dimondwoof

Here are the 2 logs. No viruses found with ESET, but my computer seems to not be redirecting anymore. Hopefully it'll stick! If you see anything in the logs that might be a problem, please post. I'll check back on this thread over the next couple of days to see if you post anything else. Thanks so much! log.txt checkup.txt

Here is the ComboFix.txt. However, I can't find instructions on how to get the DDS log. What program do I use for that? ComboFix.txt

Sorry. Here you go. mbam_log_2011_01_16__21_35_43_.txt

DOH! Wrong TDSS log. Here is the correct one from today. Sorry about that. TDSSKiller.2.4.11.0_14.01.2011_08.30.37_log.txt

My apologies for the delay. I just started a new job and got extremely busy, but I'm ready to tackle this issue now. Attached are the 2 logs you requested. Thanks so much for your help. TDSSKiller.2.4.6.0_07.11.2010_06.46.58_log.txt mbam_log_2011_01_14__08_26_49_.txt

I have tried everything I can find, but to no avail. I have a Dell XPS M1730 laptop running Windows 7 that has the Google redirect virus. The symptoms are from either FireFox or IE 8, every time I click on a link from a search engine result list, I get redirected to a random page and every once in a while the web page that I'm looking at will randomly jump to a new page unless I stop loading the page. I usually open result links in a new tab and then use the Alt-left arrow to back up to the original page. I have used Symantec SEP (version 11), SuperAntiSpyware 4.47, Malwarebyte's Anti-Malware, and Spyware Doctor. Nothing has detected anything except cookies. I've also run Malwarebyte's Anti-Malware, TDSSKiller, Spyware Doctor, Dr. Web CureIt!, Win32/Olmarik, the latest Windows Malicious Software Removal Tool, all to no avail. I was going to run ComboFix, but then read that I shouldn't run it without help from one of you "trained professionals" , so I thought I'd post here and wait for instructions. I'm an IT tech, so I'm not afraid to get down into the nuts and bolts, so to speak. I haven't had a virus on a machine in 20 years, so it is especially frustrating that I can't get rid of this one! lol Any help I can get would be greatly appreciated. =========================================== DDS.txt: ====== DDS (Ver_10-12-12.02) - NTFSx86 Run by Keith at 16:40:44.13 on Tue 12/14/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1169 [GMT -8:00] AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Users\Keith\AppData\Local\CrossLoop\CrossLoopService.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\OEM02Mon.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ClipX\clipx.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\I8kfanGUI\I8kfanGUI.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TiVo\Desktop\TiVoServer.exe C:\Program Files\TiVo\Desktop\TiVoTransfer.exe C:\Program Files\TiVo\Desktop\TiVoNotify.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\system32\DllHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Keith\Downloads\Malware Tools\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java

Also, I'm running Windows 7. Here are other things that I've tried so far: I have SEP 11, SuperAntiSpyware 4.45. Neither of them recognize any threats. I've also run Malwarebyte's Anti-Malware, TDSSKiller, Spyware Doctor, Dr. Web CureIt!, Win32/Olmarik, the latest Windows Malicious Software Removal Tool, all to no avail. I was going to run ComboFix, but then read that I shouldn't run it without help from one of you "trained professionals" , so I thought I'd post here and wait for instructions. I'm an IT tech, so I'm not afraid to get down into the nuts and bolts, so to speak. I haven't had a virus on a machine in 20 years, so it is especially frustrating that I can't get rid of this one! lol Any help I can get would be greatly appreciated. =========================================== DDS.txt: ====== DDS (Ver_10-12-12.02) - NTFSx86 Run by Keith at 16:40:44.13 on Tue 12/14/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1169 [GMT -8:00] AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Users\Keith\AppData\Local\CrossLoop\CrossLoopService.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\OEM02Mon.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ClipX\clipx.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\I8kfanGUI\I8kfanGUI.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TiVo\Desktop\TiVoServer.exe C:\Program Files\TiVo\Desktop\TiVoTransfer.exe C:\Program Files\TiVo\Desktop\TiVoNotify.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Keith\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\system32\DllHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Keith\Downloads\Malware Tools\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java

I have tried everything I can find, but to no avail. I have a Dell XPS M1730 laptop that has the google redirect virus. The symptoms are from either FireFox or IE 8, every time I click on a link from a search engine result list, I get redirected to a random page and every once in a while the web page that I'm looking at will randomly jump to a new page unless I stop loading the page. I usually open result links in a new tab and then use the Alt-left arrow to back up to the original page. I have used Symantec SEP (version 11), SuperAntiSpyware 4.47, Malwarebyte's Anti-Malware, and Spyware Doctor. Nothing has detected anything except cookies. Can anyone give me a hand getting this cleaned up? I'd really appreciate it!