Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting me


  • This topic is locked This topic is locked
5 replies to this topic

#1 318fella

318fella

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 15 May 2018 - 10:20 PM

Google keeps redirecting me and malwarebytes has found some virus/malware but i think its more cause i get a 502 badgateway and sometimes pc is freezing up (freezing may mot be related to malware)


ok


ok

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 16 May 2018 - 07:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
CHR DefaultSearchKeyword: Default -> Yahoo
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\the wolverine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-12-13]

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {036FFAE8-0895-4A77-94B4-E3A86D698FCC} - \marketplace honed sequelsmarketplace honed sequels -> No File <==== ATTENTION
Task: {3BDA06F7-76C1-4CDC-9E73-086274351654} - \muffet_kalamuffet_kala -> No File <==== ATTENTION
Task: {573AE729-4FD9-4721-85F1-021BC03A2CEF} - System32\Tasks\transmittingtransmitting => C:\Program Files (x86)\rebukes\rebukes.exe
Task: {65DDECA1-6E3B-411C-9798-C8BDCB655023} - \cruzcruz -> No File <==== ATTENTION
Task: {67DE70DC-2B08-42FC-8667-1087011674B7} - \muffet_kala -> No File <==== ATTENTION
Task: {7650B48F-DEE1-48EB-9B81-6EBD9B4D66A0} - \esp-rahwayesp-rahway -> No File <==== ATTENTION
Task: {81AB690B-DFD2-415D-B936-386D7A77459F} - \esp-rahway -> No File <==== ATTENTION
Task: {95778EB8-6393-468A-82EB-49A43B0AC666} - \overbye_fairplayoverbye_fairplay -> No File <==== ATTENTION
Task: {A6B29313-C5D1-45C0-ABE2-0911DA119ED9} - System32\Tasks\{72F5F8F3-8080-4FC8-9828-D14BAF5D6597} => C:\Users\THEWOL~1\AppData\Local\Dadepo\sync.exe
Task: {CF826DF8-A525-412B-83A5-061C63763800} - \overbye_fairplay -> No File <==== ATTENTION
Task: {D0AC2D06-38D2-490A-9963-D69A6129208B} - System32\Tasks\transmitting => C:\Program Files (x86)\rebukes\rebukes.exe
Task: {E640F59B-9D00-4005-A12A-9E1448A1FD85} - \cruz -> No File <==== ATTENTION
Task: {FC51C851-4E5C-48B6-B171-82534A977274} - \marketplace honed sequels -> No File <==== ATTENTION

C:\Windows\System32\Tasks\transmittingtransmitting
C:\Program Files (x86)\rebukes
C:\Windows\System32\Tasks\{72F5F8F3-8080-4FC8-9828-D14BAF5D6597}
C:\Users\THEWOL~1\AppData\Local\Dadepo
C:\Windows\System32\Tasks\transmitting

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
<<<>>>

Please post the log and let me know what problem persists.

#3 318fella

318fella
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 17 May 2018 - 01:29 PM

ok

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 18 May 2018 - 06:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I missed these in my previous fix.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know of any remaining issues.

#5 318fella

318fella
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 18 May 2018 - 03:02 PM

ok

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 19 May 2018 - 06:48 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users