Google redirecting links

[jacobdet]

Hey,

this is kind of embarassing because I'm a computer science major and I have a problem I can't fix on my own computer, but thats why you ask questions right?

Any who, I'm having the problem that when ever I search on google using firefox or IE any link I click on gets redirected. Whenever I search in the bottom left hand corner it comes up with "waiting for 7.7.7.0" which is where I'm guessing my issue is coming from. I attached my Hijckthis log.

Any and all help is greatly appreciated.

-Jacob

 

[Bobbye]

Jacob, a HijackThis log alone is not enough to troubleshoot a redirect. Please follow the Steps HERE

After you have run Malwarebytes and SuperAntispyware, rescan with Hijackthis. Attach all three logs when through.

Note about security: you should temporarily disable the ZoneAlarm firewall while doing the scans.
Antivirus program: the only process I see running for AV if the try icon for Avira:
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

I don't even see the program as installed.

As long as you run BitTorrent, you are going to get malware:
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

Update Java:

Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 11 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.

Remove the older versions of Java:

1. Click Start, Control Panel, Add/Remove Programs.
2. Delete all Java updates except J2SE Runtime Environment 6.0 Update 11

 

[jacobdet]

Neither of them found anything, to my demise, but here are the new and improved logs.

 

[123madana]

Hi Jacob,
I have resolved many of such issues by using DR.web free utility try and use that.

 

[Bobbye]

Please follow the directions here for removal of the Sony - XCP DRM Rootkit:
http://www.bleepingcomputer.com/forums/topic34904.html

Your processes in the HijackThis log:
C:\WINDOWS\CDProxyServ.exe>>Added by the Sony/XCP DRM security software.
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe

Please reopen HijackThis logs and check System Scan Only. Check the box in each entry below:
Are you still noticing the on the lower left of the screen:
"waiting for 7.7.0" The IP in question is owned by the Russian Business Network and they are not a very nice bunch, spammers and what not.
Known to be Malware sites:
IE plugins for file extensions or MIME types
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
[/QUOTE]
Active X Objects:

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://asp.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab

Cloose all Wondows excert HijackThis and click on GicChecked. Reboot into Safe Mode:

1. Take any of the following process off of Stsrtup:

$sys$DRMServer.exe
Plugins\npimth32.dll
Plugin for .ipp:
Plugin for .ipt
btdna.exe
DAEMON Tools]
Reader\reader_sl.exe

Reboot into Normal Mode if you can.
2. Run new scan with HijacksThis scan and attach the log.

Tell me of any problems and how the system is performing.

 

[jacobdet]

Ok so the google thing seems to be fixed but the waiting 7.7.7.0 is still in the corner...

Here is my new log.

Oh and when ever I try and remove "Sony - XCP DRM Rootkit" I get this error from the command line. "The specified service does not as an installed service"

Thanks for all the help so far.