Browser hijack and redirect

Welcome to MajorGeeks!

I'll look over your logs and post a reply later.
dr.m

 

You're welcome, Bill

I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\Jackie\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.


Uninstall these outdated programs, they are a security risk.
Java(TM) 6 Update 37
Mozilla Firefox 12.0 (x86 en-US)
These should also be uninstalled --> see Uninstall Malware via Add/Remove Programs
WildTangent Games
WildTangent ORB Game Console

Please disable all anti-virus and anti-spyware programs while we do the following steps(re-enable before coming back online):

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Nowrun C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Next download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Files
C:\Users\Jackie\AppData\Local\{92275183-3CF8-4F22-B16E-92FEFA8FE1ED}
C:\Users\Jackie\AppData\Local\{AF161CBB-2CF4-40B5-BBD6-32270498C17D}
C:\Users\Jackie\AppData\Local\{CCA047ED-1916-4E0E-810D-04C2B1EF8BE3}
C:\$Recycle.Bin\S-1-5-21-2017135751-886739182-1019768294-1001\$I1VGATZ.exe
C:\QooBox /D
C:\Users\Jackie\Desktop\Combofix_d6402.htm /D

:Commands
[purity]
[emptytemp]
[start explorer]
[reboot]

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

Please install the latest Sun Java Runtime Environment
...and also Mozilla Firefox 17.0.1 Final

Now run the C:\MGtools\GetLogs.bat file by double-clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Requested new logs from:

• JRT.txt
• C:\_OTM\MovedFiles\log.txt
• updated C:\MGlogs.zip

How is the pc running now?

 

Please download AdwCleaner and save it to your Desktop.

Now disable Microsoft Security Essentials
Open MSE -> click Settings and under real-time protection -> uncheck the option "Turn ON real-time protection".

Using AdwCleaner

• Double-click AdwCleaner.exe to run it. (Vista & Win7 users should right-click and "Run As Administrator)
• Click on Delete
• Your pc should now automatically re-boot
• AdwCleaner will display a log showing the files, folders, and registry entries that were removed.
• Attach this log to your next reply.

If you followed my instructions in running the C:\MGtools\GetLogs.bat file, an updated MGLogs.zip would be created directly in your root directory... C:\... attach it along with the AdwCleaner[S1].txt.

*What malware problems still remain?

 

You're welcome -

I still need input from you on how the pc is working.. while I look over your latest logs. And please perform ONLY the instruction steps that I give you.

dr.m

 

Let's get rid of some AVG remnants by downloading the AVG Remover64bit 2012 from http://www.avg.com/us-en/utilities

• Save it to your desktop
• Right-click it and "Run as Administrator"
• When prompted, re-boot.
• Run it a second time.

Now using Windows Explorer, delete this file: C:\ProgramData\WildTangent

Create one final updated MGLogs.zip by running the C:\MGtools\GetLogs.bat file by double-clicking on it. (Right click and run as admin if using Vista or Windows7)
Then attach the new C:\MGlogs.zip file

 

You're welcome.

*It is time to do our final steps. Be SURE to complete all of them - that will also remove some old leftover logs from April.

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. It provides no "real-time" protection unless you purchase it and does not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. Go back to step 4 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
3. If running Vista or Win 7, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. Go to add/remove programs and uninstall HijackThis.
5. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and/or deleted.
7. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work through the below link:
   • How to Protect yourself from malware!

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif