[Closed] Google redirect to 7search.com and other malicious sites

Status
Not open for further replies.
Can you please pin this down a bit better? What do 'popups' have to do with the redirections? You left a URL- that's not a popup. It seems to be a search site you are being redirected to. But I don't know where the 'popups' come in.
 
well for now its mostly redirections like hyperlink deleted got the popups 2 times after i used combofix.
I am now using internet explorer.
Can't we first remove this enoying redirections?
I also can't use/install google chrome and when i make a new tab in internet explorer most of the time it loads but no new tab.I can see the tab but i cant get in it. Maybe i need to reinstall internet explorer.

Edit: I have deleted the hyperlink you were redirected to. Please do not leave an active link when you have been redirected.
 
So far, I haven't seen any cause of a redirection. As for flash, it wasn't removed in or by Combofix. It appears that you are having problems no matter which browser you use, but I am not getting enough information from you to find the cause of the redirect. The popups sound like fake antimalware. I also haven't seen evidence of that. Neither the online virus scan or Malwarebytes show any evidence of malware.
===================================
Maybe there will be an entry in Hijackthis to give me some idea of the cause:

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

It would be best if you stopped trying to install new programs or browsers until you find the problem. You're trying to use Firefox, Chrome and Internet Explorer.
 
Sorry for the late reply my friend, i was on holiday for 4 days.I just got back.

Well when i start internet explorer the first 3 times mostly my browser freezes.Also sometimes i get blue screen.In the beginning i got blue screens when i push down the screen of my laptop for battery efficiency.But now sometimes i get blue screen when i dont use the laptop and leave it on standby.

Here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:48, on 30-12-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\mitdrissia\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\mitdrissia\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\mitdrissia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mitdrissia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mitdrissia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mitdrissia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mitdrissia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mitdrissia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mitdrissia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ExtractNow\extractnow.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\mitdrissia\Downloads\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101105203510.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SQplus - {CCF078EE-B071-4C40-9E57-F7B5962E8C95} - C:\Program Files (x86)\SeoQuake\SQplus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: SeoQuake - {9C590067-8A6A-4db6-B052-069283790B04} - C:\Program Files (x86)\SeoQuake\SeoQuake.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\mitdrissia\AppData\Roaming\Mozilla\Firefox\Profiles\b6vwscsz.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.87.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\mitdrissia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0174641293705365) (0174641293705365mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\017464~1.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14948 bytes
 
is it possible to get an answer for this problem?I still get the redirects.
I hope someone can help to remove this google redirection virus
thank you
 
I have repeatedly asked you for logs. You tell me there is no log or that something was found and removed but no log. You describe getting a blue screen, a black screen, freezing, loss of some functions such as flash.

I have reviewed all the logs you did leave-again-and still have nothing to go on. Unfortunately, HJT doesn't read the Services well on Win 7 64bit, so I can't rely on what is in the logs.

But some of the Service entries look like remains from a infection. But I still need the online virus scan to back this up: Since you have problems with Eset, please run this instead:
Run Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
    [o] Scan Options: Scan Archives> Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    [o] Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
============================================
Regarding the freezes: You have a great number of processes running. It is possible that you may not have enough installed RAM to support all of them and when the available RAM has been used, the system will crash causing you to reboot. This will free up some RAM, but it will start the cycle all over again. How much RAM is on the system?:
===============================================
Combofix removed only one process: install.exe. This process is from one of several Trojans including Infostealer trojan, detected as Troj/Dloadr-AWX. So the loss of processes you have associated with running Combofix were not caused by running that scan.
===============================================
I still don't know what popups you're getting and what you are doing when you get them. When I asked for a more clear descriptions, you said:
well for now its mostly redirections like hyperlink deleted got the popups 2 times after i used combofix. I now also get popups , they come up out of nothing. This is only after i used combofix.
Click to expand...
I think you are dealing with system problems. I cannot determine whether malware is involved or to what extent unless I get more information from you.
 
online scanner not working with windows 7(well i see windows xp and vista on their site but no windows 7 for the time being.I can't get through the update part and then I get error that license expired.I even turned off anti virus.I have explorer 8.

About Eset: i gave you the log file: see post 24

Eset:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

That's all.
i gave you all the things you wanted.
my comp specs:
dell studio 1558
3072 mb ram
intel core i3 2,01 ghz

the pop up occured only one time. But for the redirections its 2-3 times out of 10 times.

It's a new computer.No system failures.Its the virus.
thanks
 
ESET Receives "Compatible with Windows 7" Logo from Microsoft
February 10, 2010
Click to expand...
Eset Online Scanner:
System Requirements
Operating Systems
Microsoft Windows 7/Vista/XP/2000/NT
Click to expand...
error that license expired.
Click to expand...
This would indicate that either you have a paid version of Eset Nod32 on your system or you are not getting the correct link.

There is no log for Eset in Post #24:
Eset:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Click to expand...

The log you left in Post #24 is:
malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
It shows no infection
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Click to expand...

You complained numerous time of popups:
I now also get popups , they come up out of nothing. This is only after i used combofix.
Click to expand...
Now you tell me there was only 1.A one-time popup is not significant.

I left a link and directions for the Kaspersky Online scanner. Do you try that?

