Redirecting Virus/malware

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Files tab and locate these detections:

• [PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found
• [PUP][Folder] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


Follow the below instructions to reset Google Chrome:

Reset Google Chrome to defaults

Let me know how things are running.

 

And this only happens with Google Chrome?

 

I would back up your bookmarks and then uninstall Google Chrome and Google Update Helper using Revo Uninstaller.

Then use Internet Explorer to download Google Chrome again, reinstall and let me know how it's going....

 

You are most welcome. Surf around a while and then get back to me if it starts happening again. : - )

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

I see you have Opera installed. Can you surf around using Opera afterwards and let me know whether it is redirecting, too?

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.
Download Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Then attach the below logs:

• Fixlog.txt

How are things running?

 

I uploaded a file (look at the very end of my post)

 

Where did it redirect to this time?

What were the warnings please from Iobit?

Uninstall Google Chrome again using Revo Uninstaller. Do NOT reinstall Chrome until I say so.

Next do this....

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Attach the logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

NOTE: All Chrome related folders need to be deleted afterwards and also even the shortcut link used to start Chrome. Leaving any of these around could be a cause of bringing back the same issue if the problem really is in Chrome.

Examples of what to delete:

C:\Users\Marius\AppData\Local\Google\Chrome
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
C:\Users\Public\Desktop\Google Chrome.lnk
C:\Program Files (x86)\Google\Chrome

I would also delete the below and get a new copy
C:\Users\Marius\Desktop\ChromeSetup.exe

 

Thankyou.

Take note of what Chaslang has said, larmar88, delete all that he has explained in the post, (if you see the files/folders...) AFTER uninstalling Chrome with Revo, and once you attach the requested logs I shall see if anything remains. Again, as stated, do not reinstall Chrome until I say.

 

Yes it was useful to see the adwcleaner quarantine log. Thanks for attaching that too.

Do this:


Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Surf around using Opera for now until I make another post to you. It's very late here in the UK and I have to sleep.

Let me know about the reg patch and if you got a success message or not.

 

Did you get redirected on Opera with the older version of Opera or the new version? Are you still being redirected to newpoptab?

Try downloading and running this...

http://www.majorgeeks.com/files/details/bitdefender_adware_removal_tool.html

Let me know if it finds anything.

 

So just to be absolutely clear on this... are there any redirects in opera? You said you are, so I presume you are, but then you said this which confused me:

So just to clarify.... let me know.

Delete these:

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA

Me too actually. So I'll post something else for you to try as well when you have finished work. I am seeking guidance about this in the background.

Run this and upload the results.

Using ESET's Online Scanner

Also I want you to run a FULL system scan with Avast and let me know if it finds anything.

 

Good morning. I have to dash off very soon to do a few things. In the mean time let me ask you, did you indeed run a full system scan with Avast?

 

Also... I'm wondering... does Internet Explorer redirect as well?

 

OK first thing to try now is this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• 
  
• O4 - HKCU\..\Run: [BingSvc] C:\Users\Marius\AppData\Local\Microsoft\BingSvc\BingSvc.exe

After clicking Fix exit HJT.



Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.


Surf using Opera and let me know if you get redirects.

 

Got to pop out for a little while, but I'll be back soon...

 

OK hang in there... I have to dash out for a quick half an hour or so, I'll post back with a response asap

 

Hi there.

I'd like you to power cycle your router (reboot it)

• Switch off and unplug the power from your modem/router.
• Leave both unplugged for 30 seconds.
• Plug the power back into the modem/router and verify that you are again connected to the Internet.

Also follow the instructions here for Windows 7 to >>> Reset your Host File

Try the 'easy fix' option.

Reboot the machine and surf around using both IE and Opera.
Report back to me how each browser behaves.

 

The latest MGlogs.zip does not contain all new log files. Either you did not wait for it to finish running before getting the log or some problem occurred. You must wait for Run the C:\MGtools\GetLogs.bat to tell you that it is finished.

 

I suggest that you try not using this and use a direct wired connection to see what happens. The source of you redirects could be related to how you are connecting since it would be a common point no matter which browser is being used. And your logs are not really showing any signs of problems

 

Are you still with us, Larmar88?

 

Ahhh I forgot you said you'd be away a while. Catch you tomorrow.

 

Hi Larmar88,

Let's see what Chaslang says about this. Hang in there.

 

Back in message # 38, I had requested that you use a direct connection ( a wired connection ) rather than wireless because your problems seem to be related to using wireless. Can you use a wired connection?

Is Avast uninstalled or uninstalled? We need it to remain uninstalled.
Are there any other protection programs installed that could be causing issues?

 

Really! You don't have a switch or a router that has a physical Ethernet port? Does this mean that you only tether to your phone?

Previously you had said the below:

It is possible that this is the source of the redirects you had been seeing.

But we want you to uninstall them to make sure that they are not getting in the way or causing any other problems. Simply turning them off is not good enough because some aspects of the program would still be running.

Also please indicate what exact problems still remain.

 

But there is a network!!! If there is a network then some kind of router/switch must exist inorder to provide you with internet service. Who is providing your internet service?

Please try the below:

It may not be malware! It may be related to how you are connecting to the internet.