At first I had the System Security 2012 fake-antivirus thing. I used Malwarebytes and got rid of it but then I started getting other problems. Anytime I turn on my computer it loads an Avast screen saying a threat is coming from explorer.exe. So then my whole desktop freezes up because explorer can’t run. I can boot into safe mode (what I’m on right now) and it works but I think I have the google redirect too because 9 times out of ten when I click something on google I get redirected.
I ran the malwarebytes program again and it didn’t find anything, neither did an avast scan or Spybot S&D. Hopefully someone here can help.
You are using Daemon Tools which could be responsible for some of the entries in the aswMBR log, but will need to be analysed by someone more knowledgeable than I. Unfortunately essexboy is still at work and is normally back on the forums around 7pm UK time (now 1:50pm).
This mrxsmb.sys file name is associated with a legit MS file name for Microsoft Windows SMB network file (http://www.computerhope.com/cgi-bin/process.pl?p=mrxsmb.sys), but that doesn’t guarantee it is that. Does this name and purpose ring any bells ?
You could also check the offending/suspect C:\windows\system32\DRIVERS\mrxsmb.sys file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page.
The OTL log will have to be analysed by a specialist.
EDIT: I notice that you have out of date versions of JAVA, that in itself can leave you more vulnerable. So for the time being I would suggest uninstalling them using add remove programs and when you are clean install the latest JAVA version JRE6 Update 29 I think or go for the latest JRE7 version.
[*] The application window will appear
[*] Click the Disable button to disable your CD Emulation drivers
[*] Click Yes to continue[*] A ‘Finished!’ message will appear
[*] Click OK
[*] DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
Next
Please rerun aswMBR and post the log.
Next
Please open OTL .
[*]Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, click the None button near the top (it may looked greyed out)
[*]In the window under Custom Scans/Fixes copy and paste the following
[b]
/md5start
conserv.dll
/md5stop
[/b]
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.
If, after reading the FBI .pdf article, you see that you have one of the IP addresses listed in the document, then that is the source of your re-direct behavior. If not I, then someone else here can help reset your modem or router back to default settings, as they or it should be.
Note that the Internet Protocol addresses are in a range from xxx.xxx.xxx.xx1 to xxx.xxx.xxx.225, and any address that fits within that range(s) is probably compromised, as noted by the FBI.
Thanks. Finally got some time to come back. Don’t know for how long or how often but I’ll try. Let’s see…the dual core is still in the box, the win98 is still running and the one that kept shutting down had a dust bunny problem, ok now.
Dunno if this guy will be back but I’ll keep an eye on this thread.