Browser re-directing. 8 steps completed, logs attached

[phil996bp]

Hi, I hope you can help with this problem.

I use Firefox as my browser but the same is happening with IE8. A browser search returns results as normal but when I click on a result I'm usually re-directed to some shopping site. If I return to the results screen and click again it then goes to the correct site.

I've been having this problem for about 2 weeks now and I've tried Ad-Aware, AVG Free, Malwarebytes, Spybot S&D and Kaspersky Online several times and found nothing. However, one of the scans using Malwarebytes on 21st January reported this:

"C:\WINDOWS\system32\spool\prtprocs\w32x86\000020ef.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.".

Could this be the cause of the problem?

The SuperAntiSpyware seems to have found 7 cookies on the other user account on this PC (listed in the log) but that is all.

I've worked through the 8 steps listed elsewhere in the forum and have attached the results logs.

Please excuse any delays as I'm only able to reply during the daytime.

 

[Tmagic650]

Run Combofix:
Combofix Information

 

[phil996bp]

Hi,

Ran ComboFix and log attached.
Since my first post I'd downloaded and installed Avira Antivir in addition to AVG Free (just to try it out). I disabled them both as instructed by ComboFix. Combofix then rebooted the PC early on to fix a rootkit problem and I think Avira reactivated itself as it then popped up with a couple of infections:

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\Phil\Desktop\DivorceandConsent_Managed.exe.
Action performed: Deny access

and

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'C:\ComboFix\ClsidFiles.
Action performed: Move file to quarantine

I don't know if I've messed up here but there was no way I could disable it again as there were no icons showing.

 

[phil996bp]

Hi again,

To follow up my last post, I've just tried Firefox and so far there have been no re-directs or preventative warnings from Firefox of re-directs and it's also speeded up considerably.

 

[phil996bp]

Back again,

Ran Avira a couple of times and the first time it caught this:

The file 'C:\System Volume Information\_restore{46D595F7-832F-47AC-B8F1-EF09EA4D564C}\RP1\A0000124.exe'
contained a virus or unwanted program 'TR/Dropper.Gen' [trojan]
Action(s) taken:
The file was moved to '4ae479d3.qua'!

and this:

The file 'C:\System Volume Information\_restore{46D595F7-832F-47AC-B8F1-EF09EA4D564C}\RP1\A0000060.sys'
contained a virus or unwanted program 'TR/Patched.Gen' [trojan]
Action(s) taken:
The file was moved to '4b916b2a.qua'!

The second scan found nothing.

 

[Tmagic650]

Delete the temp files:
Temp-File-Cleaner

Turn off system restore, turn it back on and create a new clean restore point

 

[phil996bp]

OK.

Downloaded and ran Temp-File-Cleaner.

There was no System Restore tab showing in the System Properties box for some reason so I rebooted the computer and it reappeared. Turned it off, turned it back on again and created a new restore point.

 

[fluffykitten]

so how is this 8 step program working for you Phil, any progress or still pulling your hair out.

 

[phil996bp]

so how is this 8 step program working for you Phil, any progress or still pulling your hair out.

I have to be careful doing that these days as it's getting a bit thin!

It seems to have worked brilliantly so far. Tmagic650's instructions with Combofix seemed to do the trick, no more re-directions and the speed was back. The next program cleaned out about 1.5GB of temp files. Don't know if there's any more to do yet.