Redirecting Issue on All Browser and Devices

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.


​

 

You need to attach the requested logs from TDSSKiller and MGtools

 

Okay then uninstall Chrome now. Then reboot. After reboot, delete the below folder:

C:\Users\Nightdrive\AppData\Local\Google\Chrome

Then if you wish to still use Chrome, use Internet Explorer to download the current version from the below link and reinstall. See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

Google Chrome 22.0.1229.94 Stable

See how it is working after reinstall.

Now let's also cleanup some other junk.


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT will reset your home page to a google default so you will need to restore your home page setting.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

 

Yes if it is having the same type problems. We typically do the below to save bookmarks first.



We are going to be uninstalling your old version of FireFox and installing the new version. So do the below to save bookmarks:

• Run FireFox and click Bookmarks.
• Then select Organize Bootmarks.
• Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.

Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

You will need exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

Start by uninstalling FireFox and then reboot. Do not skip the reboot.
After reboot, delete the below folders:
C:\Users\Nightdrive\AppData\Roaming\Mozilla
C:\Program Files (x86)\Mozilla Firefox\extensions

where UserAccount is the actual user account name being used.

Now reinstall FireFox from the file previously downloaded.
Import your bookmarks file. (similar process to exporting).

 

Not being able to get to Google is not a redirect. So are you having redirects or are you having a problem getting to Google. And not sure why this would have anything to do with your other PC being on unless it totally breaks the ability to connect to any website.

Please rerun Hitman Pro and attach a new log. I want to see if that Babylon junk still shows. It looks like it was missed by JRT.

 

Power cycle your router. If that does not help, then reset it back to factory condition.

Normally there is a recessed push button type switch that needs to be held down for some number of seconds to do this. After resetting to factory defaults on your router, you will need to reconfigure the router for your network if you have made any changes to the default network setup.

Allow Hitman to fix the below items.
HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon)

Then reboot. After reboot run a new scan with Hitman and attach this new log.

 

Delete.

Uninstall Firefox and leave it uninstalled for now. Just use Internet Explorer and tell me what happens when using it.

 

Okay those items are gone from the Hitman log. How are things working when just using IE?

Also please download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\MGlogs.zip

 

Your last log did not show any problems with getting to Google

Code:

================================================================= 
Pinging 74.125.113.106 with 32 bytes of data:
Reply from 74.125.113.106: bytes=32 time=93ms TTL=49
Reply from 74.125.113.106: bytes=32 time=93ms TTL=49
Ping statistics for 74.125.113.106:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 93ms, Average = 93ms
================================================================= 
Pinging [URL="http://www.google.com"]www.google.com[/URL] [74.125.224.48] with 32 bytes of data:
Reply from 74.125.224.48: bytes=32 time=18ms TTL=54
Reply from 74.125.224.48: bytes=32 time=18ms TTL=54
Ping statistics for 74.125.224.48:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 18ms, Average = 18ms
================================================================= 
Doing nslookup google.com 
Server:  UnKnown
Address:  192.168.1.1
Name:    google.com
Addresses:  2001:4860:4001:803::1009
   74.125.224.134
   74.125.224.135
   74.125.224.131
   74.125.224.128
   74.125.224.142
   74.125.224.136
   74.125.224.137
   74.125.224.132
   74.125.224.133
   74.125.224.130
   74.125.224.129

Is it still okay?

 

There is nothing and has been nothing in any of you logs to indicate infection or redirection issues. It seems to me that you may be mistaking problems with getting connected ( like the above error ) with redirection. This is not a redirection.

pinging what gave you 96.17.148.104

Code:

96.17.148.104 - Geo Information
IP Address:   [URL="http://cqcounter.com/traceroute/?query=96.17.148.104"]96.17.148.104[/URL]
Host:         a96-17-148-104.deploy.akamaitechnologies.com
Location:     [IMG]http://n1.dlcache.com/flags/us.gif[/IMG] US, United States
City:         Cambridge, MA 02142
Organization: Akamai Technologies
ISP:          Akamai Technologies
AS Number:    AS7922 Comcast Cable Communications, Inc.

Looks like your ISP?

 

Your ISP is ComCast and they appear to be using that address from Akamai. Notice the line I posted that shows AS Number:

Akamai Technologies, Inc. is an Internet content delivery network headquartered in Cambridge, Massachusetts. Akamai's network is one of the world's largest distributed-computing platforms.

Malware would not reroute your ping IP to a valid internet hosting company. It would serve no purpose. Also my.ebay.com is not a valid URL that you can ping. Neither is www.ebay.com. They will not answer pings

Code:

C:\Windows\system32>ping my.ebay.com
Pinging my.g.ebay.com [66.135.204.53] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 66.135.204.53:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
 
 
C:\Windows\system32>ping [URL="http://www.ebay.com"]www.ebay.com[/URL]
Pinging [URL="http://www.g.ebay.com"]www.g.ebay.com[/URL] [66.135.210.61] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 66.135.210.61:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), 

And your ISP or some software you have installed my be capturing errors like this in and redirecting on errors to HTTP 404 error. Try pinging something valid like www.google.com or www.microsoft.com or www.apple.com And note, when I ping apple.com it goes thru akamai to get there. And I don't live in Mass. either and Akamai is not my ISP.

Code:

C:\Windows\system32>ping [URL="http://www.apple.com"]www.apple.com[/URL]
 
Pinging e3191.c.akamaiedge.net [23.45.13.15] with 32 bytes of data:
Reply from 23.45.13.15: bytes=32 time=114ms TTL=251
Reply from 23.45.13.15: bytes=32 time=120ms TTL=251
Reply from 23.45.13.15: bytes=32 time=118ms TTL=251
Reply from 23.45.13.15: bytes=32 time=113ms TTL=251
Ping statistics for 23.45.13.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 113ms, Maximum = 120ms, Average = 116ms

Have you tried by passing your router completely ( assuming you have a router ) and directly connecting your PC to the internet? If not then try this. We have seen many cases where routers have been causes of issues like this.

 

You have to do this just to test it out. Malware is not showing on your PC. Your router ( and sometime even the modem ) can be the cause. Assuming there are other PCs, in the house base on you statement, is anyone else having similar kinds of problems.

Also please do the below.

Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  drives
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Then the problem is not with your PC but with your DNS server which is in your router which is why I said to by pass it quite awhile ago but you have not tried this. Your PC is clean as already stated.