being redirected

First, please run this:
TDSSkiller - How to run

Next, please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide

 

Try running it in safe mode. If still no luck, do the rest of the scanning in the R&R instructions. Possibly once SAS and MBAM have run, TDSSKiller may run then. But I need to see the following logs:
SAS
MBAM
RootRepeal
ComboFIx
C:\MGLogs.zip -- from running C:\MGTools.exe

 

I did in post #2.

 

You didn't run either SAS or MBAM. Please do so and attach those logs to your next reply.

You are also running ComboFix from the wrong location, it needs to be directly on your desktop, not here:
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\Documents and Settings\All Users\Application Data\25485092
C:\Documents and Settings\All Users\Application Data\~25485092
C:\Documents and Settings\All Users\Application Data\~25485092r
C:\Documents and Settings\All Users\Application Data\g2j3um277pw4oe71uk64

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below log:

• C:\MGlogs.zip
• SAS Log
• MBAM Log

Make sure you tell me how things are working now!

 

Was there a reason you ran the scans in safe mode? Are you still being redirected? What issues are you still having, if any?

 

Are you being redirected in only FF? What about other browsers? Do you get redirected in them?

 

Do you have your XP boot CD?

You need to use your Windows XP CD to boot to the Recovery Console and run the fixmbr to clear a Master Boot Record infection that you have.

You can read the below to help you do this:

http://support.microsoft.com/kb/307654


After running the fixmbr command then boot back to normal mode Windows and try running TDSSkiller now. Then attach the log. Also explain if you are still having any malware problems.

 

I don't want you to reinstall XP, I would like you to be able to address the MBR infection that I am sure you have though. Only other option I can think of would be the below:

You may want to try creating and using Hiren's CD to fix the MBR. See what was posted in message # 12 of the below thread and see if you can get this CD to run. If you still need special drivers to access your drive, you will need to post in the Software Forum on how to do this.

whistler/black internet@mbr again!

 

Dammit, of course, my apologies.

You say it detects the flashdrive?

 

Earlier on ComboFix installed the Recovery Console. (Correct?) We're going to use that now.

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)

http://i1111.photobucket.com/albums/h479/MysticalMagpie/1.gif?t=1303862256


http://i1111.photobucket.com/albums/h479/MysticalMagpie/2.png?t=1303862286

When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter

http://i1111.photobucket.com/albums/h479/MysticalMagpie/3.png?t=1303862308

Next type FIXMBR

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please post back and let me know how things are now.

 

What about my post number 22? You trying that?

 

What about the redirects?! Do they persist or not? Give it some time, reboot, surf.... come back and let me know.

 

We are going to be uninstalling your old version of FireFox and installing the new version. So do the below to save bookmarks:

• Run FireFox and click Bookmarks.
• Then select Organize Bootmarks.
• Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.

Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

You will need to exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

Start by uninstalling FireFox and then reboot. Do not skip the reboot.
After reboot, delete the below folders:

• C:\Program Files\Mozilla Firefox
• C:\documents and settings\UserAccount\Application Data\Mozilla

where UserAccount is the actual user account name being used.

Now reinstall FireFox from the file previously downloaded.
Import your bookmarks file. (similar process to exporting).

Surf around... still being redirected? If so tell me whether Internet Explorer redirects too. Or whether these redirects occur in safe mode also.

 

Can you just follow my instructions for now please? It would be much easier.

 

Can you start it this way?

How to start Firefox in Safe Mode

 

Is your computer the only one that is having redirects or are all the computers on your network having the same issues? If you plug your computer directly into the modem, does it still redirect?

 

Be more precise about how you answer Tim's questions.

You just said "yes" but he asked:

So to help us, to help you, be clearer in your response. Thanks.

 

Thanks. Now re-read my post number 33 and answer my question.

Yes! and I only want you to do what we ask you to do at the moment.

 

I do not see any problems in the screenshot. I will have Chaslang have a look to be sure.

 

What programs? No ideas at the moment because I need some sleep, it is now almost 5am here. Are you able to install another browser such as Chrome onto the affected computer via a flashdrive?

Bad idea, as you can see now.

 

Yes because you are doing more harm than good I think by doing what you are doing .

 

Are you plugged directly into your modem or are you plugged into a router? You also need to put your system into normal start up through msconfig.

We were not seeing malware in your logs. Are there other issues you are having with this computer which may indicate a need to do a repair install?

 

You are misdiagnosing cause and effect. You are also breaking, or in reality already broken your PC by taking it upon yourself to remove things you should not be touching. A repair of Windows may be in order.

Did you do this?

Also you mentioned BitDefender earlier on. This is not malware.

 

You can get Recovery Media by contacting the computer manufacturer and requesting a disc. They only charge a nominal fee to send you a CD.

Now please put msconfig in normal start up mode and get me new logs for ComboFix and C:\MGLogs.zip. Your last logs were done in safe mode, so we need them done now in normal start up mode.

 

I suggest you post in the software forum about your cd problem. But as I said, you may need to contact the computer manufacturer and as for an install disc. Unless you can find someone who has one and can borrow it. It must be the same version of Windows as what you have installed. You may also need to get an external cd player to use the disc.