My google redirect

[tomrum]

I've started having a google link redirect problem as well as some tabbed pop-ups for betting sites. Applied 8 steps, here are my logs. Thanks in advance for any help offered.

 

[kimsland]

µTorrent found in logs

Please re-read the 8-Step Removal Guide, under: Uninstall File Sharing/P2P Programs (Step#3)

Do also note: that Symantec Antivirus is probably the worst one to have whilst using P2P in my opinion
If Symantec is nearing the end of its subscription, you may want to uninstall it fully, then run the Norton Removal Tool
Then install the much better (again IMO) Free Avira Antivirus, and then do a full scan

 

[tomrum]

I did uninstall utorrent. I have no idea why it is still appearing in the hijackthis log since that file and folder were deleted. Everything with the filename utorrent was deleted from the computer.

 

[kimsland]

It is starting with Windows:

O4 - HKCU\..\Run: [µTorrent] "E:\Program Files\uTorrent\utorrent.exe"

You cannot see it on your Taskbar ?



Actually all of these start successfully with Windows: (do note I have one startup only, oh and that's Avira )

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] E:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "e:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Rainlendar2] e:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ATI Scheduler] E:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [µTorrent] "E:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe

 

[tomrum]

No, it isn't in my taskbar. All files and folders with "utorrent" in them have been deleted as stated above. Now the computer won't boot correctly at all so screw it, I'm just gonna Format C: and start from scratch. Am I being naive in hoping that the infection stayed on one computer on my network?

 

[kimsland]

Am I being naive in hoping that the infection stayed on one computer on my network?

It won't matter

Once you install Windows XP SP3 Clean (clean means remove the partition during install, not format)
Then say, install Free Avira Antivirus. Update it
Then attach to your network, Avira will then inform you of any badies

BUT, you may also want to scan the other "network" computers, offlline
ie Update Antivirus and my favorite Malwarebytes, then go offline from the network, and run the scans (note Malwarebytes only needs a quick scan)

 

[tomrum]

Sounds like a plan. I'll switch to Avira on the reinstall and double-check the other computers. Thanks.