Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google redirect malware

Unread postby rsund » June 17th, 2009, 6:44 am

Also I ran a complete scan with the Microsoft Windows Malicious Software Removal Tool and it found several items which it fixed. The Winlogon.exe issue appears to be resolved.

Here is the mrt log


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.2, March 2005
Started On Wed Mar 09 03:00:17 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 09 03:00:21 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.3, April 2005
Started On Fri Apr 15 22:50:25 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 15 22:50:32 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.4, May 2005
Started On Wed May 11 03:00:18 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 11 03:00:28 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.5, June 2005
Started On Thu Jun 16 03:00:42 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 16 03:00:52 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.6, July 2005
Started On Wed Jul 13 03:00:34 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 13 03:00:44 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.7, August 2005
Started On Wed Aug 10 03:00:34 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 10 03:00:44 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.8, September 2005
Started On Wed Sep 14 03:00:19 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 14 03:00:30 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.9, October 2005
Started On Tue Oct 18 03:01:29 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 18 03:01:42 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.10, November 2005
Started On Thu Nov 10 03:00:34 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 10 03:00:46 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.11, December 2005
Started On Thu Dec 15 03:00:18 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 15 03:00:28 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.12, January 2006
Started On Thu Jan 12 03:00:46 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 12 03:01:01 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.13, February 2006
Started On Fri Feb 17 03:00:21 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 17 03:00:35 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.14, March 2006
Started On Sat Mar 18 03:00:22 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Mar 18 03:00:33 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.15, April 2006
Started On Sat Apr 15 03:01:16 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 15 03:01:29 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.16, May 2006
Started On Thu May 11 03:00:40 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 11 03:00:54 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.17, June 2006
Started On Thu Jun 15 03:01:22 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 15 03:01:34 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.18, July 2006
Started On Wed Jul 12 03:00:23 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 12 03:00:37 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.19, August 2006
Started On Thu Aug 10 03:00:48 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 10 03:01:06 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.20, September 2006
Started On Thu Sep 14 19:46:26 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 14 19:46:39 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.21, October 2006
Started On Sun Oct 15 03:00:22 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Oct 15 03:00:37 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.22, November 2006
Started On Sat Nov 18 05:52:29 2006
->Sysclean WARNING: MemScanGetImagePathFromPid(172) (Win32 Error Code: 0x00000057 (87):The parameter is incorrect.) [704]

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 18 05:52:45 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.23, December 2006
Started On Wed Dec 13 18:48:54 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 13 18:49:11 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Thu Jan 11 22:09:53 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 11 22:10:06 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.25, February 2007
Started On Sun Feb 18 03:01:13 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 18 03:01:30 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
Started On Fri Mar 16 03:01:02 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Mar 16 03:01:20 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
Started On Fri Apr 13 03:00:27 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 13 03:00:43 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Thu May 10 03:00:31 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 10 03:01:22 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Thu Jun 14 03:01:07 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 14 03:01:56 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.31, July 2007
Started On Wed Jul 11 04:52:09 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 04:55:45 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.32, August 2007
Started On Wed Aug 15 05:06:53 2007
->Scan ERROR: resource process://pid:3276 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:3276 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 15 05:07:51 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Tue Sep 11 18:53:36 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 11 18:55:11 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
Started On Wed Oct 10 03:01:25 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 03:02:24 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.35, November 2007
Started On Wed Nov 14 03:00:35 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 14 03:01:36 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Wed Dec 12 03:01:54 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 03:02:53 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
Started On Wed Jan 09 21:55:17 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 21:56:58 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Wed Feb 13 03:02:04 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 03:03:13 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
Started On Wed Mar 12 03:01:08 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 12 03:02:17 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Thu Apr 10 03:01:43 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 03:02:57 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.41, May 2008
Started On Fri May 16 03:01:31 2008
->Scan ERROR: resource process://pid:568 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:568 (code 0x0000054F (1359))
-> Sysclean ERROR: Internal error, code = 8050800C

