Search engine problems

Whenever I click on a search result in Google I end up with advertisements, other search pages, etc. MS Antispyware detected trojan.downloader and PWS-Pinch Password stealer, which it removed before they regenerated the next time I ran the antispyware. I've also used CCleaner and Ad-Aware SE, which come up clean, as have various virus scans. The inability to use Google continues, though.

Any help would be much appreciated. I have attached the HJT log.

Thanks in advance.

 

Scan with HijackThis and fix the following:

Boot to Safe Mode.

Using the Search function in the Start Menu serach for dmcak.* DELETE every occurance.

Reboot to Normal Mode and post a fresh HijackThis log.

 

Thanks for the reply.

The IP address does not belong to my ISP and I fixed it.

I ran the HJT scan, but no result turned up for
O4 - HKLM\..\Run: [dmcak.exe] C:\WINDOWS\System32\dmcak.exe

Searching in safe mode for dmcak.* did not throw up any results either.

I have attached the latest HJT log. However, I noticed that this time around there is

O4 - HKLM\..\Run: [dmwif.exe] C:\WINDOWS\System32\dmwif.exe

Should I do the same for this? Thanks

 

What you are seeing here is the trojan mutate.

Please make sure System Restore is OFF.

Please make sure you have done the following:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Follow the insructions in this thread:
Running Ewido Security Suite

Post the Ewido log when finished.

 

Thanks, Shadow. Attached is the ewido log.

 

That found and removed some more of the Trojan.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

I downloaded and ran WinPFind. After a couple of minutes, it showed the message 'Invalid data type for system'...and seemed to stop the check after that (i let it run on for quite a while). I've attached the scan results as far as it progressed...hope it helps. Thanks,

 

Open Windows Explorer, navigate C:\WINDOWS\SYSTEM32 to and delete this file SetupCarnival.exe.

Post a Fresh HijackThis log.

 

Thanks, Shadow. I have removed the file. Here is the latest HJT log.

 

Your log is clean. How is your system running?

 

Its working great! No more redirections to other search pages, pop-ups...nothing. Thank you so much for helping me fix this.