Hello Broni

Here the logs

You don't even know how much I wish to ship this entire box of hardware to your place for fix.

I just read on the net, so I wished to share - sometimes, instead of searchinvented.com ....., the name of the redirected site on the upper bar is

ad.yieldmanager.com

or

cookex.amp.com.

There are many posts on the net, someone talking about change of hosts files?
I don't know maybe a try?

Did you willingly install Sentinel Keys by Safenet Inc?

================================================== ==============

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
  O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
  O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
  O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
  O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
  O18 - Protocol\Handler\ipp - No CLSID value found
  O18 - Protocol\Handler\msdaipp - No CLSID value found
  O33 - MountPoints2\{946ec38e-0d3c-11dd-be22-001a4d2f70fb}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe -- File not found
  O33 - MountPoints2\{946ec38e-0d3c-11dd-be22-001a4d2f70fb}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe -- File not found
  O34 - HKLM BootExecute: (autocheck) -  File not found
  [2009/10/06 12:02:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kiril.ADMIN1\Desktop\VIRUS REMOVAL
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hello Broni,

Not willing Sentinel Keys at all. By the way, today the problem is still here, but works the follow way:
Open google.com - everything fine. As soon as I type any letter in the search box - immediate redirect to ad.yieldmanager.com stupid sites

(By the way, you made me delete folder virus removal from desktop - it is where I kept logs and all programs you made me download - only them. When I rebooted, OTL.exe was deleted, and showed me error on startup. I hope this has not been a problem for removal of parts inserted in the code)

quick scan log attached

Sorry for deleting that folder

Open Windows Explorer.
Navigate to:
C:\WINDOWS\System32\drivers\etc
You'll see hosts file there (no extension)
Open it in Notepad and add following lines after last existing line:

127.0.0.1 ad.yieldmanager.com
127.0.0.1 yieldmanager.com
127.0.0.1 spywareremove.com

Make sure, there a "space" after 127.0.0.1.
Restart computer.

How is redirection now?

YOU ARE THE MAAAAN!


it's 2 hours I have been surfing with no redirect at all!!!!

But what the hell is this?

I'm glad, it worked and I must admit, I'm not sure, what the issue here is.
Maybe, some browser add-on....

Let's run final cleaning steps and see, how it goes....


Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

7. Download, and install WOT (Web OF Trust): Internet Security | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

10. Please, let me know, how is your computer doing.

Hello Broni!

Thank you for support. I was off for 4 days and now I am getting back to my pc.

Everythig runs ok, apart from the fact that I cannot connect to lan printers any more. I believe however that it may be a problem with zonealarm blocking. I will delete it and see, not much to bother about.

Also downloaded web of trust and installed.

Than kyou again, I will post new threads in case of malfunctions!