browser redirects

[glathem40]

Greetings all !
         I have an HP p6320f desktop.   AMD phenom 2.8 GHz, 64bit, Windows 7 Home Premium, Service Pack 1.  I am getting redirects in both I.E. and firefox.  I have had avast installed since I bought it last year.  Have run  S.A.S and malwarebytes scans - They keep finding infected files, but after removing selected files and reboot the redirects persist.  I have tried running highjack this and posting it per your self-help guidelines.  I removed the files it suggested - still no luck.  I am going to attempt to post my latest highjack this log to this post.   If anybody can offer a suggestion on what to do, I will buy them a new house in the Hamptons.  thx

[recovering disk space - old attachment deleted by admin]

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[glathem40]

per your  request

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***********************************************
Please do not attach the logs unless absolutely necessary. Copy and paste them in your reply.

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
***************************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
O4 - HKCU\..\Run: [ihzbjgg] rundll32 "C:\Users\computer 1\AppData\Roaming\vaultclie.dll",upjkmp

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[glathem40]

Hello Dave,
       Please  excuse the delay in my response.  I have tried 3 times to respond and for some reason they would not post.  If this short message posts, I will try again.

[glathem40]

Dave - It seems as though my post times out if I include too much information.   Browser redirects are fixed folllowing your steps.  attatching hijack this log - thanks for your help !

[recovering disk space - old attachment deleted by admin]

[SuperDave]

I don't need the HJT log but I do need you to run ComboFix as instructed.

[glathem40]

Dave -
    As instructed downloaded combofix to desktop.  disabled avast realtime shield.  Right clicked combofix and ran as administrator.  After 20min this is what I ended up (screenshot).
Surely this is not what you are looking for, but I cannot figure out how to produce a log from combfix.  Once again this novice is so appreciative of your patience.

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Ok. Please try this:

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

[richardpreston]

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.

[glathem40]

Dave
      It seems to have worked per your last instructions.  Hope this is what your looking for.  As always thx.

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
*****************************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[glathem40]

Dave - logs

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Conduit Engine doesn't have a good reputation in the malware world. If you don't need it I would recommend removing it.

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[glathem40]

Dave - logs

[recovering disk space - old attachment deleted by admin]