8 Steps Removal Completed - Still Have Google Redirect Virus

Status
Not open for further replies.
I hope you guys can help me. After reading through and completing the 8 Step Guide, I'm still having a problem with the Google redirect problem on Firefox 3. It doesn't seem to be a problem on IE 8 or Google Chrome 3. But I only tried a couple of searches to check.

Thanks in advance for the help.
 
Please download and run IE Reset:

Or manually from here https://www.techspot.com/vb/post682762-2.html
Then restart Internet Explorer


Startup HJT and do a scan only. Check the following entries
Close all Internet browsers and then select FIX
O1 - Hosts file is located at: C:\WINDOWS\help\hosts
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SysExplore] C:\WINDOWS\System32\explorer32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Happs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
O20 - Winlogon Notify: ytchvzmn - C:\WINDOWS\SYSTEM32\ghaclto.dll
O24 - Desktop Component 0: (no name) - http://i.ebayimg.com/04/%21BUdSpFQBWk%7E$%28KGrHgoH-DMEjlLltmFiBKNo%28B73Sg%7E%7E_12.JPG
Close HJT

Restart

Then do another HJT scan and log file and attach it here

By the way, did you do an Antivirus update and scan? Because it doesn't look like it :confused:

Also before doing the HJT scan, you may want to re-update Malwarebytes, and do another quick scan ;)
 
Don't fix these if this (click me) is your ISP.

O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
 
Status
Not open for further replies.
Back