Search engine redirect problem

Welcome to MajorGeeks!

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m

 

Hello, marcolinnell

Let's get rid of one more file -

The below fixes are specific to your problem and should only be used for issue(s) on this machine. Also, please do not install any other software while we are still working with you unless instructed. Once we have given you the all clean and final instructions you will be free to install what you want.

I strongly recommend that you clean up your Desktop immediately leaving only links. Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least it can have an effect on your PCs performance.

Step 1:
Now download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Step 2:
Run Ccleaner

Step 3:
Now go to this link MGTools and download the new version of MGtools....overwrite your previous MGtools.exe file with this one.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Then attach the below logs to your next reply:

• C:\MGlogs.zip
• C:\avenger.txt

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

 

Hello, marcolinnell

Questions: 1) Do these re-directs also happen with Windows IE? Do they only happen when using searches?

If you have a router hooked up then you need to follow the instructions for your hardware and reset it to factory default settings. Normally there is a recessed push button type switch that needs to be held down for some number of seconds to do this. After resetting to factory defaults on your router, you will need to reconfigure the router for your network if you have made any changes to the default network setup.

2) If the above does not help, do the redirects also occur in safe boot mode?

3) Does the below filename exist? Make sure to look for only this exact filename:
C:\Windows\system32\users32.dat

*Using Windows Explorer - navigate to and delete the following:
C:\Documents and Settings\Mark\Y9Y9
C:\WINDOWS\system32\Y9Y9
C:\WINDOWS\system32\YIYI

*Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp

*Run Ccleaner

*Now let's try this:

Using GooRedFix
DO NOT fix anything - attach the GooredLog.txt to your reply.

*Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Then attach the below logs to your next reply:

• C:\MGlogs.zip
• GooredLog.txt

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

 

Step 1:
Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  If it asks you to overide the previous file with the same name, click YES.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
• Follow the prompts.
• When it finishes, a log will be produced named c:\\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 2:
Go to this link again and run Part 2 - The Fix
Using GooRedFix

Step 3:
Run CCleaner

Step 4:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Then attach the below logs to your next reply:

• C:\MGlogs.zip
• New Goored.txt log
• C:\combofix.txt

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

*If you are still having problems with redirects, try booting into Safe Mode and use both browsers to see if the search re-directs still happen.

dr.m

 

Hello, marcolinnell

Were you using MSconfig to disable AVG so that ComboFix would run?

Your logs are clean - you should now put your machine back into Normal Startup Mode. If you are not having any other malware problems, it is time to do our final steps:

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif