3834894325
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Google Redirect Virus
in Resolved Malware Removal Logs
Posted
Hello All,
I've been using this forum to try to rid my laptop of this Google Redirect Virus, but nothing seems to take. If someone could please help me out, it would be really appreciated. Here are my logs:
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by JOVY at 17:20:37 on 2012-10-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1421 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DCD8641A-2A95-4BA3-B3B4-D8100439DFDE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DCD8641A-2A95-4BA3-B3B4-D8100439DFDE}\0527573616346513 : DHCPNameServer = 75.49.64.94 68.94.156.1 192.168.40.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\baidu\baiduplayer\1.12.0.11\npxbdyy.dll
FF - plugin: c:\program files\baidu\baiduplayer\1.12.0.11\npxbdyyreg.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\users\jovy\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-08-24 16:33; closetabstotheright@4kwh.net; c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\extensions\closetabstotheright@4kwh.net.xpi
FF - ExtSQL: 2012-08-24 17:08; firegestures@xuldev.org; c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\extensions\firegestures@xuldev.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-9-23 65192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-2 116648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-2 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 115168]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
.
=============== Created Last 30 ================
.
2012-10-16 22:33:08 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{927ce751-6edf-411f-bcf4-b7d56f452e64}\offreg.dll
2012-10-16 22:32:38 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{927ce751-6edf-411f-bcf4-b7d56f452e64}\mpengine.dll
2012-10-16 22:23:19 -------- d-----w- C:\$RECYCLE.BIN
2012-10-16 22:21:50 -------- d-----w- c:\users\jovy\appdata\local\temp
2012-10-16 01:43:56 -------- d-----w- c:\users\jovy\appdata\local\Macromedia
2012-10-05 23:29:35 -------- d-----w- c:\program files\CCleaner
2012-10-05 22:43:23 98816 ----a-w- c:\windows\sed.exe
2012-10-05 22:43:23 256000 ----a-w- c:\windows\PEV.exe
2012-10-05 22:43:23 208896 ----a-w- c:\windows\MBR.exe
2012-10-05 22:38:35 -------- d-----w- c:\users\jovy\appdata\local\VirtualStore
2012-10-05 22:34:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-05 22:03:34 388096 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-10-05 22:03:34 -------- d-----w- c:\program files\Trend Micro
2012-10-05 22:03:06 -------- d-----w- c:\program files\VS Revo Group
2012-10-02 01:27:06 -------- d-----w- c:\users\jovy\appdata\local\webkit
2012-09-27 04:13:37 -------- d-----w- c:\programdata\RegRun
2012-09-27 04:13:24 2 --shatr- c:\windows\winstart.bat
2012-09-17 23:04:15 -------- d-----w- c:\programdata\Sophos
2012-09-17 23:02:49 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-17 23:02:49 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-17 23:02:45 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-09-17 23:02:29 -------- d-----w- c:\program files\Sophos
2012-09-17 23:00:47 -------- d-----w- c:\users\jovy\appdata\roaming\SUPERAntiSpyware.com
2012-09-17 23:00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-17 23:00:15 -------- d-----w- c:\program files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2012-10-15 23:54:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 23:54:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-05 22:34:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 22:34:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 17:21:01.15 ===============
.
********
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2012 2:35:59 AM
System Uptime: 10/16/2012 3:22:28 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0WY040
Processor: Intel® Core2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1601/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 26 GiB total, 5.651 GiB free.
D: is FIXED (NTFS) - 48 GiB total, 10.012 GiB free.
E: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02281028&REV_12\4&39A5768A&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02281028&REV_12\4&39A5768A&0&0BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02281028&REV_12\4&39A5768A&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02281028&REV_12\4&39A5768A&0&0AF0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Dell Wireless 1490 Dual Band WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&4A128E6&0&00E1
Manufacturer: Broadcom
Name: Dell Wireless 1490 Dual Band WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&4A128E6&0&00E1
Service: BCM43XX
.
==== System Restore Points ===================
.
RP192: 10/16/2012 3:14:13 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
BaiduPlayer1.12.0.11
Canon MF Toolbox 4.9.1.1.mf12
Canon MF4320-4350
CCleaner
Daum PotPlayer 1.5.31934
Dell Touchpad
foobar2000 v1.1.11
GIMP 2.8.0
Google Chrome
Google Update Helper
HiJackThis
Java 7 Update 7
Java Auto Updater
JDownloader 0.9
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Antimalware
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Revo Uninstaller 1.94
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Sophos Virus Removal Tool
Spotify
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
XnView 1.98.8
.
==== Event Viewer Messages From Past Week ========
.
10/16/2012 3:18:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/16/2012 3:00:24 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/15/2012 4:58:28 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 4:58:28 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
10/15/2012 4:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/12/2012 12:35:17 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/10/2012 9:06:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================