Solved Redirecting problem 8-steps completed

[Broni]

Uninstall Firefox completely, using these steps: http://kb.mozillazine.org/Uninstalling_Firefox
Do NOT miss any step.
Install fresh copy.

 

[scheng07]

Its started redirecting again on google chrome and firefox -.-;;

 

[Broni]

Delete your remover.exe file. Get new one...

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

=================================================================

Also...

Please download SystemScan and save it to your desktop.

• Be aware that the file name will be randomly generated (i.e. sys95769.exe) to deceive malware which may attempt to disabled it.
• If any installed security tools (anti-virus) detects the file as malware or suspicious while downloading or attempting to run, ignore the alert and allow the download.
  
• Double-click on sys*****.exe to start the tool.
• A read before proceeding disclaimer will appear.
• Uncheck <- Unflag the checkbox to disable updates! next to the version number at the top.
• After reading, check the box I have read and agree. Please let me...proceed!, then click the Proceed button.
• When SystemScan opens, click the "Unselect all" button.
• Important: Under "Make your choice and than click...", check the boxes next to:
  • PC accounts
• Everything else should be unchecked.
  
• Click "Scan Now".
• Another warning box will appear. Please follow the instructions and click OK.
• Please be patient while the scan is in progress.
  
• Systemscan will scan your computer and create a folder named Suspectfile on the Desktop to save its report.
• When the scan is complete, Notepad will automatically open a log file named report.txt with the results.
• Copy and paste the contents of report.txt in your next reply.

 

[scheng07]

here is the report log

SystemScan - www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)

Running on: Windows VISTA , Service Pack 2 (6002.6.0)
System directory: C:\Windows
SystemScan file: C:\Users\Sylvia\Desktop\sys43457.exe
Running in: User mode
Date: 7/19/2010
Time: 6:40:50 PM

Output limited to:
-PC accounts

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator (Disabled)
| Guest (Disabled)
Yes | Sylvia
| __vmware_user__

### users folders


### startup files in users folders


==========================================
Scan completed in 0 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work

 

[Broni]

...and Bootkit Remover log?

 

[scheng07]

sorry forgot to attach it.

Here it is:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 0ec6b2481fc707d1e901dc2a875f2826
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Press any key to quit...

 

[Broni]

Your router may be infected.
We need to hard reset it.
Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections

 

[scheng07]

seems to be working

 

[Broni]

Great

Please, redo...

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

 

[scheng07]

done! hopefully everything is solved!
THANK YOU!

 

[Broni]

Cool

Good luck and stay safe