Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect virus - can't make it go away!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirect virus - can't make it go away!

Unread postby MuzzleVelocity » August 5th, 2011, 10:56 pm

My XP machine has the google redirect virus/malware/rootkit thing. My Norton AntiVirus and MalwareBytes are updated but can't find anything. I've been researching this on the internet, and I've tried the TDSS-killer and RootKit revealer, but they also can't find anything. Please help if you can! Thank you! Here are my logs:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Admin at 20:54:53 on 2011-08-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2588 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\idt\wdm\stacsv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: disablecad = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8E720FF5-3791-4658-8988-61734797D835} : DhcpNameServer = 192.168.1.1
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\6i4lzoxe.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinzomia.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-8-7 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-8-9 2058776]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-1-23 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-23 563760]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-8-7 113664]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-8-7 240344]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-8-7 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-8-7 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-8-7 168776]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-5 136176]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-3-26 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-3-26 51456]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys --> c:\windows\system32\drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
S3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [2011-1-28 56392]
S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [2011-1-28 164552]
S3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [2011-1-28 164552]
S3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [2011-1-28 105544]
S3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [2011-1-28 164552]
S3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [2011-1-28 164552]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-5 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\b.tmp --> c:\windows\system32\B.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S3 pcidnt;pcidnt;c:\windows\system32\drivers\pcidnt.sys --> c:\windows\system32\drivers\pcidnt.sys [?]
S3 RAUSBCIP;RAUSBCIP;c:\windows\system32\drivers\rausbcip.sys [2010-2-24 64544]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-8-8 272128]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys --> c:\windows\system32\drivers\covpndrv.sys [?]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2010-10-20 704000]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2010-10-20 24192]
S3 USBSER34;USBSER34;c:\windows\system32\drivers\USBSER34.SYS [2010-12-22 37456]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WVSSCA;WVSSCA;c:\docume~1\admin\locals~1\temp\WVSSCA.exe [2011-7-31 547712]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2011-07-31 19:14:47 -------- d--h--r- C:\VProRecovery
2011-07-30 19:44:41 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-30 19:44:41 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-29 16:53:43 -------- d-----w- c:\program files\Sophos
2011-07-24 15:18:46 -------- d-----w- c:\documents and settings\admin\application data\Adobe Mini Bridge CS5
2011-07-24 15:18:45 -------- d-----w- c:\documents and settings\admin\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-07-22 20:21:33 0 ---ha-w- c:\documents and settings\admin\qhdlgtbbdb.tmp
2011-07-15 01:16:24 6601216 ----a-w- c:\windows\system32\NETw5x32.sys
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:21:32 25600 ----a-w- c:\windows\system32\MSCOMM32.oca
2011-05-29 02:54:14 101888 ----a-w- c:\windows\system32\THREED32.oca
2011-05-29 01:19:43 35840 ----a-w- c:\windows\system32\comdlg32.oca
2011-05-29 01:19:43 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca
2011-05-27 16:49:54 76288 ----a-w- c:\windows\system32\MSFlxGrd.oca
2011-05-27 16:49:54 32768 ----a-w- c:\windows\system32\Grid32.oca
2011-05-27 16:49:53 348160 ----a-w- c:\windows\system32\FM20.oca
2011-05-27 16:49:52 90624 ----a-w- c:\windows\system32\Mshflxgd.oca
2011-05-18 17:20:12 22016 ----a-w- c:\windows\system32\MSWINSCK.oca
2011-05-18 14:27:09 22016 ----a-w- c:\windows\system32\MSWINSCK.oca.crap
2011-05-18 13:34:36 74240 ----a-w- c:\windows\system32\daxctle.oca
.
============= FINISH: 20:55:48.98 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/7/2010 4:18:58 PM
System Uptime: 8/5/2011 7:47:37 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0X564R
Processor: Intel Pentium III Xeon processor | Microprocessor | 2525/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 163.401 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 125.66 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Manufacturer:
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contacted SmartCard
Device ID: USB\VID_0A5C&PID_5800&MI_01\6&66DE6C9&0&0001
Manufacturer:
Name: Contacted SmartCard
PNP Device ID: USB\VID_0A5C&PID_5800&MI_01\6&66DE6C9&0&0001
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\224B1261364FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\224B1261364FC000
Service: NIC1394
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_024F1028&REV_03\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_024F1028&REV_03\3&61AAA01&0&FB
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Photoshop CS5
Adobe Reader 9.1
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
AutoIt v2.64
BlackBerry Desktop Software 5.0.1
calibre
Canon Utilities EOS Utility
ClearKeeper
Compatibility Pack for the 2007 Office system
Crystal Reports for Visual Studio
Dell Touchpad
Detours Express 2.1
Easy CD & DVD Creator 6
eFax Messenger
Ethereal 0.10.8
FBReader for Windows
Flash Drive Tester v1.14
FMS
Free JavaScript Editor 4.7
FTDI USB Serial Converter Drivers
GoldWave v5.58
Google Earth Plug-in
Google Update Helper
Harry's Filters 3.01
HASP Device Drivers
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Icon Restore 1.0
IDT Audio
ImgBurn
Import Tool
InstallVC90Support
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel® Active Management Technology
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 26
Keyspan USB Serial Adapter
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee VirusScan Enterprise
MicroSim_EVAL_7.1
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Help Viewer 1.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft RichCopy 4.0
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft Web Publishing Wizard 1.53
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Monitor Calibration Wizard 1.0
Motion Analyzer
Motion Analyzer5.000
Mozilla Firefox 5.0 (x86 en-US)
MSDN Library - October 2001
MSXML 6.0 Parser (KB933579)
Network Stumbler 0.4.0 (remove only)
nLite 1.2.1
Norton Ghost
NVIDIA Drivers
Palm Desktop by ACCESS
PanelBuilder32
PDF Settings CS5
PE Builder 3.1.10a
QuickTime
Software Update for Web Folders
Sony Vegas Pro 8.0
Sophos Anti-Rootkit 1.5.20
SpeedFan (remove only)
Sprint SmartView
StepTree v1.8.1
Tag Data Monitor Tool
Tag Upload Download Tool
Tftpd32 Standalone Edition (remove only)
TightVNC 2.0.2
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Translate PLC-5_SLC 2.0
TuneLearn
Ultraware
Update for Microsoft Windows (KB971513)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.7
VMware Workstation
Volume Serial Number Editor
WebFldrs XP
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Imaging Component
Windows Search 4.0
Windows XP Service Pack 3
WindowsApplication1
WinPcap 3.0
WinRAR archiver
WinZip 12.1
XML Paper Specification Shared Components Language Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
8/5/2011 9:45:22 AM, error: Dhcp [1002] - The IP address lease 192.168.1.140 for the Network Card with network address DEADBEEFCAFE has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
8/2/2011 2:17:40 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
8/2/2011 2:17:39 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
7/31/2011 12:10:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
MuzzleVelocity
Active Member
 
