Browser redirecting trojan -- Help, please! -- Thanks

[paulmab]

I have a problem. I did all the steps, and there are the logs. Thanks in advance!

 

[tystanwick]

Mainly going by the MBAM log, it looks like a rootkit. Please follow these directions for use of combofix.

Download here:

https://www.techspot.com/downloads/5587-combofix.html
or here:
http://www.forospyware.com/sUBs/ComboFix.exe

When saving combofix to your PC, rename it to 123.com so malware won't disable it. Launch combofix (now titled 123.com), allow it to download and install the Recovery Console if it prompts you. Once the scan starts, DO NOT TOUCH YOUR PC, clicking anywhere while combofix is running is enough to make your system become non-responsive. Be forewarned that combofix will make your desktop dissapear and will also reboot your PC as needed. This is normal.

Once combofix has run, run MBAM again as well as HJT.

Post logs when done please.

 

[paulmab]

Here you go!

Here are the logs.

 

[tystanwick]

Looks like combofix did the trick. Are you still being redirected?

One last thing to do is, make sure you remove one of those anti-virus programs. You don't want to get a BSOD because of it.

I would keep AVG and lose ParetoLogic.

 

[paulmab]

Thanks! The redirecting is fixed.

However, there are some words in webpages that still have a little box pop up when I rollover them. Does that mean anything?

 

[tystanwick]

Nope, those are usually just ads that help cover the costs of running particular web pages.

 

[Drigo]

I dont know how to start a new thread but here are my files and I have the same problem of redirection.

 

[paulmab]

Okay, thank you very much for helping me!

 

[tystanwick]

I dont know how to start a new thread but here are my files and I have the same problem of redirection.

Going by your SAS scan, it would appear that you have a rootkit very similar to the one we just fixed. Please follow the ComboFix directions from my post above.

Once done please post new MBAM, HJT, SAS and ComboFix logs.