Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

super persistent google redirect


  • Please log in to reply
7 replies to this topic

#1 tim999

tim999

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 30 September 2011 - 04:27 AM

I have 'google redirect'. Having spent two days and reading numerous articles here and elsewhere, these are the things I have tried with no results:

*cleaning up the hosts file
*rkill
*superantispyware
*mbam
*gmer/mbr
*fixtdss and tdsskiller
*boot_cleaner.exe

except for some cookies found by superantispyware, nothing was detected.

any help appreciated, i can be patient.

Dell Inspiron 910 CPU N270@1.60GHz MS Win XP Home Edition 2002 SP 3

Edited by hamluis, 30 September 2011 - 07:01 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 30 September 2011 - 08:58 AM

Removed incorrect reply.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).





Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 tim999

tim999
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 05 November 2011 - 05:45 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:40 on 05/11/2011 (Timothy)
Firefox version 3.6.23 (en-US)

========== GooredScan ==========

Removing Orphan:
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:31 28/05/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [22:30 25/11/2009]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [00:16 28/01/2010]

C:\Documents and Settings\Timothy\Application Data\Mozilla\Firefox\Profiles\8xsb1wt3.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [13:23 22/09/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [01:23 03/10/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:15 21/08/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [11:46 06/10/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [08:14 20/05/2009]

-=E.O.F=-


MiniToolBox by Farbar
Ran by Timothy (administrator) on 05-11-2011 at 17:43:22
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : MINI

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-24-E8-97-FA-57



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter

Physical Address. . . . . . . . . : 00-23-08-74-39-45

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, November 05, 2011 3:19:46 PM

Lease Expires . . . . . . . . . . : Sunday, November 06, 2011 3:19:46 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.159.106, 74.125.159.99, 74.125.159.147, 74.125.159.104
74.125.159.105, 74.125.159.103



Pinging google.com [74.125.65.106] with 32 bytes of data:



Reply from 74.125.65.106: bytes=32 time=81ms TTL=50

Reply from 74.125.65.106: bytes=32 time=83ms TTL=50



Ping statistics for 74.125.65.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 81ms, Maximum = 83ms, Average = 82ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 67.195.160.76, 98.139.180.149, 209.191.122.70
98.137.149.56



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=173ms TTL=47

Reply from 72.30.2.43: bytes=32 time=212ms TTL=47



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 173ms, Maximum = 212ms, Average = 192ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 e8 97 fa 57 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - McAfee Core NDIS Intermediate Filter Miniport
0x3 ...00 23 08 74 39 45 ...... Broadcom 802.11g Network Adapter - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25
63.236.252.130 255.255.255.255 192.168.1.1 192.168.1.5 25
63.236.252.169 255.255.255.255 192.168.1.1 192.168.1.5 25
63.236.253.19 255.255.255.255 192.168.1.1 192.168.1.5 25
63.236.253.33 255.255.255.255 192.168.1.1 192.168.1.5 25
63.236.253.80 255.255.255.255 192.168.1.1 192.168.1.5 25
64.94.107.24 255.255.255.255 192.168.1.1 192.168.1.5 25
66.220.149.11 255.255.255.255 192.168.1.1 192.168.1.5 25
66.235.132.121 255.255.255.255 192.168.1.1 192.168.1.5 25
66.235.139.166 255.255.255.255 192.168.1.1 192.168.1.5 25
69.171.228.39 255.255.255.255 192.168.1.1 192.168.1.5 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 25
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 25
205.234.231.39 255.255.255.255 192.168.1.1 192.168.1.5 25
209.197.106.29 255.255.255.255 192.168.1.1 192.168.1.5 25
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 25
255.255.255.255 255.255.255.255 192.168.1.5 2 1
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/04/2011 05:48:07 PM) (Source: Application Error) (User: )
Description: Faulting application mcods.exe, version 15.0.262.0, faulting module MVsScan.dll, version 15.0.270.0, fault address 0x0003cc69.
Processing media-specific event for [mcods.exe!ws!]

Error: (11/04/2011 05:47:28 PM) (Source: Application Error) (User: )
Description: Faulting application mcods.exe, version 15.0.262.0, faulting module MVsScan.dll, version 15.0.270.0, fault address 0x0003cc69.
Processing media-specific event for [mcods.exe!ws!]

Error: (10/31/2011 10:27:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/31/2011 10:27:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/30/2011 10:27:14 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/30/2011 10:27:14 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/30/2011 08:10:00 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 1.9.2.4280, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/29/2011 10:27:10 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/29/2011 10:27:10 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/23/2011 10:27:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (11/04/2011 07:29:05 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

Error: (11/04/2011 07:29:03 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/04/2011 07:29:03 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/04/2011 07:29:03 PM) (Source: Service Control Manager) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/04/2011 07:29:03 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/04/2011 07:29:00 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).

Error: (10/30/2011 08:11:56 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
EMSC

Error: (10/26/2011 08:01:12 PM) (Source: DCOM) (User: Timothy)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Error: (10/25/2011 08:01:14 PM) (Source: DCOM) (User: Timothy)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Error: (10/24/2011 08:01:13 PM) (Source: DCOM) (User: Timothy)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (11/04/2011 05:48:07 PM) (Source: Application Error)(User: )
Description: mcods.exe15.0.262.0MVsScan.dll15.0.270.00003cc69

Error: (11/04/2011 05:47:28 PM) (Source: Application Error)(User: )
Description: mcods.exe15.0.262.0MVsScan.dll15.0.270.00003cc69

Error: (10/31/2011 10:27:12 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK

Error: (10/31/2011 10:27:12 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK

Error: (10/30/2011 10:27:14 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK

Error: (10/30/2011 10:27:14 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK

Error: (10/30/2011 08:10:00 AM) (Source: Application Hang)(User: )
Description: firefox.exe1.9.2.4280hungapp0.0.0.000000000

Error: (10/29/2011 10:27:10 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK

Error: (10/29/2011 10:27:10 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK

Error: (10/23/2011 10:27:03 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK


=========================== Installed Programs ============================

AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Reader 9.4.6 (Version: 9.4.6)
Advanced Audio FX Engine
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
AutoUpdate (Version: 1.1)
Banctec Service Agreement (Version: 2.0.0)
Battery Meter (Version: 0.0.0.7C)
Bonjour (Version: 3.0.0.10)
CCleaner (remove only)
Choice Guard (Version: 1.2.87.0)
Citrix Receiver (HDX Flash Redirection) (Version: 13.0.0.6685)
Citrix Receiver (Version: 13.0.0.6685)
Citrix Receiver Inside (Version: 3.0.0.56418)
Citrix Receiver(Aero) (Version: 13.0.0.6685)
Citrix Receiver(DV) (Version: 13.0.0.6685)
Citrix Receiver(USB) (Version: 13.0.0.6685)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Dell Box.net Launcher (Version: 1.0.0)
Dell Support Center (Support Software) (Version: 2.2.08335)
Dell Touchpad (Version: 11.1.22.0)
Dell Video Chat (Version: 6.0 (6567))
Dell Webcam Central
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
EMSC (Version: 0.0.0.10)
Eraser
Eraser (Version: 5.86)
H.264 Decoder (Version: 1.1.0)
Integrated Webcam Driver (1.00.03.0720)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.1.2)
Java™ 6 Update 18 (Version: 6.0.180)
jZip
Malwarebytes' Anti-Malware
MasterSplitter Program
McAfee Total Protection (Version: 11.0.623)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 9.7.0621)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox (3.6.23) (Version: 3.6.23 (en-US))
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
Online Plug-in (Version: 13.0.0.6685)
RealPlayer
Realtek High Definition Audio Driver
SUPERAntiSpyware (Version: 5.0.1128)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VLC media player 1.0.2 (Version: 1.0.2)
WD SmartWare (Version: 1.2.0.8)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR archiver
Wireless Select Switch (Version: 1.1.0.12)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager

========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 1014.36 MB
Available physical RAM: 393.42 MB
Total Pagefile: 1218.23 MB
Available Pagefile: 166.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.72 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:14.3 GB) (Free:6.16 GB) NTFS

========================= Users: ========================================

User accounts for \\MINI

Administrator Guest HelpAssistant
SUPPORT_388945a0 Timothy

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 05 November 2011 - 08:33 PM

How is it now after Goored removed that item?

You need to update to Java7 and Adobe Reader X or 10

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 tim999

tim999
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 06 November 2011 - 10:35 AM

I performed the above tasks; I still have a google redirect problem.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 06 November 2011 - 12:41 PM

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 tim999

tim999
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 07 November 2011 - 03:44 AM

yes to all three questions.
at a different wifi location now and not redirecting here.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 07 November 2011 - 01:05 PM

The problem is actually based in your router.
Open MBAM in normal mode and click Update tab, select Check for Updates
Next disconnect your system from the internet, and your router, then…
Open MBAM in normal mode and click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected,

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE


However, if there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users