Can't Get Rid of Browser Hijacker

Welcome to MGs!

Can you please remember to attach a HijackThis logs from normal boot mode. Safe mode logs do not always reveal everything we may need to see. Do not get a new one yet. Wait until completing the other steps below.

Did you purchase AdwareAlert? At one time it was on the rogue tool list.

Did you have Ewido installed at one time and is it now uninstalled?

You have a Look 2 Me infection. Please run the steps in the below and attach the Spy Sweeper log as requested.

Running Spy Sweeper

Make sure you reboot after running Spy Sweeper. Then continue to the below.

Now attach a new HJT log from normal boot mode.

 

Okay! But my question was did you purchase Adware Alert. It used to be on the rogue antispyware list and was removed from the list awhile ago. But it is not on our list of tools we would recommend using. If you did not buy it, I would uninstall it.

It would be best to shutdown Ewido and Spy Sweeper while doing the below or the could interfere with the changes. When you do make the fixes, if any messages popup about canges being made to your start or search pages etc, just accept them since we are the ones making the changes.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

After clicking Fix, exit HJT.

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You should allow ctfmon.exe to startup. It is a valid application!

Let's finish remove Adware Alert.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

After clicking Fix, exit HJT.

Then delete the C:\Program Files\AdwareAlert folder. You may need to reboot first or you may need to delete it in safe mode.

Make sure you tell me how things are working now.