Hi bogue12:

 

Have you cleared your browser cache and temp files?  You can also try Malwarebytes free version.  Download it, install, update and run a full scan.  You will be able to post the log by using the "add attachments" link below the message window. Save the log to Notepad before attaching as a .txt file.

 

If that doesn't work, it may provide more information about what to do next.

 

http://www.filehippo.com/download_malwarebytes_anti_malware/

 

Thanks for your reply.  I previously installed Malwarebytes and recently did a quickscan, and it found nothing.  I am running a full scan now.  In the mean time, I have attached the log file from hijackthis.

Thanks!

Hi bogue

 

I can tell you this much. You have very old Java and Adobe files running on your computer. Both of those sites update their programs quite often for security reasons.

O4 - HKLM\..\Run: [Nkaqiyixev] rundll32.exe "C:\WINDOWS\utajevoherajo.dll",Startup

 

OK, the Malwarebytes full scan took a while.  Indeed it did find some bad files (located in system restore) which are now removed.  Also, I unchecked utajevoherajo in system start-up, as you suggested.  My symptoms (redirected search links) have been intermittent historicall, and so I am not ready to say everything is OK yet.  I will get back to you in 24 hours or when I see the problem again, which ever comes first.

Thanks!

Run HiJackThis and check (mark) the following:

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [Nkaqiyixev] rundll32.exe "C:\WINDOWS\utajevoherajo.dll",Startup
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

 

Then select "Fix checked " from the main menu.  Restart your system and see if the redirects are still happening.

Some of the recent infections I am seeing on customer computers is that the host file has been modified by the viruses and add re-directors to it. To check it go to C:windows\system32\drivers\etc\host It will ask what you want to open it with, just tell it wordpad or similar. If there is anything below the commented section (the parts with # at the start of the line), delete them. Really it would be safe to delete everything in there most of the time. If your not sure copy and paste what is in there to a reply in this thread.

First, thank you all for your help.  I was about to declare victory, but late today I got another redirect.  It is intermittent, this thing.  Often the redirect is to comparedby<dot>us.  Anyway, before I got the redirect again, I fixed the bad filed from the Malwarebytes scan (as I mentioned before), fixed the HiJackThis files that dbrisendine suggested, and even checked C:windows\system32\drivers\etc\host as omega7441 suggested (nothing there).

 

After reboot, I ran HiJackThis again and this one is back again:

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

 

Killed it again, reboot, and it is back.  (Attached is updated log file.)  So do you think this is the culprit?

 

On a different line of thinking, I saw some other discussion board posts about redirect virus, and I saw some people claim that a complete uninstall and reinstall of Firefox did the trick.  I have not done this.  Let me know if you think that would make sense.

 

Thanks!