Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

google redirects


  • This topic is locked This topic is locked

#31
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Update Malwarebytes and do one more Quick Scan with it. Post log here for me.
  • 0

Advertisements


#32
lgfr

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Malwarebytes results.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/5/2011 5:01:38 PM
mbam-log-2011-06-05 (17-01-38).txt

Scan type: Quick scan
Objects scanned: 130486
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I just tried to do a search with Firebox and still get redirected. Should I Kaspersky?
  • 0

#33
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try something different now that we know that redirection is only happening in firefox.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..extensions.enabledItems: {6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}:1.0
    FF - prefs.js..network.proxy.type: 0
    [2011/05/30 09:22:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}
    O2 - BHO: (no name) - {0365219B-29D6-4817-96A3-B1052EF56E69} - File not found
    [2011/05/27 17:58:57 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\288a2a54
    [2011/05/27 17:14:26 | 000,001,265 | ---- | C] () -- C:\WINDOWS\System32\141579823
    [2011/05/27 17:14:11 | 000,000,148 | -HS- | C] () -- C:\WINDOWS\System32\677018883

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Test you firefox now for redirection. If you still get redirected then:

1. click Start then Run... and type firefox -safe-mode then press OK button. Do you get redirected in Firefox Safemode?

2. Does this PC have recovery partition on it? Usually brand name PCs like HP or DELL has it.

Step 4


Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • Answers to my questions
It would be helpful if you could post each log in separate post
  • 0

#34
lgfr

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL fix log

========== OTL ==========
Prefs.js: {6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}:1.0 removed from extensions.enabledItems
Prefs.js: 0 removed from network.proxy.type
C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}\defaults folder moved successfully.
C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}\chrome folder moved successfully.
C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0365219B-29D6-4817-96A3-B1052EF56E69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0365219B-29D6-4817-96A3-B1052EF56E69}\ deleted successfully.
C:\WINDOWS\system32\288a2a54 moved successfully.
C:\WINDOWS\system32\141579823 moved successfully.
C:\WINDOWS\system32\677018883 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Documents and Settings\Linda\My Documents\Downloads\cmd.bat deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_052323


I will have to do the Combofix this evening. I have to go to work now.

Also this is a debranded HP computer and it did not come with an OS or any software/manuals. I had to have Windows installed on it once I got the computer so I'm sure it doesn't have a recovery partition on it.
  • 0

#35
lgfr

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I tried 3 times to run ComboFix. I enabled snooze on my CA security. Every time I try to run ComboFix I get a warning that running it will cause damage to my CA security. I don't know how to get ComboFix to run.
  • 0

#36
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Some antivirus softwares don't like Combofix. Can you please unistall your CA and run Combofix again. We will install it later when we finish with the clean.
  • 0

#37
lgfr

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I will try to do that this evening. I first have to contact Brighthouse to see how to install it back on the computer before I remove it.
  • 0

#38
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP