Solved Need help got the Google redirect virus

Status
Not open for further replies.
firefox isnt getting redirected.



Windows IP Configuration



Host Name . . . . . . . . . . . . : anonymous

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/1000 MTW Network Connection

Physical Address. . . . . . . . . : 00-14-22-61-4E-35

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, November 23, 2010 5:55:34 AM

Lease Expires . . . . . . . . . . : Wednesday, November 24, 2010 5:55:34 AM
 
Yeah. ipconfig log looks normal, so it must be IE issue.
Open IE, go Tools>Internet Options>Advanced tab and click "Reset" button.
Restart IE and check for issues.
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=================================================================

Copy the entire content of the report and paste it in a reply here.

Note. You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0008001d

Kernel Drivers (total 147):
0x804D7000 \windows\system32\ntkrnlpa.exe
0x806E4000 \windows\system32\hal.dll
0xF7B12000 \windows\system32\KDCOM.DLL
0xF7A22000 \windows\system32\BOOTVID.dll
0xF741E000 spdp.sys
0xF7B14000 \windows\System32\Drivers\WMILIB.SYS
0xF7406000 \windows\System32\Drivers\SCSIPORT.SYS
0xF73D8000 ACPI.sys
0xF73C7000 pci.sys
0xF73A7000 fltMgr.sys
0xF7612000 ohci1394.sys
0xF7622000 \windows\system32\DRIVERS\1394BUS.SYS
0xF7632000 isapnp.sys
0xF7BDA000 pciide.sys
0xF7892000 \windows\system32\DRIVERS\PCIIDEX.SYS
0xF7642000 MountMgr.sys
0xF7388000 ftdisk.sys
0xF7B16000 dmload.sys
0xF7362000 dmio.sys
0xF789A000 PartMgr.sys
0xF7652000 VolSnap.sys
0xF734A000 atapi.sys
0xF730A000 a320raid.sys
0xF7662000 disk.sys
0xF7672000 \windows\system32\DRIVERS\CLASSPNP.SYS
0xF72F8000 sr.sys
0xF72BF000 PCTCore.sys
0xF72AE000 TfSysMon.sys
0xF729D000 TfFsMon.sys
0xF7682000 PxHelp20.sys
0xF7286000 KSecDD.sys
0xF7273000 WudfPf.sys
0xF71E6000 Ntfs.sys
0xF71B9000 NDIS.sys
0xF719F000 Mup.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6327000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF6303000 \SystemRoot\system32\drivers\portcls.sys
0xF7712000 \SystemRoot\system32\drivers\drmk.sys
0xF62E0000 \SystemRoot\system32\drivers\ks.sys
0xF62B4000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF7B58000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xF7722000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF628C000 \SystemRoot\system32\DRIVERS\e1000325.sys
0xF5ED6000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5EC2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7982000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5E9E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF798A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7992000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF5E8A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7732000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7142000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7742000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF6412000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6402000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF799A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF5E4A000 \SystemRoot\system32\drivers\smwdm.sys
0xF5D97000 \SystemRoot\system32\drivers\senfilt.sys
0xF7C61000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B5A000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF79A2000 \SystemRoot\System32\Drivers\Modem.SYS
0xF63F2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF713A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5D80000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF63E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF63D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79AA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5D6F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF63C2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79B2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79BA000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF79C2000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF5D3F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF63B2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79CA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79D2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF5D22000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF7B5C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5CC4000 \SystemRoot\system32\DRIVERS\update.sys
0xF711E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF63A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF5C77000 \SystemRoot\system32\drivers\hap16v2k.sys
0xF5B9A000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xF5B78000 \SystemRoot\system32\drivers\emupia2k.sys
0xF5B58000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xF5ABA000 \SystemRoot\system32\drivers\ctac32k.sys
0xF7752000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B68000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79E2000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AFE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D34000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B6E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79F2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79FA000 \SystemRoot\System32\drivers\vga.sys
0xF7B70000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A02000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A0A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B06000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE7A3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE74A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE713000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xAE6ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7782000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE69D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7163000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF7792000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAE67B000 \SystemRoot\System32\drivers\afd.sys
0xF77A2000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A12000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAE650000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE5E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77B2000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE5BD000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B76000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF5CBC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF5CB0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF5CAC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7822000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF5CA4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xAE4B5000 \SystemRoot\System32\Drivers\dump_a320raid.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE7F2000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78C2000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C8C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAC160000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAC14C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF7872000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xABE03000 \SystemRoot\system32\drivers\wdmaud.sys
0xAC060000 \SystemRoot\system32\drivers\sysaudio.sys
0xABB31000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7BD4000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xABBD5000 \??\C:\windows\system32\drivers\cpuz133_x32.sys
0xAB881000 \SystemRoot\system32\DRIVERS\srv.sys
0xAB7A2000 \??\C:\windows\system32\drivers\PfModNT.sys
0xAB559000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
724 C:\WINDOWS\system32\smss.exe
772 csrss.exe
812 C:\WINDOWS\system32\winlogon.exe
856 C:\WINDOWS\system32\services.exe
868 C:\WINDOWS\system32\lsass.exe
1076 C:\WINDOWS\system32\ati2evxx.exe
1096 C:\WINDOWS\system32\svchost.exe
1164 svchost.exe
1268 C:\WINDOWS\system32\svchost.exe
1308 C:\WINDOWS\system32\svchost.exe
1484 svchost.exe
1556 svchost.exe
1644 C:\WINDOWS\system32\ati2evxx.exe
1792 C:\WINDOWS\system32\spoolsv.exe
1836 C:\Program Files\Avira\AntiVir Desktop\sched.exe
632 C:\WINDOWS\explorer.exe
720 C:\WINDOWS\system32\TaskSwitch.exe
740 C:\Program Files\Analog Devices\Core\smax4pnp.exe
760 C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe
752 C:\WINDOWS\system32\CTHELPER.EXE
140 C:\Program Files\Lexmark 5400 Series\lxctmon.exe
1128 C:\Program Files\Lexmark 5400 Series\ezprint.exe
1244 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1356 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1408 C:\Program Files\RocketDock\RocketDock.exe
1504 C:\Program Files\Bret Taylor\Stickies\Stickies.exe
1736 C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
1940 C:\Program Files\Pando Networks\Media Booster\PMB.exe
1664 C:\WINDOWS\system32\ctfmon.exe
340 C:\Program Files\MagicDisc\MagicDisc.exe
444 svchost.exe
1524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1708 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1916 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
1996 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2100 C:\WINDOWS\system32\CTSVCCDA.EXE
2140 C:\Program Files\Java\jre6\bin\jqs.exe
2172 C:\WINDOWS\system32\lxctcoms.exe
2360 C:\WINDOWS\system32\PnkBstrA.exe
2384 C:\Program Files\Spyware Doctor\pctsAuxs.exe
2500 C:\WINDOWS\system32\svchost.exe
3052 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
3068 alg.exe
3096 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
3996 C:\WINDOWS\system32\wuauclt.exe
2432 C:\Program Files\Internet Explorer\IEXPLORE.EXE
208 C:\Program Files\Internet Explorer\IEXPLORE.EXE
860 C:\Program Files\Internet Explorer\IEXPLORE.EXE
2988 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTORATLAS10K5_300SCA, Rev: JNZH

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
it seems to be working =) no redirects atm. im not really familiar with these terms for a pc but what does a dns do? and how is changing it can effect it from not redirecting? and am i 100% protected from the virus from hijacking again. im still afraid to log into bank accounts and stuff. sorry but im just very cautious
 
Good news :)

This will explain DNS better, than I can: http://www.howstuffworks.com/dns.htm

Your computer is definitely clean, but we still need to perform very last steps.
Your dad's computer should be OK too.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
my computer is working great thanks. which anti virus prog should i keep? spydoctor? avira or mbam? im thinking of unistalling spydoctor but what do you recommend
 
Good news :)
Only Avira is an antivirus program.
You can safely uninstall SpyDoctor.
Keep MBAM and run occasional scans.

Good luck and stay safe :)
 
Status
Not open for further replies.

Similar threads

learninmypc
Help with FB messenger, NOT THE APP
Replies
4
Views
115
learninmypc
learninmypc
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
635
Feng Lengshun
F
midian182
Google accused of being "woke" after Gemini creates inaccurate, racially diverse historical...
2
Replies
40
Views
855
wiyosaya
wiyosaya

Latest posts

Back