Hello All, I've been using this forum to try to rid my laptop of this Google Redirect Virus, but nothing seems to take. If someone could please help me out, it would be really appreciated. Here are my logs: DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by JOVY at 17:20:37 on 2012-10-16 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1421 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Canon\DIAS\CnxDIAS.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\Explorer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{DCD8641A-2A95-4BA3-B3B4-D8100439DFDE} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DCD8641A-2A95-4BA3-B3B4-D8100439DFDE}\0527573616346513 : DHCPNameServer = 75.49.64.94 68.94.156.1 192.168.40.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\baidu\baiduplayer\1.12.0.11\npxbdyy.dll FF - plugin: c:\program files\baidu\baiduplayer\1.12.0.11\npxbdyyreg.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\users\jovy\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-08-24 16:33; closetabstotheright@4kwh.net; c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\extensions\closetabstotheright@4kwh.net.xpi FF - ExtSQL: 2012-08-24 17:08; firegestures@xuldev.org; c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\extensions\firegestures@xuldev.org.xpi . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-9-23 65192] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-2 116648] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-2 116648] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 115168] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] . =============== Created Last 30 ================ . 2012-10-16 22:33:08 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{927ce751-6edf-411f-bcf4-b7d56f452e64}\offreg.dll 2012-10-16 22:32:38 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{927ce751-6edf-411f-bcf4-b7d56f452e64}\mpengine.dll 2012-10-16 22:23:19 -------- d-----w- C:\$RECYCLE.BIN 2012-10-16 22:21:50 -------- d-----w- c:\users\jovy\appdata\local\temp 2012-10-16 01:43:56 -------- d-----w- c:\users\jovy\appdata\local\Macromedia 2012-10-05 23:29:35 -------- d-----w- c:\program files\CCleaner 2012-10-05 22:43:23 98816 ----a-w- c:\windows\sed.exe 2012-10-05 22:43:23 256000 ----a-w- c:\windows\PEV.exe 2012-10-05 22:43:23 208896 ----a-w- c:\windows\MBR.exe 2012-10-05 22:38:35 -------- d-----w- c:\users\jovy\appdata\local\VirtualStore 2012-10-05 22:34:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-05 22:03:34 388096 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-10-05 22:03:34 -------- d-----w- c:\program files\Trend Micro 2012-10-05 22:03:06 -------- d-----w- c:\program files\VS Revo Group 2012-10-02 01:27:06 -------- d-----w- c:\users\jovy\appdata\local\webkit 2012-09-27 04:13:37 -------- d-----w- c:\programdata\RegRun 2012-09-27 04:13:24 2 --shatr- c:\windows\winstart.bat 2012-09-17 23:04:15 -------- d-----w- c:\programdata\Sophos 2012-09-17 23:02:49 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-09-17 23:02:49 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-09-17 23:02:45 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe 2012-09-17 23:02:29 -------- d-----w- c:\program files\Sophos 2012-09-17 23:00:47 -------- d-----w- c:\users\jovy\appdata\roaming\SUPERAntiSpyware.com 2012-09-17 23:00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-09-17 23:00:15 -------- d-----w- c:\program files\SUPERAntiSpyware . ==================== Find3M ==================== . 2012-10-15 23:54:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-15 23:54:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-05 22:34:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-05 22:34:37 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 17:21:01.15 =============== . ******** UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 2/10/2012 2:35:59 AM System Uptime: 10/16/2012 3:22:28 PM (2 hours ago) . Motherboard: Dell Inc. | | 0WY040 Processor: Intel® Core2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1601/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 26 GiB total, 5.651 GiB free. D: is FIXED (NTFS) - 48 GiB total, 10.012 GiB free. E: is CDROM () I: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02281028&REV_12\4&39A5768A&0&0BF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02281028&REV_12\4&39A5768A&0&0BF0 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02281028&REV_12\4&39A5768A&0&0AF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02281028&REV_12\4&39A5768A&0&0AF0 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Dell Wireless 1490 Dual Band WLAN Mini-Card Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&4A128E6&0&00E1 Manufacturer: Broadcom Name: Dell Wireless 1490 Dual Band WLAN Mini-Card PNP Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&4A128E6&0&00E1 Service: BCM43XX . ==== System Restore Points =================== . RP192: 10/16/2012 3:14:13 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI BaiduPlayer1.12.0.11 Canon MF Toolbox 4.9.1.1.mf12 Canon MF4320-4350 CCleaner Daum PotPlayer 1.5.31934 Dell Touchpad foobar2000 v1.1.11 GIMP 2.8.0 Google Chrome Google Update Helper HiJackThis Java 7 Update 7 Java Auto Updater JDownloader 0.9 Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft Antimalware Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service Revo Uninstaller 1.94 Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Sophos Virus Removal Tool Spotify SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VirtualCloneDrive XnView 1.98.8 . ==== Event Viewer Messages From Past Week ======== . 10/16/2012 3:18:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/16/2012 3:00:24 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 10/15/2012 4:58:28 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/15/2012 4:58:28 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 10/15/2012 4:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 10/12/2012 12:35:17 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/10/2012 9:06:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File ===========================
