Redirects of Google in IE8, hoping resolved

Discussion in 'Malware Help (A Specialist Will Reply)' started by zamorazeke, Nov 29, 2012.

  1. zamorazeke

    zamorazeke Corporal

    Earlier today we were getting some apparent redirects on Google searches, so I went through some of the exercises pursuant to asking for someone on the forum to check out potential problems.

    When I first ran MBAM, it found what appeared to be a trojan (see attached first MBAM log), but when I allowed it to resolve the issue and it rebooted the computer, we lost the ability to access the internet, and our security program (ZoneAlarm) wouldn't come on.

    So, I did a system restore to yesterday, rebooted, and it seems the original problem might have disappeared too... But to find out for certain whether we still have problems, I ran all the checks and have attached the resultant logs to this post.

    I am hoping these logs show little if any problems on the computer, but will do anything to clean it if needed.

    Thanks to any of the experts that might view the logs and let me know, and best regards. :)

    PS another post with MGlogs,zip attachment is coming.
     

    Attached Files:

    zamorazeke, Nov 29, 2012
    #1
  2. zamorazeke

    zamorazeke Corporal

    Here's the final log for perusal... Thanks :)
     

    Attached Files:

    zamorazeke, Nov 29, 2012
    #2
  3. zamorazeke

    zamorazeke Corporal

    Here's an additional attachment of screen copies when I re-booted the computer since sending the original logs...

    It appears there are some irregular things happening when the computer starts, probably related to the original problems I reported. :(
     

    Attached Files:

    zamorazeke, Nov 29, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Since you don't appear to be following final instructions when given in threads you have previously posted the first thing I'm going to ask you to do is follow them now. Do ALL of the below including the uninstall of ComboFix. If you don't have the ComboFix.exe file, then skip that and continue. MGclean.bat will take care of it.



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Press and hold the Windows key http://forums.majorgeeks.com/chaslang/images/Windows_Logo_key.gif and then press the letter R on your keyboard. This opens the Run dialog box.
      • Copy and paste the below into the Run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    After you have done ALL of the above, please do the below.


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



    Now attach the below log:
    • C:\MGlogs.zip
     
    chaslang, Nov 30, 2012
    #4
  5. zamorazeke

    zamorazeke Corporal

    Hi chaslang,

    Thanks for your response to my request.

    I'm sorry not to have complied with closing instructions in former thread(s), but I think I have completed everything this time as instructed. :(

    I got a success message for the REGEDIT4 operation and am enclosing the log you asked for.

    Thanks again, and I intend to complete any further closing instructions if/when things are good. :)
     

    Attached Files:

    zamorazeke, Dec 1, 2012
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.


    Are you still having problems?
     
    chaslang, Dec 1, 2012
    #6
  7. zamorazeke

    zamorazeke Corporal

    I believe the only problem that I'm still having is that during cold boot, about half way through startup, the attached pops up in the middle of the screen. I believe it might be part of the external hard drive backup starting procedure rather than malware(?)

    I don't know what to do to eliminate its showing up when I start the computer either from a cold start or whenever someone logs in to his/her account.

    Is this a software rather than a malware problem, and should I go over there to seek a solution?

    If so, I want to thank you again for your patience and wish you the best. :wave
     

    Attached Files:

    zamorazeke, Dec 1, 2012
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome
    Yes! But you can remove the below startup processes which will most likely remove it.

    O4 - HKLM\..\Run: [mxomssmenu] c:\program files\maxtor\onetouch status\maxmenumgr.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\onetouch.exe
     
    chaslang, Dec 1, 2012
    #8
  9. zamorazeke

    zamorazeke Corporal

    Thank you sincerely for your responses, help, directions and suggestions. :)

    With regard to your last post, how do I turn off those processes properly, and do I need to turn on one or both later in order to keep the external drive synched with the compouter?

    I apologize for my lack of knowledge in how to accomplish what you suggest. I believe you have helped me get rid of the original problems, and I will go to one of the other forums if that is what I need to do.

    Thank you once again for your extended help. :confused
     
    zamorazeke, Dec 2, 2012
    #9
  10. zamorazeke

    zamorazeke Corporal

    Responding to my own last post...

    Thanks again for your help. I've removed the processes you recommended, and I believe everything is working well.

    I will perform any closing directions you wish. :wave
     
    zamorazeke, Dec 3, 2012
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Glad to hear you have it resolved.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
     
    chaslang, Dec 4, 2012
    #11
  12. zamorazeke

    zamorazeke Corporal

    I've completed the final instructions. Thanks for your help. Best regards, and have a happy holiday season. :wave
     
    zamorazeke, Dec 4, 2012
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Enjoy your holidays too. Thanks!
     
    chaslang, Dec 6, 2012
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds