Results 1 to 3 of 3

Thread: Google redirect virus, tried different things

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2011-05-05, 02:23 #1
    pcyouzer
    pcyouzer is offline
    Junior Member
    Join Date
    May 2011
    Posts
    1

    Default Google redirect virus, tried different things

    (This is a little long)

    I had this problem before but i forgot how i got rid of it. i didnt reformat my hard drive. Problem is in Internet Explorer too, not just Firefox.

    i ran mbam and tdskiller about 10 times, ccleaner, just ran combo fix. i saw this youtube video http://www.youtube.com/watch?v=TLVifFbLIso and did everything it said. tried doin a google search on another drive but there's so many methods.

    First, I had a few bugs long before this. I think it started with Winrar, I tried googling a free original version of winrar (not the demo) and I d/l'ed what i thought to be a real winrar, but it was a demo. Then a day later (or something i dunno) i get some pop up windows everytime i boot my computer. One window was a winrar installation window, another was a windows explorer error. The last was a firefox error, it would randomly be the same 1-4 windows, the one where it says "send error report". I was too lazy to deal with it then so i just ignored it and closed the windows when they came up. but finally yesterday my computer got too messed up to use. I googled a sports streaming site for something i wanted to watch, my other streams were too laggy or had other problems. I forgot the site, but within 30 minutes my screen went blue, and had a

    Yesterday I got the google redirect virus, not sure how. I was on a sports streaming website, this one i googled what i wanted to watch cause my other streams were too slow or had problems. Then maybe 20 minutes a virus got on my system tray and turned the screen blue. I cant remember what it was, i dealt with things like that and all i had to do was run mbam to get rid of it. It was probably "windows virus removal" or something like that. so after i run mbam it's gone and it got rid of the pop up windows that show up when the computer starts up. so the computer's back to normal. but then when i use google i see the redirect virus is back.

    Also, everytime I close all of the firefox browsers i have running, it changes my "connection settings" to "manual proxy configuration to proxy 127.0.0.1". I have to change it back to "no proxy" to use firefox.

    Other web search sites work, i tried yahoo and it was fine. I can still use the internet and normal speed. I just cant do anything through google. i have to type in or copy paste the url address if it's not in my bookmarks. when i use google search it takes awhile.


    Here's the combofix log. didnt really read it, im not that good w/ computers. hoping someone here can help me get rid of this piece of ****.

