Jump to content

Google redirect virus on my laptop


Recommended Posts

I have tried everything I can find, but to no avail. I have a Dell XPS M1730 laptop running Windows 7 that has the Google redirect virus. The symptoms are from either FireFox or IE 8, every time I click on a link from a search engine result list, I get redirected to a random page and every once in a while the web page that I'm looking at will randomly jump to a new page unless I stop loading the page. I usually open result links in a new tab and then use the Alt-left arrow to back up to the original page.

I have used Symantec SEP (version 11), SuperAntiSpyware 4.47, Malwarebyte's Anti-Malware, and Spyware Doctor. Nothing has detected anything except cookies. I've also run Malwarebyte's Anti-Malware, TDSSKiller, Spyware Doctor, Dr. Web CureIt!, Win32/Olmarik, the latest Windows Malicious Software Removal Tool, all to no avail.

I was going to run ComboFix, but then read that I shouldn't run it without help from one of you "trained professionals" , so I thought I'd post here and wait for instructions.

I'm an IT tech, so I'm not afraid to get down into the nuts and bolts, so to speak. I haven't had a virus on a machine in 20 years, so it is especially frustrating that I can't get rid of this one! lol

Any help I can get would be greatly appreciated.




DDS (Ver_10-12-12.02) - NTFSx86

Run by Keith at 16:40:44.13 on Tue 12/14/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1169 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============



C:\Windows\system32\svchost.exe -k DcomLaunch


C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService


C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService


C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe



C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork


C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe


C:\Windows\system32\svchost.exe -k hpdevmgmt


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe


C:\Program Files\ClipX\clipx.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe



C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TiVo\Desktop\TiVoServer.exe

C:\Program Files\TiVo\Desktop\TiVoTransfer.exe

C:\Program Files\TiVo\Desktop\TiVoNotify.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


C:\Windows\System32\svchost.exe -k LocalServicePeerNet


C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe


C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe



C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Users\Keith\Downloads\Malware Tools\dds.scr


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.