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 16 03:04:31 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.42, June 2008
Started On Tue Jun 10 21:28:43 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 10 21:29:54 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.0, July 2008
Started On Fri Jul 18 05:38:41 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 18 05:40:00 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.1, August 2008
Started On Fri Aug 15 03:03:30 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 15 03:05:55 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.2, September 2008
Started On Wed Sep 10 03:01:16 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 03:02:40 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.3, October 2008
Started On Wed Oct 15 03:03:26 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 03:09:21 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
Started On Wed Nov 12 03:02:08 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 12 03:03:35 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.5, December 2008
Started On Sat Dec 13 03:00:29 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 13 03:02:10 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
Started On Wed Jan 14 03:00:26 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 03:02:19 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.7, February 2009
Started On Wed Feb 11 03:01:15 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 03:03:10 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
Started On Sat Mar 21 03:01:21 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Mar 21 03:04:01 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
Started On Tue Apr 21 03:02:21 2009
Security policy adjusted. Engine requests reboot and try again, ignoring.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 21 03:04:11 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Thu May 14 03:00:23 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 03:02:11 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Mon Jun 15 21:43:37 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:3832 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jun 15 21:45:39 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Tue Jun 16 05:48:06 2009

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:3264 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
No infection found as part of the extended scan

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 16 06:16:45 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Tue Jun 16 19:43:46 2009

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
Found malware: Trojan:Win32/Alureon.BU in file://C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxccwluomonqnknlvpfgihlydxxrlltqjlj.dll.vir
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1619\A0391218.dll
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1620\A0391236.dll
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1621\A0392006.dll
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1622\A0392028.dll
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1623\A0392035.dll
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1624\A0395007.dll
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1626\A0395033.dll
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1627\A0395063.dll
Found malware: Trojan:Win32/Zlob.gen!S in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1629\A0395109.dll
->Scan ERROR: resource file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1677\A0409948.dll (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1677\A0409949.sys (code 0x00000005 (5))
Found malware: Trojan:Win32/Alureon.gen!J in file://C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1677\A0409974.com

Extended Scan Removal Results
----------------
Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1677\A0409974.com
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1629\A0395109.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1627\A0395063.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1626\A0395033.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1624\A0395007.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1623\A0392035.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1622\A0392028.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1621\A0392006.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1620\A0391236.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1619\A0391218.dll
Operation succeeded !

Start 'remove' for file://\\?\C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxccwluomonqnknlvpfgihlydxxrlltqjlj.dll.vir
Operation was scheduled to be completed after next reboot.


Results Summary:
----------------
For cleaning Trojan:Win32/Alureon.BU, the system needs to be restarted.
Found Trojan:Win32/Alureon.gen!J and Removed!
Found Trojan:Win32/Zlob.gen!S and Removed!

Return code: 10
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 16 22:21:18 2009
rsund
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 10:55 pm
Advertisement
Register to Remove

Re: Google redirect malware

Unread postby Dakeyras » June 17th, 2009, 9:18 am

Hi :)

Also I ran a complete scan with the Microsoft Windows Malicious Software Removal Tool and it found several items which it fixed.
Why did you do this?

If I may draw your attention to this part from my welcome speech:
Refrain from running self fixes as this will hinder the malware removal process.
I think the above is quite self explanatory ;)

The Winlogon.exe issue appears to be resolved.
Fair play, if not since the file upload indicated it is not infected we can repair the file if the need.

New Adobe Reader Installation:

  • Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

Note: Use Internet Explorer for this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Kaspersky report.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Google redirect malware

Unread postby rsund » June 17th, 2009, 7:18 pm

Acrobat reader v9 installed

I am unable to run this scan.

