So anyways, problem started with a rogue AV (Trojan.FakeAlert is what it said) that I removed using MBAM. After I removed this, I rebooted and when I tried to launch Mozilla it would crash on start, so I uninstalled, hopped on Internet Explorer to go reinstall Mozilla and that’s when the redirect issue became apparent. MBAM also started notifying me it was blocking outgoing traffic to:
Ran MBAM again, and it removed a few more things (Sorry I can't be more specific, but the logs got deleted). After scanning/running MBAM again I went ahead and scanned with Avira, SAS, Sophos, GMER, and a few other things. They didn't bring up anything but the GMER and Sophos Anti-Rootkit both found suspicion of a rootkit and the problem was persisting, so I ran ComboFix and it cleaned up some of the remaining issues. I still can't run Chrome or Mozilla on his machine, he still has outgoing to 1,2,3,6, and 7 listed above, and the redirecting is still an issue. I've already checked the hosts file (it was clean), replaced it and changed it to read-only just to be safe, restarted, and still nothing. And whatever is wrong with running Mozilla or Chrome/the outgoing traffic is above me.
HJT log removed - HJT log can only be analyzed in our MRT forums and is removed. - Please do not use the spoiler function to post logs.
I'll make sure to let him know I was pretty lost and deferred to some real help so I don’t get stuck with this sort of thing again haha. Thanks!
Edited by rigel, 03 July 2011 - 05:54 PM.