    ComboFix 11-05-04.02 - Sandesh 05/04/2011 14:13:34.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1510 [GMT -7:00]
    Running from: c:\documents and settings\Sandesh\My Documents\Downloads\ComboFix.exe
    FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\bC28614ClCpD28614
    c:\documents and settings\All Users\Application Data\bC28614ClCpD28614\bC28614ClCpD28614
    c:\documents and settings\All Users\Application Data\bC28614ClCpD28614\bC28614ClCpD28614.exe
    c:\documents and settings\Sandesh\Application Data\chrtmp
    c:\documents and settings\Sandesh\Application Data\SQLite3.dll
    C:\Microsoft
    c:\windows\system32\install
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-04 17:57 . 2011-05-04 17:57 -------- d-----w- c:\program files\CCleaner
    2011-05-04 17:12 . 2011-05-04 17:12 -------- d-----w- c:\documents and settings\Sandesh\Local Settings\Application Data\Threat Expert
    2011-05-04 01:06 . 2011-01-07 21:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2011-05-04 01:06 . 2011-01-07 21:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2011-05-04 01:06 . 2011-01-07 21:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
    2011-05-04 01:06 . 2011-01-07 21:54 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-05-04 01:05 . 2010-07-16 21:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2011-05-04 01:05 . 2010-07-16 21:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-05-04 01:05 . 2011-01-17 16:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-05-04 01:04 . 2010-12-10 23:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-05-04 01:04 . 2010-12-10 20:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-05-04 01:04 . 2010-12-16 15:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-05-04 01:04 . 2011-05-04 01:33 -------- d-----w- c:\program files\PC Tools Security
    2011-05-04 01:04 . 2011-05-04 01:06 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-05-04 01:04 . 2011-05-04 01:04 -------- d-----w- c:\documents and settings\Sandesh\Application Data\PC Tools
    2011-05-04 01:04 . 2011-05-04 21:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-05-04 01:03 . 2011-05-04 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-05-03 19:14 . 2011-05-03 19:14 55552 ---ha-w- c:\windows\system32\netding6.tmp
    2011-05-03 02:54 . 2011-05-03 02:54 -------- d-----w- c:\documents and settings\Sandesh\Application Data\Malwarebytes
    2011-05-03 02:54 . 2011-05-03 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-03 02:54 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-03 02:53 . 2011-05-03 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-03 02:53 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-03 01:34 . 2011-05-03 01:34 0 ---ha-w- c:\documents and settings\Sandesh\Local Settings\Application Data\BIT3.tmp
    2011-04-30 22:49 . 2011-04-30 22:49 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-04-30 22:49 . 2011-04-30 22:49 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-04-30 22:49 . 2011-04-30 22:49 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-04-30 22:49 . 2011-04-30 22:49 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-04-30 22:49 . 2011-04-30 22:49 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-04-30 22:49 . 2011-04-30 22:49 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-04-30 22:49 . 2011-04-30 22:49 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-04-30 22:49 . 2011-04-30 22:49 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-04-19 04:22 . 2010-05-25 03:33 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-30 22:49 . 2011-04-30 22:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-02-28 12:00 94784 --sh--w- c:\windows\twain.dll
    2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
    2010-09-18 06:53 974848 --sh--w- c:\windows\system32\mfc42.dll
    2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll
    2008-04-14 00:12 343040 --sh--w- c:\windows\system32\msvcrt.dll
    2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12 84992 --sh--w- c:\windows\system32\olepro32.dll
    2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Sandesh^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Sandesh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 07:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
    2001-08-10 01:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2001-08-04 02:24 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
    2001-08-04 02:24 311296 ----a-w- c:\windows\system32\hphmon03.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
    2006-06-02 08:45 385024 ------r- c:\windows\system32\JMRaidTool.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
    2009-07-29 22:28 252424 ----a-w- c:\windows\system32\MAFWTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2011-01-08 03:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2010-11-04 16:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2006-05-01 10:07 843776 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateUSB]
    2006-06-23 06:48 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=3 (0x3)
    "wscsvc"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/3/2011 6:04 PM 239168]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [5/3/2011 6:05 PM 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [5/3/2011 6:05 PM 656320]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [5/3/2011 6:06 PM 247760]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [1/28/2011 3:18 PM 34944]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2011 5:43 PM 136176]
    S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [8/3/2001 7:24 PM 18864]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2011 5:43 PM 136176]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [5/3/2011 6:04 PM 366840]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 00:43]
    .
    2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 00:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyServer = http=127.0.0.1:55333
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    FF - ProfilePath - c:\documents and settings\Sandesh\Application Data\Mozilla\Firefox\Profiles\l53s6wij.default\
    FF - prefs.js: keyword.URL - hxxp://www.zumix2.com/s/?engine=web&src=IE-Address&site=Bing&cfg=2-471-0&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 55333
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-HKCU - c:\windows\system32\install\server.exe
    MSConfigStartUp-HKLM - c:\windows\system32\install\server.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-04 14:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(756)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    Completion time: 2011-05-04 14:17:55
    ComboFix-quarantined-files.txt 2011-05-04 21:17
    .
    Pre-Run: 2,076,930,048 bytes free
    Post-Run: 2,117,832,704 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 1F70F3331E618A1AB3645C051DED0152
    Last edited by tashi; 2011-05-05 at 06:50. Reason: Revealed and deactivated link
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules