Help
HI my name is Jon i actually looked up a way to fix this redirect issue im haveing on my windows 7 machine and came across this site. The tools that fixed it for the other user were used on Xp i tried some of the same methods but to no avail i believe there is a diffrent file located somewhere on my pc still causing Firefox 5 to redirect everytime i do a google search. It redirects to the site goingonearth...
So far i Have run numerous open source AV software such as clamwin,Malwarebytes,spybot S&D along with a couple others i recently ran an OTL log to get some insight but am not as advanced in virus removal as i thought i was.
I do however have a recent log from clamwin which when i ran under admin privelages came up with this.
Scan Started Tue Jul 12 06:16:47 2011
-------------------------------------------------------------------------------
WARNING: Can't open file C:\Boot\BCD: Permission denied
WARNING: Can't open file C:\hiberfil.sys: Permission denied
WARNING: Can't open file C:\pagefile.sys: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05caba927dee0d635a7885ae3126445a_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06f2949c160718ee78e346d252672639_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28affbcd630372dec27c87898c1f631b_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3e9a77ddffea0f0d89963d22c5a1fbc5_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4256c009d78b51c84b41525caee99c93_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\437413cd3533044b33258e1d2e02f830_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\492ce56b2864d4e7b2effe4365196658_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4bcdf7a852e3ccba9ace43712195c155_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55ab671c25e0de302d1be09a97cfedee_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\58ee4300bdaf01139c5c2c181fffc4fc_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e6e0a5e704496d827b131a6aa1dbb8e_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\60166d1e09285147685f202770f1c52e_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ba6326717addfc6118aa8c5ec65bced_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6e3bc65f44dcb002652a6dd96a81141e_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ffb0dcf02692d9e4e7182ffe868e29d_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72c1d819a158cd9277031de1005aefda_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7752edf6d48092017042ee7f3f5ca450_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79e999ddcdf09180b5a3e13adc623d97_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d031ef205925826aef656900f2d2a8b_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ffc28c75114792c9f5692d9a45e2d75_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\883d8a1fc2b627554b8c9ab848e1007a_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c80039deffd78663deb840f237403f2_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b26cbb6d353d4a59cced47338f09f42_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a4d29a4191efe37508e31ba33f6a7763_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3320b7800733667f6e25cb09b631b94_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eb313258e663a1c7f86ae6c9667f37ca_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f525e1fcbbfb9028549b927abcac9d94_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied
WARNING: Can't open file C:\System Volume Information\Syscache.hve: Permission denied
WARNING: Can't open file C:\System Volume Information\Syscache.hve.LOG1: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\05caba927dee0d635a7885ae3126445a_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\06f2949c160718ee78e346d252672639_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\28affbcd630372dec27c87898c1f631b_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3e9a77ddffea0f0d89963d22c5a1fbc5_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4256c009d78b51c84b41525caee99c93_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\437413cd3533044b33258e1d2e02f830_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\492ce56b2864d4e7b2effe4365196658_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4bcdf7a852e3ccba9ace43712195c155_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\55ab671c25e0de302d1be09a97cfedee_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\58ee4300bdaf01139c5c2c181fffc4fc_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5e6e0a5e704496d827b131a6aa1dbb8e_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\60166d1e09285147685f202770f1c52e_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6ba6326717addfc6118aa8c5ec65bced_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6e3bc65f44dcb002652a6dd96a81141e_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6ffb0dcf02692d9e4e7182ffe868e29d_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\72c1d819a158cd9277031de1005aefda_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7752edf6d48092017042ee7f3f5ca450_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\79e999ddcdf09180b5a3e13adc623d97_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7d031ef205925826aef656900f2d2a8b_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7ffc28c75114792c9f5692d9a45e2d75_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\883d8a1fc2b627554b8c9ab848e1007a_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8c80039deffd78663deb840f237403f2_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9b26cbb6d353d4a59cced47338f09f42_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a4d29a4191efe37508e31ba33f6a7763_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c3320b7800733667f6e25cb09b631b94_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\eb313258e663a1c7f86ae6c9667f37ca_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f525e1fcbbfb9028549b927abcac9d94_bb618323-99a1-471c-a43c-816b24e73e96: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied
WARNING: Can't open file C:\Users\Jon\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
WARNING: Can't open file C:\Users\Jon\AppData\Local\Temp\etilqs_1i1Hwd4BXEbXM0ctk9aN: Permission denied
WARNING: Can't open file C:\Users\Jon\AppData\Local\Temp\etilqs_fcOvnt97bB6SFeShjhyF: Permission denied
WARNING: Can't open file C:\Users\Jon\AppData\Local\Temp\hsperfdata_Jon\2532: Permission denied
WARNING: Can't open file C:\Users\Jon\AppData\Roaming\ZumoCast\db\data\ZumoCast.db-journal: Permission denied
WARNING: Can't open file C:\Users\Jon\ntuser.dat.LOG1: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\d71efb6b79ae015c175b92c3807447842b143b2e.HomeGroupClassifier\4abaa02fc34ae01426b6890e537881aa\grouping\db.mdb: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\d71efb6b79ae015c175b92c3807447842b143b2e.HomeGroupClassifier\4abaa02fc34ae01426b6890e537881aa\grouping\tmp.edb: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\catroot2\127D0A1D-4EF2-11D1-8608-00C04FC295EE\catdb: Permission denied
WARNING: Can't open file C:\Windows\System32\catroot2\F750E6C3-38EE-11D1-85E5-00C04FC295EE\catdb: Permission denied
WARNING: Can't open file C:\Windows\System32\config\DEFAULT: Permission denied
WARNING: Can't open file C:\Windows\System32\config\DEFAULT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\DEFAULT: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SAM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SECURITY: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SYSTEM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SAM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SAM.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SECURITY: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SECURITY.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SOFTWARE: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SYSTEM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SYSTEM.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\C_949U.dll: Permission denied
WARNING: Can't open file C:\Windows\Tasks\kasfl.job: Permission denied
C:\Windows\Thozoa.exe: Trojan.Downloader-109448 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 992123
Engine version: 0.97.1
Scanned directories: 28742
Scanned files: 169589
Infected files: 1
Data scanned: 20447.46 MB
Data read: 33750.22 MB (ratio 0.61:1)
Time: 6557.034 sec (109 m 17 s)
--------------------------------------
Completed
--------------------------------------
IT found a trojan and stated it was quarentined i thought but to still having same redirect issues any insight on how to fix this issue would be greatly appreciated. I also have the OTL log if needed.
Page 1 of 1
googleonearth redirect virus
Back to top
#2
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 12 July 2011 - 11:43 PM
Welcome aboard 
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Please download GMER from one of the following locations and save it to your desktop:
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
- Report IE Proxy Settings
- Report FF Proxy Settings
- List content of Hosts
- List IP configuration
- List last 10 Event Viewer log
- List Users, Partitions and Memory size
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
Share this topic:
Page 1 of 1