Well much of this is low level stuff like mywebsearch, but it should be gotten rid of and a couple of more serious ones.
Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.
I ran MBAM , it says there is no viruses. I remember doing what you directed before, however I still have viruses. When I use search engine it redirects to bogus website such as juggle.com
Seems like I have wasted alot of time trying to use malware programs scans when if I only knew about the system restore turning on / off step listed at the link, I could have resolved this much sooner. I realize I am old school regarding computers, I was trained on Lotus 123, basic, etc, so I am sure some people would have already known this. When people mentioned restore before the only thing I thought of was restoring to a point and time. Anyway, hopefully it is now resolved and if anyone else is being redirected when they are searching here is the fix for windows xp.
(Windows XP)
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
You really should have asked here before paying for adaware as personally I wouldn’t give it hard disk space even for free. Looking at the log it looks like a slightly enhanced HiJackThis log and that is free, which really doesn’t do much at all and many malware items can hide from that.
The scanners that we have mentioned before are al IMHO better than AdAware Pro and they have free versions.
I honestly don’t know why you mentioned the clearing of system restore as those are inert and only a danger if you actually used system restore and restored something which was infected and none of your previous scans reported this ?
It is a general practice to disable system restore before cleaning malware, as its removal may end up being saved as an infected restore point, but it isn’t an absolute requirement.
Not to mention the software recommendations are being made in a topic that is four and a half years old, so they really aren’t current; 4 years ago adaware and spybot S&D were good but adaware hasn’t kept pace, currently MBAM and SAS are the top two.
Going over your topic again I can’t see if you ever downloaded and ran SAS as that has a new updated TDSS (a.k.a. Alureon) rootkit removal routine so I would try that as the rootkit could be hiding the redirect routine.
There is also:
GOOGLE.GOORED - Firefox popping up ads and or google search redirects.
Please download GooredFix and save it to your Desktop. - Double-click Goored.exe to run it.
If you don’t click the link you should be okay. But I would block any further contacts from that name until they fix the problem on their computer. If you do have the virus make sure you turn off System Restore before you scan as this will delete any reboot hacktool that may be lingering in the restore volume. once you have removed all traces of the worm turn sys. rest. back on and create a new restore point immediately.
There are other posts that should be sufficient in telling you how to remove.
Good luck.
Well it can’t determine what version of firefox you are using ?
So I don’t know if the remainder of the info in the log is going to be accurate.
Check out that topic I gave the link for as with all the tools used to try and find this it is almost certainly hidden by rootkit or requires more powerful tools to dig into the system that I’m not familiar with.
I don’t see anything in the log that indicates that it found anything suspect, normally it would state it had and the actions taken (removal) and any actions required (reboot), etc.
So I don’t know if you have rebooted after doing any of the other scans, namely the SAS one that did remove some suspect registry keys mywebsearch stuff as that could possibly have been the result.
Now I think it is a watching brief, monitoring to see if it returns.
In the meantime I suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.