[maliprog]

Update Malwarebytes and do one more Quick Scan with it. Post log here for me.

[Advertisements]

Malwarebytes results.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/5/2011 5:01:38 PM
mbam-log-2011-06-05 (17-01-38).txt

Scan type: Quick scan
Objects scanned: 130486
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I just tried to do a search with Firebox and still get redirected. Should I Kaspersky?

[lgfr]

Malwarebytes results.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/5/2011 5:01:38 PM
mbam-log-2011-06-05 (17-01-38).txt

Scan type: Quick scan
Objects scanned: 130486
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I just tried to do a search with Firebox and still get redirected. Should I Kaspersky?

[maliprog]

Let's try something different now that we know that redirection is only happening in firefox.

Step 1

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - prefs.js..extensions.enabledItems: {6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}:1.0
  FF - prefs.js..network.proxy.type: 0
  [2011/05/30 09:22:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}
  O2 - BHO: (no name) - {0365219B-29D6-4817-96A3-B1052EF56E69} - File not found
  [2011/05/27 17:58:57 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\288a2a54
  [2011/05/27 17:14:26 | 000,001,265 | ---- | C] () -- C:\WINDOWS\System32\141579823
  [2011/05/27 17:14:11 | 000,000,148 | -HS- | C] () -- C:\WINDOWS\System32\677018883
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Test you firefox now for redirection. If you still get redirected then:

1. click Start then Run... and type firefox -safe-mode then press OK button. Do you get redirected in Firefox Safemode?

2. Does this PC have recovery partition on it? Usually brand name PCs like HP or DELL has it.

Step 4


Please don't forget to include these items in your reply:

• OTL fix log
• Combofix log
• Answers to my questions

It would be helpful if you could post each log in separate post

[lgfr]

OTL fix log

========== OTL ==========
Prefs.js: {6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}:1.0 removed from extensions.enabledItems
Prefs.js: 0 removed from network.proxy.type
C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}\defaults folder moved successfully.
C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}\chrome folder moved successfully.
C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0365219B-29D6-4817-96A3-B1052EF56E69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0365219B-29D6-4817-96A3-B1052EF56E69}\ deleted successfully.
C:\WINDOWS\system32\288a2a54 moved successfully.
C:\WINDOWS\system32\141579823 moved successfully.
C:\WINDOWS\system32\677018883 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Documents and Settings\Linda\My Documents\Downloads\cmd.bat deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_052323


I will have to do the Combofix this evening. I have to go to work now.

Also this is a debranded HP computer and it did not come with an OS or any software/manuals. I had to have Windows installed on it once I got the computer so I'm sure it doesn't have a recovery partition on it.

[lgfr]

I tried 3 times to run ComboFix. I enabled snooze on my CA security. Every time I try to run ComboFix I get a warning that running it will cause damage to my CA security. I don't know how to get ComboFix to run.

[maliprog]

Some antivirus softwares don't like Combofix. Can you please unistall your CA and run Combofix again. We will install it later when we finish with the clean.

[lgfr]

I will try to do that this evening. I first have to contact Brighthouse to see how to install it back on the computer before I remove it.

[maliprog]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.