Malware redirects my searches and crashes my browsers

Welcome to Major Geeks!

Before we get started, I'm wonder why you have started two new user accounts and posted the samething in each thread. Are you really looking for help for your own PC?

Why did you start the below thread we a new user account named Road124?

http://forums.majorgeeks.com/showthread.php?t=186512

The second thread has now been closed!

 

Why did you create a new user account?

 

Start with the below.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 3


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O1 - Hosts: 85.118.8.137 www.sessionswithcesar.imgdigital.org
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

We don't recommend putting anything in the Trusted Zone, so fix the below unless you are sure they are really necessary which is rare.
O15 - Trusted Zone: http://*.salesonline
O15 - Trusted Zone: http://*.salesonline (HKLM)

After clicking Fix, exit HJT.


Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Run HostsXpert.exe by double clicking on it.
• Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
• Click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

Now let's flush the Java Cache

• Click Start > Settings > Control Panel
• Double click the Java icon (be patient, it may take a while to open)
• Now click the General tab and under the Temporary Internet File area
• Click the Settings button and then click the Delete Files... button.
• In the next popup click OK.

If you have multiple Java plugin icons in Control Panel follow the above to clear all their caches.


Now let's flush the FireFox Cache
To flush your FireFox Cache:

• click Tools
• select Options
• select Privacy
• in the section labeled Private Data click Clear Now
  

Now let's flush the Internet Explorer Cache
To flush your Internet Explorer Cache:

• click Tools
• Internet Options
• Now on the General tab and click Delete Files and select Delete all Offline content too
• Click OK.
• When it finishes Click OK.

Now run Ccleaner!


Now delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp


Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

It's not malware. It's how you have FireFox setup. You probably have it set to Show my windows and tabs from last time.

Your logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!