Jump to content

Constant redirects to several websites

Recommended Posts

I am having constant redirects in both Foxfire and Explorere. Started as google-analitics and now there are many.

Here is my rootkit scan:

GMER - http://www.gmer.net

Rootkit scan 2010-08-15 08:32:33

Windows 6.0.6002 Service Pack 2

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0007611f2755

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\0007611f2755 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\0007611f2755@00076123af85 0x72 0x35 0x03 0xC4 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0350696E-1974-2669-4EED-88923B795DF6}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0350696E-1974-2669-4EED-88923B795DF6}@iagolfcaijmjmihaem 0x6A 0x61 0x66 0x62 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0350696E-1974-2669-4EED-88923B795DF6}@hamngddnljjmjdpi 0x6A 0x61 0x63 0x62 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0350696E-1974-2669-4EED-88923B795DF6}@hadnmgkkkoihfoho 0x66 0x61 0x70 0x61 ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello and :)

I will be helping you on removing malwares on your computer. Log research takes time, so please be patient and I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Do not install/uninstall anything on your computer unless advised.
  • Do not run any other scanning tools other than those instructed for you to use.
  • Follow the instructions on the order they are given.
  • Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
  • If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
  • If you do not reply within 3 days after my last response, I will be asking you whether you still need assistance and if you still don't reply within 48 hours then the topic will be closed.
  • And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.


You will need to right click and choose "Run as Administrator" to run the tools we will use.

  • Download OTL to your desktop.
  • Right click on the icon then choose Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    drivers32 /all










    %systemroot%\*. /mp /s








    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles


    %systemroot%\system32\user32.dll /md5

    %systemroot%\system32\ws2_32.dll /md5

    %systemroot%\system32\ws2help.dll /md5


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.