TechSpot

Please help, Google gets redirected

By BoBBy99
Oct 24, 2009
  1. I hope someone can please help me. I'm being held prisoner by my computer. I can't do searches I have to reboot my computer every 30 to 40 minutes.
    Symptoms:
    1. Links on Google get redirected.
    2. Firefox locks up after 30 to 40 minutes of use.
    3. I have to reboot to get firefox to work again, task manager will not end it's process.
    System:
    1. Windows Vista
    2. AVG anti-virus
    3. Firefox
    4.Zone Alarm
    I have done the 8 steps that the other post says to do.
    Thanks ahead of time,
    Rob
     

    Attached Files:

  2. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    Is there anything in addition that I should do? Thanks n/m

    ....n/m....
     
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  4. kritius

    kritius TS Guru Posts: 2,084

    64 bit machine, ComboFix will not work
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks kritius :eek:
     
  6. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    Yes I still have the problem...

    Yes I still have the problem and I found a new one I think...I can not rename or name folders in the folder that I set up for my uitillties.
    Thanks,
    Bob
     
  7. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    What next?

    Does the fact that I am 64 bit mean that it is going to be harder for me to get rid of my problem?
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Its true there are a few tools that can't be run on 64bit, even HJT has issues (but still runs at least)

    So how did what I mentioned to do go?
    Do you have an Avira log or anything?
     
  9. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    HJT-When I started it, it said that it neeeded to update, so I let it, now it says that it is an incompatible OS.

    I removed AVG and installed Avira antivir, it will not update.

    thanks,
    Bob
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You can download the Avira manual update from here: http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip
    Then open free Avira Antivirus, select "Update" and point it to the manual update zip file

    Note: If the manual update file cannot be downloaded on your infected computer, then use another computer to download it, then transfer the update file via CD or Flash drive, to the infected computer

    Run a full updated Avira Antivirus scan and provide the log
     
  11. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    Log from Avira

    I got Avira to update and did a scan...here is the log

    Thanks,
    Bob
     

    Attached Files:

  12. kritius

    kritius TS Guru Posts: 2,084

    Download OTS to your Desktop
    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program.
    • Check the box that says Scan All Users
    • Under Additional Scans check the following:
      • File - Lop Check
      • File - Purity Scan
      • Evnt - EventViewer Errors/Warnings (last 10)
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Please attach the log in your next post.
     
  13. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    Here is the OTS log. Thanks for any help that you can give me.

    one more try at uploading log...Was too large to upload so I will cut and paste...Too big to do that...will try to cut in two...
     
  14. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    After the scans...

    After the scans I am still getting redirected...What is the next step that I can do?
    Oh and now sometimes when I get redirected, I can not back up to Google.

    Thanks,
    Rob
     
  15. kritius

    kritius TS Guru Posts: 2,084

    Sorry I was unavailable all weekend due to family commitments, I am looking over them now and will get back to you.
     
  16. kritius

    kritius TS Guru Posts: 2,084

    Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

    I will review the information when it comes back in.



    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in

      %SYSTEMDRIVE%\eventlog.dll /s /md5
      %SYSTEMDRIVE%\logevent.dll /s /md5
      %SYSTEMDRIVE%\atapi.sys /s /md5


    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  17. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    Here is the OTS after the fix log

    OTS after the fix log...
     
  18. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    Here are the OTL logs..