Posts: 4
Joined: August 1st, 2011, 11:09 pm
Advertisement
Register to Remove

Re: Google Redirect virus - can't make it go away!

Unread postby deltalima » August 6th, 2011, 11:29 am

Hi MuzzleVelocity,

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect virus - can't make it go away!

Unread postby MuzzleVelocity » August 6th, 2011, 1:34 pm

Hi, this my Personal. Laptop for home use
MuzzleVelocity
Active Member
 
Posts: 4
Joined: August 1st, 2011, 11:09 pm

Re: Google Redirect virus - can't make it go away!

Unread postby deltalima » August 6th, 2011, 1:35 pm

Please let me know what Microsoft Visual Studio 2010 Ultimate - ENU is used for.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect virus - can't make it go away!

Unread postby MuzzleVelocity » August 6th, 2011, 3:12 pm

I had tried teaching myself vb.net a while ago (I used to do some vb6 stuff back in college). .NET is a different animal though!
MuzzleVelocity
Active Member
 
Posts: 4
Joined: August 1st, 2011, 11:09 pm

Re: Google Redirect virus - can't make it go away!

Unread postby deltalima » August 6th, 2011, 3:29 pm

Hi MuzzleVelocity,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know what PanelBuilder32, Translate PLC-5_SLC 2.0 and tools-netware are used for.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect virus - can't make it go away!

Unread postby MuzzleVelocity » August 6th, 2011, 4:52 pm

PanelBuilder32 and Translate PLC5_SLC 2.0 are tools for interfacing and programming allen-bradley microcontrollers. the tools-netware i dont know about. Thanks!

CKScanner results:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\misc\misc infrequent\crackin\crack.txt
c:\misc\misc infrequent\crackin\crack1.txt
c:\misc\misc infrequent\crackin\crack2.txt
scanner sequence 3.ZZ.11.EANADC
----- EOF -----
MGADiag results:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-3R89F-D2KXW-VPK3J
Windows Product Key Hash: Ro/Y7HENE9CfW7lW+QtlNbYQEE8=
Windows Product ID: 76487-640-8365391-23942
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {0AE97C32-CD48-477F-8586-BF16E8CB8634}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Prompt
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0AE97C32-CD48-477F-8586-BF16E8CB8634}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VPK3J</PKey><PID>76487-640-8365391-23942</PID><PIDType>1</PIDType><SID>S-1-5-21-1214440339-261478967-839522115</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E6500 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A19</Version><SMBIOSVersion major="2" minor="4"/><Date>20091221000000.000000+000</Date></BIOS><HWID>BC3B0D00018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57350</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 16AAD:Dell Inc|16AAD:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
MuzzleVelocity
Active Member
 
Posts: 4
Joined: August 1st, 2011, 11:09 pm

Re: Google Redirect virus - can't make it go away!

Unread postby deltalima » August 6th, 2011, 4:55 pm

You are using cracked software.

This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 272 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware