SE Redirects - Combofix shuts IE down

Whenever I click on anything in google, I am redirected to an advertisement. Some of the things that have flashed while adverts are loading are: afe.SpecificClick.com, bmxok, OpenClick.com, TheFindSearch.biz, FindResearchHere.com (and *.us).

This has been happening since I rebooted yesterday morning. The day before, I had opened an email that I thought was real. The subject line was something like "Connect with Scott." What I opened was an advert for something called "Scott Free." I closed and deleted as quickly as I could. This weird hijacking of my internet searches started happening immediately after the next time I rebooted.

I found your website and am stunned at the amount of information! It has taken me almost two days to do everything as instructed. I can't imagine how long it took you to write it including all possible variations on the outcomes! Thanks for doing it.

I followed all directions on READ & RUN ME FIRST:
1. SAS returned no infections.
2. MalwareBytes removed one infection by Rogue.Multiple.
3. I could not download ComfoFix after several attempts. This consistently caused everything to close. I tried to access BleepingComputer directly from Internet Explorer but again, everything just closed, leaving me at my desktop. I uninstalled my Avast, but this did not allow me to download ComboFix.
4. I ran MGTools, but frankly don't understand anything it returned. :/

- I'm still having the redirect problem.
- I am still unable to download ComboFix.
- I have not yet tried to reinstall Avast.
- I did not try any system restores to dates before this
started happening.

I think I'm attaching everything I'm supposed to. This was all quite overwhelming to me because I am not at all techy. :/ If I lose this computer, I've lost all contact with the world!

Thanks for your help,
Christine
P.S. I read other threads on this issue but all seemed slightly different than my results. I don't know anything about how computers work and am deathly afraid to start doing things listed in similar, but not exact threads.

 

Dear Chasling,
Thank you SO MUCH for your reply. As I'm sure you can imagine, I have been going absolutely insane over this.

In answer to your initial question about why I had no protection software running, I couldn't get combofix to load to safe my life so I disabled Avast. It still wouldn't load so I uninstalled Avast. Combofix still wouldn't load so I gave up on that and reinstalled Avast.

Regarding Viewpoint Media Player, I missed it the first time, found it after I sent the logs, and then deleted it.

Going to follow your instructions now--trembling all the while that I am going to make a mistake and lose everything. :/ I am not technically inclined when it comes to these things.
Fingers crossed,
Christine
P.S. Thanks for working on a Saturday night.

 

Hi Chasling,
I went to my root file to execute MGTools.exe. When I did, I did not have an option of "system scan only."

Here's what happened:

It opened the black box
It did its scan
Black box does not close automatically for me
I have to "hit any key to continue"
I am then left with my root files with no indication of the four lines that I was to "fix."

Christine
P.S. I also completed the items before the step of running MGTools.exe:
1. I uninstalled Java 6 Update 11
2. I confirmed that I had successfully uninstalled Viewpoint Media Player

 

Oy, so you did. :/
Going to do that now.

 

Completed the MGTools\analyze.exe instruction.

Downloaded Avenger from your link to my desktop.

Ran the exe file.

Copied everything in your text box and pasted it into the "input script here" box.

Received following message (I couldn't copy what was in the message box so the following is my typing):
Error: Invalid registry syntax in command
"HKEY_CURRENT_USER\software\microsoft\windows\CurrentVersion\run\AdobeUpdater"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode).

I had the option of continuing, but I cancelled pending further instruction from you.

 

Hi Chasling,
Thanks for the advice. I did as you said and am attaching the Avenger and MGlogs files.
Christine

 

Hi Chasling,
Thanks for the reply. Regarding your comment that I should not have restarted using MSconfig again, I don't understand this comment. I don't know anything about msconfig except what you told me to do there. :/ Anyway, I will follow your other instructions here.

I do have a question about my logs: Did I have any spyware/key logger on my computer? At the same time the redirect/hijack activity started, I started getting repeated messages in Yahoo saying "You have been disconnected from chat because you ahve signed into Yahoo Messenger from another computer or device."

1. This is confusing because I have never even used Yahoo messenger and don't even know how to, nor do I desire to. (I assume this requires downloading something from Yahoo and I have never done this.)
2. This is alarming because it makes me think someone has my password and is signing into my account while I am online.

Did I have any keyloggers on my computer?
Thanks,
Christine

 

Hi chasling. Thanks for the info. I suspected that there might be a key logger component because of the mysterious yahoo messenger activity. Yes, I use yahoo for email, but I have never used yahoo messenger. Yet I started receiving those wierd notices that my messenger account (which I don't even have) had logged into yahoo messenger from "another location". I have asked yahoo tech support about this also and am awaiting reply. I will do as you said about changing all passwords from another location.

Bigger issue now is that windows will not load at all. Regarding your comments about msconfig/disabling startup, I don't know about any of that and no one has touched my computer, so I obviously did something by accident but have no idea what I did. I have now tried to start using F8 function

"Start windows normally" took 35 minutes to return blue screen saying problem caused by PartMgr.sys PAGE_FAULT_IN_NONPAGED_AREA plus more tech info that I wrote down.

"Last known configuration" took 20 mins to return blue screen asking me to check for adequate disk space, to check for driver updates, to try changing video adapters, to check for bios updates, and to disable bios options such as caching or shadowing.

"Safe mode" took 45 minutes to scroll through lots of things in the system32 folder and finally gave a black screen with "safe mode" in all four corners but nothing in the middle. I waited more than one hour but nothing more materialized.

My only lifeline to correspond with you now is the 2 inch screen on my blackberry!

Christine

 

P.S. Because windows is not loading, I was unable to complete last set of instructions you gave me in your next to last post.

 

Thanks chaslAng.

I will try to find that other forum on this crazy 2 inch screen! Thanks for all the help getting rid of the malware.
Christine