Internet Explorer/Google Search Redirects

Welcome to Major Geeks!

It is 2 years out of date and of no use to us.


Please double-click the RootRepeal.exe previously downloaded.

• Select File then Scan
• On the Select Drives form select drive C by "ticking" the box for drive C and click OK
• When the scan is complete - highlight each of the following file(s) if any still exist since you have run MBAM and the new ComboFix in between (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
  • C:\WINDOWS\system32\MSIVXcount
  • C:\WINDOWS\system32\MSIVXqhoylkdmxttkgnyrrciyojgpjuwqppas.dll
  • C:\WINDOWS\system32\MSIVXwusribgetymfgfwkwbwdtfrbemrwkthb.dll
  • C:\WINDOWS\system32\drivers\MSIVXmufxuxdqllxsmpuxryvcjexmbfxtvnri.sys
  • C:\Documents and Settings\Dan\Local Settings\Temp\MPSampleSubmit\msivxmufxuxdqllxsmpuxryvcjexmbfxtvnri.sys.xor
  • C:\Documents and Settings\Dan\Local Settings\Temp\MPSampleSubmit\msivxqhoylkdmxttkgnyrrciyojgpjuwqppas.dll.xor
• After Wiping all files, immediately reboot your pc!

After reboot, rerun Malwarebytes and ComboFix!


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the Malwarebytes log
• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

This happens when ComboFix has been run and has not finished running properly. This is just a system setting you can change from Control Panel. If you still have it set wrong after the next fix then tell me and we will fix it.

ZoneAlarm has long been quite resource intensive and causes slow bootups. Whether it has somehow been corrupted by malware I cannot say. You could always try uninstalling it, rebooting, and then reinstalling to see it it helps. However perform the next fix below before doing anything else.


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

The below are questions you should be asking in the Software Forum, but I will answer them (this time ) here. Any additional non-malware questions should be posted in the appropriate forum.

Normal for IE8 since it uses tabs. If you open a second tab, you will see 3 iexplore.exe processes.

Browsing history is not the same as search history. If you want to clear Google search history you need to click on the Google search pull down arrow and select View History and then click Clear History.

 

You're welcome. Your logs are clean.

Quite simple to fix and something you should know how to do anyway. The below will teach you.

You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Start and Run are Windows items not ComboFix. Look at the lower left of your screen.

 

You're welcome.

I suggest that you post this in the Software Forum but here are a few tips. Sounds like a permissions issue of some sort. Is your wive's user account a restricted user account? If so, first try changing to an admin account and see if anything changes. Also make sure when her account runs that the Print Spooler service is running (the spoolsv.exe process). Please continue this in the Software Forum.