[Resolved] Browser Redirection

[Hoov]

Go ahead and run it for a day and see if it comes back. Make sure to reboot it a few times in there. Everything looks good from this side.

You may want to run ccleaner again.

[ohtara1211]

The same problem reared it's head last night again. Ugh! It worked fine for a while and then reappeared. At your suggestion I ran ccleaner again. I did not downlod anything, so I am assuming it's still the original problem. Other than accessing a few sites to test the repair I made no changes to the system.

[Hoov]

Try resetting IE.

   1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
   2. On the Advanced tab, click Reset.
   3. In the Reset Internet Explorer Settings dialog box, click Reset.
   4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
   5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

The Reset Internet Explorer Settings feature restores the following items to their default settings:

    * Home pages
    * Search scopes
    * Browsing history
    * Form data
    * Passwords
    * Appearance settings
    * Toolbars
    * ActiveX controls

Additionally, the Reset Internet Explorer Settings feature disables all add-ins. However, it does not remove the add-ins.

[ohtara1211]

Tried the reset, no luck. I was able to notice just before every redirect the first part of the domain reads:  http://71229.123bounce.com  Thought that might be a helpful clue

[Hoov]

I need you to turn off Teatimer in Spybot. Then I need you to reset it using the instructions below.

To reset TeaTimer so that it does not remember any previous entries:

   1. Edit the entries that TeaTimer uses to automatically "Allow" or "Deny" changes that were based on the use of "Remember this decision" as follows:

          * Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
                o Allowed processes
                o Blocked processes
                o Allowed registry changes
                o Blocked registry changes

                  Note: If you don't see all four buttons, try expanding the window to the right.

          * The entries that you should review are in "Allowed registry changes" and "Blocked registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete and then clicking the "OK" button when you're done. This will in effect make TeaTimer forget what you told it to remember so that during future changes to these items TeaTimer will issue a pop-up dialog rather then just a notification pop-up.

   2. Reset TeaTimers snapshot files:

          * TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup. Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshot was taken. This happens primarily when you reboot the system. To refresh TeaTimer's snapshot files:
                o Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
                      + TeaTimer closes.
                      + TeaTimer's snapshot files are refreshed at this time.
               
Now update Malwarebytes' Anti-Malware and run a quick scan fix anything it finds, and then reboot window. Post the log from Malwarebytes' Anti-Malware , and let me know if your browser is still being redirected after the reboot.

[ohtara1211]

completed requests for teatimer and Malware. here is the log

Malwarebytes' Anti-Malware 1.44
Database version: 3796
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/26/2010 12:13:11 PM
mbam-log-2010-02-26 (12-13-11).txt

Scan type: Quick Scan
Objects scanned: 112462
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Hoov]

Are you still being redirected?

[ohtara1211]

Yes I am still being redirected

[Hoov]

Please download and alternate browser and see if you are being redirected with it.

Firefox
Safari
Google Chrome
Opera

[ohtara1211]

Downloaded and used Firefox. Still getting the same error.

[Hoov]

Do you have another computer connected thru this same internet connection? Is it also being redirected?

[ohtara1211]

this is the only one. I get the same problem  on the wifi at work. I had a friend plug his laptop in and he had no problems.

[Hoov]

In IE, Please perform a BitDefender Online Virus and Malware Scan here:
http://www.bitdefender.com/scan8/ie.html
    * Click on I Agree.
    * An ActiveX warning box will appear, click on Install.
    * Under Select What You Want To Check For Viruses.
    * Please Check My Computer and Click Ok
    * Now Click On Click Here To Scan
    * Next, Click on Click here to export the scan report
    * Save it to your Desktop.
    * In your next reply, please include the BitDefender log.

Thanks for checking the computers and connections.

[ohtara1211]

Hree is the BitDefender log. Looks like it didn't find anything.

BitDefender Online Scanner
 
 
 
Scan report generated at: Mon, Mar 01, 2010 - 17:01:18
 
 
 
 
 
Scan path: C:\Documents and Settings\Jeff\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;
 
 
 
 
 
 
 
Statistics
 
Time
 01:15:51
 
Files
 198269
 
Folders
 4382
 
Boot Sectors
 0
 
Archives
 7881
 
Packed Files
 15177
 
 
 
 
Results
 
Identified Viruses
 0
 
Infected Files
 0
 
Suspect Files
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 0
 
 
 
 
Engines Info
 
Virus Definitions
 5356020
 
Engine build
 AVCORE v2.1 Windows/i386 11.0.0.33 (Jan 06 2010)
 
Scan plugins
 17
 
Archive plugins
 44
 
Unpack plugins
 8
 
E-mail plugins
 6
 
System plugins
 4
 
 
 
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
 
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
 
 
 
  Scanned File
  Status
 
No virus found.
 
 
 
 

[Hoov]

This next set of instructions are going to need you to do two things at the same time. First open a browser, doesn't matter which one.

Then Click the windows start button --> run
Type cmd in the Run box.
In the command prompt that opens, type or copy and paste the following:
netstat -b 5 > activity.txt , Press Enter.

Now try to do a search and click on one of the links and go to wherever it takes you.

Then press Ctrl+C.
Type activity.txt on the command line to open the log file in notepad.

Paste the contents in your next reply, and let me know if you were redirected.