Search Redirect Issue

Welcome to MajorGeeks, amaasing.

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m

 

Hello, amaasing

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and continue on.

Step 2:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 3:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 4:
Now install the latest Sun Java Runtime Environment

Step 5:
Now download Sophos Anti-Rootkit 1.5 and save to a location you will be able to find such as your desktop

Run sar_15_sfx by double clicking on it.

Click Accept to agree to the EULA

Click Install (if you wish to change the default installation location do so here but remember where you install to, the default is C:\SOPHTEMP)

Once it finishes copying files, exit the installer​

Running the scan

Navigate to the location that you installed the software to (Default: C:\SOPHTEMP)

Run the sargui Application by double clicking on it. (Note: if using Vista or Windows 7, use right click and select Run As Administrator).


Ensure that all three of the options are checked

Click Start Scan

* Be aware that the scan will take at least 30 minutes, once it is complete, close Sophos Anti-Rootkit by closing the scan window and clicking Exit in the main window

DO NOT CLICK 'CLEAN UP CHECKED ITEMS' OR ATTEMPT TO HAVE SOPHOS ANTI-ROOTKIT FIX ANYTHING UNLESS SPECIFICALLY INSTRUCTED TO IN THE THREAD YOU ARE WORKING ON​

Finding the logs

Click on Start --> Run

Type in %TEMP%\sarscan.log and press enter

The log file will open in the default editor (probably Notepad)

Click File --> Save As and save the file to your desktop or other location for easy retrieval.​

Step 6:
Please download OTL by OldTimer, saving it to your desktop:

• Close all open windows on the Task Bar. Double-click the OTL icon to start the program and let it run uninterrupted.
• When the windows appears, underneath Output at the top - change it to Minimal Output.
• Under the Standard Registry box, change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Now click the Run Scan button at Top left and let the program run - the scan may take 5-10 minutes.
• Do not TOUCH your keyboard until the scan completes!
  • It will produce two (2) logs on your desktop, one will pop up called OTL.txt and the other - Extras.txt. These logs are saved normally directly under your C:/ directory.
  • Now exit Notepad.
  • Exit OTL by clicking the [X] at top right.

Please attach the below logs to your next reply:

• OTListIt.txt
• Extras.txt
• sarscan.log

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

 

Hello, amaasing

Can you tell me what this is? C:\Users\Grace\Desktop\umcflngb.exe
If not - please right-click the file > select "Properties" > post what's listed under both the "General" and the "Details" tabs.

Step 1:
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8CE646EE
  
  :commands
  [EMPTYTEMP]
  [REBOOT]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Attach the new OTL.txt log it produces in your next reply.

Step 2:
See this link for re-setting your Hosts File
How do I reset the hosts file back to the default?

Step 3:
Please go to start > Run and paste in the following:

Step 4:
Now go to this link MGTools and download the new version of MGtools....overwrite your previous MGtools.exe file with this one.

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the below logs to your next reply:

• C:\MGlogs.zip
• updated OTL.txt log
• C:\collect.zip

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

 

amaasing

You have ignored two of our forum rules:

1)

The following only appears in your most recent logs -
TFC.exe/Alwil Software/pcpitstopAntiVirus.dll/HijackThis 1.99.1/Java(TM) 6 Update 13 (64-bit)

2)

You have opened a thread topic at another forum-
http://forums.pcpitstop.com/index.php?showtopic=186505

To avoid further confusion and wasting valuable resources on duplicate work, this thread is now closed.

dr.m

 

This guy is an IT admin, or so he claims in an email to me, so let him use his knowledge that he is getting paid for at his job. As you know, we don't assist so called pofessionals, a eal professional can remoe any infection or offer his custome a fomat when they cant get it done. We are volunteers here, helping idividuals, not so called pofessionals.