[bvauilt]

It let me know that the key was deleted successfully. Although last night after doing all those procedures I noticed when i'm searching google my computer still seems to be re-directed to another page when I click on a link.

[sjb007]

Hi there

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start
• An information notice will appear, click OK.
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
• If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Settings > Change Settings
• Under the Scanning tab UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
• Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply

[bvauilt]

here is what it found

RegUBP2b-Caleb Brandt.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

A0000146.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2;Trojan.StartPage.1505;Deleted.;

[sjb007]

Still having redirect problems?

Please delete the version of combofix that you currently have on your computer

Next, download an updated version Combofix from any of the links below. Save the file under the name of Combo-Fix

** You must rename it before saving it. You must also ensure sure it is saved to the desktop.**

Link 1
Link 2
Link 3





Double click combofix and allow it to run, post back with the resulting log

[bvauilt]

I attempted to run ComboFix and saved it as you said..but for some reason that updated version wont run. It just comes up as a small blue dos screen and has the text bar blinking.

[sjb007]

Hi there

I want you to manually check and locate to see if a file is present or not within firefox, if it is I want you to delete it...

1) Shut down firefox.
2) Navigate to C:/Program Files/Mozilla/Firefox/extentions/{xxxxxxxxxx}/chrome/content/ and check for this file -> overlay.xul
(where xxxxxxxxxx will represent random letters and numbers. The exact letters and numbers vary from one computer to another)
3) delete the directory which has the overlay.xul file
4) restart your computer

Let me know if things improve...