After the clicking on accept the following message pop-up appeared:

"Starting Java applet has failed. please go online to use this program"
rsund
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 10:55 pm

Re: Google redirect malware

Unread postby Dakeyras » June 18th, 2009, 5:32 am

Hi :)

Please try this online scanner instead, thank you.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Google redirect malware

Unread postby rsund » June 18th, 2009, 7:36 pm

Here is the log file
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=e5adf5a73f42094a9f9cd4ec6644f82c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-06-18 01:33:53
# local_time=2009-06-18 08:33:53 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=516 21 100 100 121072343750
# scanned=203201
# found=9
# cleaned=0
# scan_time=11780
C:\Documents and Settings\All Users\Documents\aresp2pfree(2).exe multiple threats 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\aresp2pfree.exe multiple threats 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\arespremium.exe multiple threats 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\killingzoneInst.exe multiple threats 00000000000000000000000000000000
C:\Downloads\CueClub-dm[1].exe Win32/Adware.Trymedia application 00000000000000000000000000000000
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcayvhcwxghbqxkabugtltvffsdrjamuov.sys.vir a variant of Win32/Kryptik.SB trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1677\A0409947.sys a variant of Win32/Kryptik.SB trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1677\A0409981.exe a variant of Win32/Downloader.Ircfast application 00000000000000000000000000000000
rsund
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 10:55 pm

Re: Google redirect malware

Unread postby Dakeyras » June 19th, 2009, 6:49 am

Hi :)

Please download OTM to your Desktop.

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Files
C:\Documents and Settings\All Users\Documents\aresp2pfree(2).exe
C:\Documents and Settings\All Users\Documents\aresp2pfree.exe 
C:\Documents and Settings\All Users\Documents\arespremium.exe
C:\Documents and Settings\All Users\Documents\killingzoneInst.exe
C:\Downloads\CueClub-dm[1].exe
C:\Program Files\AIM\Sysfiles\WxBug.EXE

:Commands
[EmptyTemp]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

When completed the above, please post back the following:

  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • OTM Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Google redirect malware

Unread postby rsund » June 19th, 2009, 7:24 am

Here is the infomration from the results area
C:\Documents and Settings\All Users\Documents\killingzoneInst.exe moved successfully.
C:\Downloads\CueClub-dm[1].exe moved successfully.
C:\Program Files\AIM\Sysfiles\WxBug.EXE moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Richard Sund\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.1 log created on 06192009_061433


Here is the OTM log
========== FILES ==========
C:\Documents and Settings\All Users\Documents\aresp2pfree(2).exe moved successfully.
C:\Documents and Settings\All Users\Documents\aresp2pfree.exe moved successfully.
C:\Documents and Settings\All Users\Documents\arespremium.exe moved successfully.
C:\Documents and Settings\All Users\Documents\killingzoneInst.exe moved successfully.
C:\Downloads\CueClub-dm[1].exe moved successfully.
C:\Program Files\AIM\Sysfiles\WxBug.EXE moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Richard Sund\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.1 log created on 06192009_061433

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_7fc.dat not found!

Registry entries deleted on Reboot...
rsund
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 10:55 pm

Re: Google redirect malware

Unread postby rsund » June 19th, 2009, 7:27 am

No new issues seen in computer performance :)

Here is the new Hijack This log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:49 AM, on 6/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/?cid=NET_mmhpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.dmr.com/postauthI/epi.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5126862890
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - https://www.contentwatch.com/audit/incl ... ontrol.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fc.webex.com/client/v_mywebex-t ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sslvpn.consulting-fujitsu.com/d ... tupSP1.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12403 bytes
rsund
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 10:55 pm

Re: Google redirect malware

Unread postby Dakeyras » June 19th, 2009, 7:55 am

Hi :)

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in Combofix /u in the and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image

Clean up with OTM:

  • Double-click OTM to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed combination security application, Trend Micro Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Make your Internet Explorer safer:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Note: Internet Explorer v8 has been recently released from its beta program, my advice hold off upgrading for the time being as no doubt flaws will be identified and fixes released over the coming months.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above.

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions, feel free to ask? If not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Google redirect malware

Unread postby rsund » June 20th, 2009, 10:36 am

Thank you for al of your assistance!
rsund
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 10:55 pm

Re: Google redirect malware

Unread postby Dakeyras » June 20th, 2009, 12:34 pm

Hi :)

A pleasure to be of assistance and you are very welcome!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Google redirect malware

Unread postby Gary R » June 21st, 2009, 9:52 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware