Results 1 to 3 of 3

Thread: Google redirect virus

  1. #1
    Junior Member
    Join Date
    Aug 2010
    Posts
    3

    Lightbulb Google redirect virus

    Hello i have created this post because someone took over my previous post and i got no help. basically i have a virus that keeps redirecting me of Google search. i have tried malwarebytes, SB search and destroy, stinger, AVG but this virus wont be removed please help

    Edit: Topic started earlier today now closed: http://forums.spybot.info/showthread.php?t=58879


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Ali at 21:44:06.95 on Fri 06/08/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2047.781 [GMT 8:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Ali\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\ali\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 93.188.162.128,93.188.161.218
    TCP: {7152B458-F7CB-4AB2-940D-29221E752AD9} = 93.188.162.128,93.188.161.218
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-8-2 25168]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-2 52872]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-8-2 24856]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-2 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-2 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-2 243024]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-2 921952]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-2 308136]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-8-2 2331032]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-2 5897808]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-4 1153368]
    R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-8-2 122448]
    R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-8-2 30288]
    R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-8-2 20560]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-3 20952]
    S2 MBAMService;MBAMService;"c:\program files\malwarebytes' anti-malware\mbamservice.exe" --> c:\program files\malwarebytes' anti-malware\mbamservice.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-2 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

    =============== Created Last 30 ================

    2010-08-06 13:26:02 0 d-----w- c:\program files\Trend Micro
    2010-08-05 09:16:59 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
    2010-08-04 12:45:35 118272 ----a-w- c:\windows\system32\hpz3l696.dll
    2010-08-04 12:43:32 0 d-----w- c:\programdata\HP
    2010-08-04 12:43:25 966656 ----a-w- c:\windows\system32\hpost_p02a.dll
    2010-08-04 12:43:25 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll
    2010-08-04 12:43:25 307200 ----a-w- c:\windows\system32\hposc_p02a.dll
    2010-08-04 12:43:25 261432 ----a-w- c:\windows\system32\hpzids01.dll
    2010-08-04 10:25:34 0 ----a-w- c:\windows\system32\RSPlus.que
    2010-08-04 09:07:50 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-08-04 09:07:50 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-03 10:54:39 0 d-----w- c:\users\ali\appdata\roaming\Malwarebytes
    2010-08-03 10:51:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-03 10:51:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-03 10:51:28 0 d-----w- c:\programdata\Malwarebytes
    2010-08-03 10:51:28 0 d-----w- c:\program files\Malwarebytes Anti-Malware
    2010-08-03 10:38:29 20 ----a-w- c:\windows\system32\SYSTEM
    2010-08-02 11:55:46 0 d---a-w- c:\programdata\TEMP
    2010-08-02 11:41:47 0 d--h--w- C:\$AVG
    2010-08-02 11:24:25 0 d-----w- c:\programdata\XoftSpySE
    2010-08-02 10:05:31 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-08-02 10:04:37 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-08-02 10:04:22 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-08-02 09:49:32 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2010-08-02 09:45:47 0 d-----w- c:\windows\PCHEALTH
    2010-08-02 09:44:15 0 d-----w- c:\program files\Microsoft Visual Studio 8
    2010-08-02 09:43:30 0 d-----w- c:\programdata\Microsoft Help
    2010-08-02 09:17:25 0 d-----w- c:\programdata\Sony
    2010-08-02 08:30:47 0 d-----w- c:\users\ali\Tracing
    2010-08-02 08:30:19 0 d-----w- c:\program files\common files\Windows Live
    2010-08-02 08:28:01 0 d-----w- c:\users\ali\appdata\roaming\AVG9
    2010-08-02 08:21:34 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-08-02 08:21:34 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
    2010-08-02 08:21:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-08-02 08:21:32 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-08-02 08:21:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-08-02 08:21:25 0 d-----w- c:\windows\system32\drivers\Avg
    2010-08-02 08:20:11 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
    2010-08-02 08:19:01 0 d-----w- c:\programdata\avg9
    2010-08-02 05:18:10 0 d-----w- c:\windows\Panther
    2010-08-02 05:12:25 0 d-----w- C:\Windows.old
    2010-08-02 04:21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    2010-08-01 23:39:24 0 d-----w- c:\programdata\McAfee Security Scan
    2010-08-01 23:39:24 0 d-----w- c:\programdata\McAfee
    2010-08-01 23:39:22 0 d-----w- c:\program files\McAfee Security Scan
    2010-08-01 23:19:44 3 --sha-r- C:\win7ldr
    2010-08-01 23:19:44 3 ----a-w- c:\windows\7Loader.TAG
    2010-08-01 23:19:44 203316 --sha-r- C:\grldr
    2010-08-01 14:30:51 0 d-----w- c:\users\ali\appdata\roaming\uTorrent
    2010-08-01 14:29:37 0 d-----w- c:\program files\common files\Steam
    2010-08-01 14:28:37 0 d-sh--w- c:\windows\Installer
    2010-08-01 14:24:27 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-08-01 14:15:16 0 d-----w- c:\users\ali\9Dragons
    2010-08-01 14:11:31 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
    2010-08-01 14:10:40 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-08-01 14:10:38 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-08-01 14:06:56 65536 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TM.blf
    2010-08-01 14:06:56 524288 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TMContainer00000000000000000002.regtrans-ms
    2010-08-01 14:06:56 524288 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TMContainer00000000000000000001.regtrans-ms
    2010-08-01 13:38:03 0 d-----w- c:\windows\system32\wbem\Performance
    2010-08-01 13:33:01 0 d-sh--w- C:\Recovery
    2010-08-01 13:06:28 8192 --sha-r- C:\BOOTSECT.BAK
    2010-08-01 13:06:23 383562 --sha-r- C:\bootmgr
    2010-08-01 13:06:15 0 d-sh--w- C:\Boot
    2010-08-01 10:30:56 0 d-----w- c:\program files\Windows 7 Ultimate 32bit + activator + Bonus
    2010-07-29 14:32:57 0 d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    2010-07-24 06:20:58 0 d-----w- c:\program files\IObit
    2010-07-16 05:48:36 0 d-----w- C:\.sabsabionlinev9
    2010-07-14 05:52:51 0 d-----w- c:\program files\YouTube Downloader
    2010-07-13 14:23:11 0 d-----w- c:\program files\GoldWave
    2010-07-13 14:00:22 0 d-----w- c:\program files\HLDJ
    2010-07-13 11:33:17 0 d-----w- c:\program files\Illustrate
    2010-07-12 14:31:52 0 d-----w- c:\program files\Sony
    2010-07-12 13:32:27 0 d-----w- c:\program files\Fraps 3.0.3 [2010] - www.GuruFuel.com
    2010-07-12 13:29:32 0 d-----w- c:\program files\Ask.com
    2010-07-12 13:29:15 0 d-----w- c:\program files\uTorrent
    2010-07-08 08:59:18 0 d-----w- c:\program files\Coupons
    2010-07-08 08:19:29 0 d-----w- c:\program files\HP
    2010-07-08 08:04:16 0 d-----w- c:\program files\HP Photo Creations

    ==================== Find3M ====================

    2010-07-12 15:04:25 2688 ----a-w- c:\program files\Register Vegas Pro.htm
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 21:46:43.52 ===============
    Last edited by tashi; 2010-08-07 at 07:44. Reason: Added link to previous topic

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello Takichi,

    Again,
    Waiting for help in the Malware Forum FOUR days or longer?

    Posters who start topics at multiple sites for their PC problem waste valuable volunteer resources, so please don't. Our analysts assist people at several forums. A member's user name may be different, the problem will not be. A worse scenario would be to run fixes given at one site unbeknown to the person helping the same user elsewhere.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    http://www.bleepingcomputer.com/forums/topic338058.html

    Our helpers do not wish to be pm-ed over there either.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Aug 2010
    Posts
    3

    Default

    I Think i might of fixed the virus,
    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •