLaptop\Desktop\MBR.dat”
08:27:13.060 The log file has been saved successfully to “C:\Users\CompaqLaptop\Desktop\aswMBR.txt”

Reply>Additional options>Attach the OTS LOG.
Regards

OTS was too big to put in one post… Here is part 1

Part 2

Could you post the combofix log please

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1802090846-2700351995-3878732579-1000\] > -> HKEY_USERS\S-1-5-21-1802090846-2700351995-3878732579-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[File - Lop Check]
NY ->  SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

OTS fix results:

ComboFix log was too large…
Coming in a couple messages.

ComboFix 2

ComboFix3

ComboFix4

My searches are hijacked by find-quick-results.com and redirect me to whatever site they want. I get popup tabs of B/S and sometimes IE hangs up. I have run everything I can think of, but cannot fix it. Any help will be appreciated.

What problems are you experiencing now ?

My searches are hijacked by find-quick-results.com and redirect me to whatever site they want. I get popup tabs of B/S and sometimes IE hangs up. I have run everything I can think of, but cannot fix it. Any help will be appreciated.

OK lets do an AV analysis

Download AVP Tool

First we will run a virus scan

On the first tab select all elements down to and including Computer and then select start scan
Once it has finished select report and post that.

http://i1224.photobucket.com/albums/ee362/Essexboy3/avpfront-1.jpg

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then upload to the zip file to Mediafire and post the sharing link.
The file is located at C:\Users[i]your name[/i]\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

http://i1224.photobucket.com/albums/ee362/Essexboy3/avpmanual.jpg

http://www.mediafire.com/?hnf99a5r6q1s1eq

Do you use a router and do any other computers that use it suffer the same problem ?

First of all, I know this is my first post and dont intend to offend anyone, but help them as i was i desperate need of help. I was infected with this same virus that would also hijack my browser and redirect me to find-quick-results.com 90% of the time that i would get redirected (and the other 10% to random sites like yellowpages.com and some scammy fake av site.)

I got infected while running Norton internet security (everything that i run is on MAX settings).

Full scan found nothing. Then I tried avast!. Full scan found no results. Then I one after another I tried Kaspersky, F-secure, and even panda cloud. nothing could remove/detect this malware as persistent as it was. I ran superantispyware which found a few trojans but didnt cure this infection.

By the time I was at wits end, I gave Comodo antivirus a try. It ran full scan of my computer and foud 3 infections (2 of which were false positives :P), but the other was the infection. It was named something similar to kjwfg.exe (random string of numbers), and it was in my firefox folder. After allowing comodo to clean the infection, my system is malware free.

Sidenote: Prevx cloud also detected this malware, but would not remove without buying the full version. It may also come up as “105.tmp”. I also ran aswmbr, and GMER.