    Here is the OTL.txt and Extras logs...
    Thanks,
    Bob
     
  19. kritius

    kritius TS Guru Posts: 2,084

    Are you still being re directed?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKCU..\Run: [MediaDevMgrClass] File not found
      O33 - MountPoints2\{6978071c-de04-11dd-8164-0021706b8877}\Shell - "" = AutoRun
      O33 - MountPoints2\{6978071c-de04-11dd-8164-0021706b8877}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{710ec562-dd31-11dd-b27d-0021706b8877}\Shell - "" = AutoRun
      O33 - MountPoints2\{710ec562-dd31-11dd-b27d-0021706b8877}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{710ec56a-dd31-11dd-b27d-0021706b8877}\Shell - "" = AutoRun
      O33 - MountPoints2\{710ec56a-dd31-11dd-b27d-0021706b8877}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{710ec572-dd31-11dd-b27d-0021706b8877}\Shell - "" = AutoRun
      O33 - MountPoints2\{710ec572-dd31-11dd-b27d-0021706b8877}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 10:45:40 | 01,336,632 | R--- | M] ()
      O33 - MountPoints2\{7eb8f142-ec93-11dd-bd60-0021706b8877}\Shell - "" = AutoRun
      O33 - MountPoints2\{7eb8f142-ec93-11dd-bd60-0021706b8877}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 10:45:40 | 01,336,632 | R--- | M] ()
      O33 - MountPoints2\{dcc3c611-2205-11de-ba6b-0021706b8877}\Shell\AutoRun\command - "" = K:\Launch.exe -- File not found
      O33 - MountPoints2\{e793b624-e8e9-11dd-825d-0021706b8877}\Shell - "" = AutoRun
      O33 - MountPoints2\{e793b624-e8e9-11dd-825d-0021706b8877}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 10:45:40 | 01,336,632 | R--- | M] ()
      O33 - MountPoints2\{f825696f-fe9e-11dd-8f8f-0021706b8877}\Shell - "" = AutoRun
      O33 - MountPoints2\{f825696f-fe9e-11dd-8f8f-0021706b8877}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 10:45:40 | 01,336,632 | R--- | M] ()
      O33 - MountPoints2\J\Shell - "" = AutoRun
      O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{7685578C-256D-4957-BEE7-F6D8AC58F48D}" =-
      "TCP Query User{8A9AD4A2-57B9-434D-9312-4422398A7286}C:\uitillties\internet utillies\utorrent\utorrent-1.8.3-beta-14984.upx.exe" =-
      "UDP Query User{47106EFF-81F3-40BB-97FB-5BD6F7E0E317}C:\uitillties\internet utillies\utorrent\utorrent-1.8.3-beta-14984.upx.exe" =-
      "UDP Query User{56277069-360E-4977-881D-2F1861E7BAE8}C:\uitillties\internet utillies\utorrent\utorrent-1.8.3-beta-14984.upx.exe" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  20. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    New log...

    I was still being redirected earlier today but I just went to Google and clicked on about 10 links and did not get redirected

    In this Iog I noticed than it was looking at the last 14 days...I have had this problem longer then 14 days.

    Thanks,
    Bob
     
  21. kritius

    kritius TS Guru Posts: 2,084

    That log is looking better.

    Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.

    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
    3. Click Run at the Security prompt.

    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take quite a long time to download.
    • Once the update is complete, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • [*]Spyware, adware, dialers, and other riskware
        [*]Archives
        [*]E-mail databases
    • Click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View report... at the bottom.
    • Click the Save report... button.
    • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
     
  22. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    Here is thelog from the scan...

    Here is the log from the scan

    Thanks,
    Bob
     
  23. kritius

    kritius TS Guru Posts: 2,084

    Good.

    How is the computer running now?

    Has there been any more re directs?
     
  24. BoBBy99

    BoBBy99 TS Rookie Topic Starter

    Currently going on...

    I seem to not be getting redirected anymore, could it finally be gone? If it is, what got it, I did not see anything in the logs. Could it had just gone into hiding?
    Side Note: Could you tell me about the host file when it comes to browsing the internet.

    Thanks,
    Bob
     
  25. kritius

    kritius TS Guru Posts: 2,084

    You can add sites to your hosts file like this,

    127.0.0.1 hxxp://www.badsitenumber1.com

    which would mean that if something tried redirect your browser to that site then it would be redirected back to 127.0.0.1 which is your home computer.

    I reset your Hosts file to the default one which seems to have worked. Now you should add a custom one.

    MVPS Hosts file
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...