Solved Firefox redirecting from Google search

I did ComboFix per Bobbye's instructions and the whole log is posted in parts in several separate posts because it was massive.

No, the issue does not occur in IE, only Firefox.
 
Sorry, I now understand what you were communicating.

Here is the correct log from BootKit

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
Boot sector MD5 is: 06994b99c713628d602f2e8a062716cc

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
You didn't post Bootkit Remover log but you don't have to as I don't see anything malicious in your logs and the issue seems to be happening in Firefox only.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
Funny! What were the odds. Just FYI, you are awesome! I'm totally jealous of your knowledge. Here is the Goored log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:19 on 23/06/2012 (Owner)
Firefox version 13.0.1 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [02:34 17/10/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:03 30/05/2012]

C:\Users\Owner\Application Data\Mozilla\Firefox\Profiles\2cp4fjmy.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-
 
That seems to have eliminated the problem! Are you able to explain to me why that worked? I assume you did not find anything objectionable in the various logs?

I truly appreciate your help!
 
Good news :)

Yeah, that was something in Firefox profile.
The rest of your computer is clean.

Good luck and stay safe :)
 
Seriously, Thank you from the bottom of my heart! Your willingness to help people like me is really remarkable! Can I delete the various logs I created that are on my desktop?
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back