Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help: Browser redirects to "Oops! Google Chrome could not find"


  • This topic is locked This topic is locked
17 replies to this topic

#1 izej

izej

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 13 June 2014 - 08:35 AM

Need help: Browser frequently redirects websites to "Oops! Google Chrome could not find ...."

 

Any help would be greatly appreciated.

 

 

This is the HiJack This log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:43 PM, on 6/13/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe
C:\ProgramData\GarenaCIG\3.0.919\GarenaCIG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\calc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\server\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GarenaCIG] "C:\ProgramData\GarenaCIG\3.0.919\GarenaCIG.exe" --tray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{99E19905-3F99-421A-A7A5-448D3FEAE1C4}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Endpoint Security Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Casper SmartSense (casperhpb) - Future Systems Solutions, Inc. - C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
O23 - Service: DFServ - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
O23 - Service: GCafe Service (GarenaCIG) - Unknown owner - C:\ProgramData\GarenaCIG\3.0.919\GarenaCIG.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
 
--
End of file - 10407 bytes
 
 
AFTER THAT, I RAN ADWCLEANER
 
THIS IS THE LOG:
 
# AdwCleaner v3.212 - Report created 13/06/2014 at 21:41:40
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : server - GAYLE
# Running from : C:\Users\server\Desktop\adwcleaner_3.212.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Conduit
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
-\\ Google Chrome v35.0.1916.153
 
*************************
 
AdwCleaner[R0].txt - [3534 octets] - [13/06/2014 21:40:07]
AdwCleaner[S0].txt - [3529 octets] - [13/06/2014 21:41:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3589 octets] ##########
 

Edited by izej, 13 June 2014 - 08:45 AM.


BC AdBot (Login to Remove)

 


#2 izej

izej
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 16 June 2014 - 05:37 AM

bump?



#3 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 16 June 2014 - 11:08 PM

Hi izej :)

 

Welcome! My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know.

I am in California at GMT-7 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's get started:

 

In order to give you the best possible support, we ask that you take a few preliminary steps which are outlined here. All the steps listed are important but step #6 will explain how to download and run the DDS program which will provide us a detailed analysis of your system. You will need to copy and paste the two logs that the DDS software will provide at the end of the scan.

 

Let me know if you have any questions.

 

polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 22 June 2014 - 10:56 AM

Hi izej :)

 

It's been several days since you've checked in. Do you still need help with this? If not, this topic will be closed in 48 hours.
 
Let me know if you have any questions.

 

polskamachina



#5 izej

izej
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 22 June 2014 - 11:15 PM

Yes I still need help. Sorry for the delay, I thought nobody will reply to my post. Will Give a response with the instructions given as soon as I can.



#6 izej

izej
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 22 June 2014 - 11:25 PM

attach

Attached Files


Edited by izej, 22 June 2014 - 11:26 PM.


#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 23 June 2014 - 10:55 AM

Hi izej :)

 

Good job with the attach.txt file. There is one additional text file that the DDS program generates and that is, DDS.txt. Can you please copy and paste that in your next reply to me?

 

Let me know if you have any questions.

 

polskamachina



#8 izej

izej
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 26 June 2014 - 01:08 AM

Hi izej :)

 

Good job with the attach.txt file. There is one additional text file that the DDS program generates and that is, DDS.txt. Can you please copy and paste that in your next reply to me?

 

Let me know if you have any questions.

 

polskamachina

here it is

Attached Files

  • Attached File  dds.txt   13.02KB   6 downloads


#9 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 27 June 2014 - 11:52 AM

Hi izej :)

 

While I am analyzing your log, could you please let me know if this problem only occurs with the Chrome browser? Have you tried Internet Explorer or Firefox?  Will a website that gets redirected, always be redirected or will it occasionally connect to where it's supposed to go ?

 

polskamachina



#10 izej

izej
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 28 June 2014 - 09:55 PM

Occurs in Firefox and Chrome (Who uses IE? :hysterical: ). 65% of the time it gets redirected, 35% succeeds.



#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 30 June 2014 - 12:53 AM

Hi izej :)
 
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please copy and paste the C:\ComboFix.txt file in your next reply for further review.

 

Let me know if you have any questions.

 

polskamachina



#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 04 July 2014 - 10:30 AM

Hi izej :)
 
It's been several days since you've checked in. Do you still need help with this? If not, this topic will be closed in 48 hours.
 
Let me know if you have any questions.
 
polskamachina



#13 izej

izej
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 09 July 2014 - 02:25 AM

combofix log

Attached Files


Edited by izej, 09 July 2014 - 02:43 AM.


#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 09 July 2014 - 11:22 AM

Hi izej :)

 

Good job with the ComboFix log. :thumbsup:

 

Can you please tell me how your pc is performing? Are your browsers still getting redirected?

 

polskamachina



#15 izej

izej
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 13 July 2014 - 11:28 PM

It still does.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users