If you have malware causing a redirect, it would happen every time you did a search and choose a site, not just 2 or 3 out of 10 times.

Unless you can provide me with a log indicating malware, I cannot help you. If you can run the Kaspersky scan and it shows malware, then I will continue. If you cannot do that, I will end my support and close this thread..
Click to expand...
 
yes i used the link. I tried this but i can't get it to work. I checked kapersky requirements and windows 7 is not in the requirements.
I have done everything you told me.
I will try it again and let you know.
thanks

Eset did not find any malware and in post 24 i placed the log it made:
Eset:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
I only downloaded the files that are needed so when i use eset next time i dont need to download again.

I tried eset many times and this is all i got.
I will try again with both eset and kapersky.
I hope this time i get more out of it.
 
logo_w7_comp_2.gif

Windows 7 compatible

Kaspersky PURE, Kaspersky Internet Security and Kaspersky Anti-Virus are fully compatible with Microsoft’s newest operating system. Read more
 
yes, eset is compatible with windows 7. I know but the only log i got is the one you received.

For kapersky online scanner:


For successful startup and operation of Kaspersky Online Scanner 7.0 the hardware and software of your computer must meet the following minimum requirements:
50 MB of available disk space;
Microsoft Windows 2000 Professional SP4, 32-bit / 64-bit Microsoft Windows XP SP2 or 32-bit / 64-bit Microsoft Windows Vista: Microsoft Internet Explorer 6 or 7, Opera 9 or Firefox 2;
Ubuntu 7.10: Firefox 2;
Sun Java SE Runtime Environment (JRE): for Microsoft Windows Vista version 1.6.0 or higher; for other operating systems version 1.5.0 or higher;
Java and JavaScript support for internet applications must be enabled in the browser.
Note.
Successful launch of Kaspersky Online Scanner 7.0 on a computer running Microsoft Windows Vista requires starting the browser with the administrator credentials (Run as Administrator).


As you can see no windows 7 for kapersky online scanner.
I will try both one more time.

Here is the error i get from kapersky in google chrome(yes chrome now is working fine) see image



Uploaded with ImageShack.us


And for internet explorer 8:


Uploaded with ImageShack.us

I have continous connection so its strange.

___________________________________________

Eset log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=f33ffa9934531b45aa695ef932f8fe4a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-05 08:56:46
# local_time=2011-01-05 09:56:46 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777213 100 75 1533118 7730113 0 0
# compatibility_mode=5893 16776573 100 94 85845 46650806 0 0
# compatibility_mode=8192 67108863 100 0 2410056 2410056 0 0
# scanned=151219
# found=1
# cleaned=0
# scan_time=4026
C:\Users\mitdrissia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1c102d21-1bcafc0f multiple threats (unable to clean) 00000000000000000000000000000000 I



Shall i remove it the next time?
I can't get kapersky to work.sorry.I tried it maybe 30 times.I give up
 
This is the log from Eset I've been trying to get. Please do the following:
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Processes	
:Files  
C:\Users\mitdrissia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1c102 d21-1bcafc0f 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======================================
The information about Kaspersky and Windows 7 I left in Reply #36 was copied from the Kaspersky site.
What you copied states to use Microsoft Internet Explorer 6 or 7, Opera 9 or Firefox 2;
The error you got shows you used Chrome.
You do not need to run Kaspersky or Eset again.
=====================================
Empty the Java cache- that's where the malware is. OTMoveIt will remove this entry.
How do I clear the Java cache?
This article applies to:
  • Platform(s): Windows 7, Vista, Windows XP, Windows 2000, Windows 2003, Windows 98, Windows ME
  • Browser(s): All Browsers
  • Java version(s): 1.4.2_xx, 1.5.0, 6.0
Clearing the Java Plug-in cache forces the browser to load the latest versions of web pages and programs.

Version 6.0 and 1.5.0
To clear the Java Plug-in cache:
  1. Click Start > Control Panel.
  2. Double-click the Java icon in the control panel.
    The Java Control Panel appears.
    5000020301.jpg
  3. Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
    5000020302.jpg
  4. Click Delete Files.
    The Delete Temporary Files dialog box appears.
    5000020303.jpg

    There are three options on this window to clear the cache.
  5. Check all 3 options
    [o]. Delete Files
    [o]. View Applications
    [o]. View Applets
  6. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
  7. Click OK on Temporary Files Settings window.
Images and directions courtesy: http://www.java.com/en/download/help/plugin_cache.xml
===============================================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Creating a Restore Point in Windows 7:
  • Click on Start> right click on Computer> Properties
  • Select System Protection
  • Click on the Create button (near bottom)
  • Type a name for the Restore Point
  • Click on Create again to save the restore point.

Deleting all but the most recent System Protection point in Windows 7
  • Click Start, type Cleanmgr.exe and press ENTER
  • Select the drive-letter from the list and click OK
  • Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
  • Select the drive-letter from the list and click OK
  • Click the More Options tab
    w7-srp2.png
  • Click the Clean up button under System Restore and Shadow Copies.
  • Click OK.

Empty the Recycle Bin
 
I made a big mistake.
I downloaded the otc software and copy paste and clicked on moveit.After that i needed to reboot.I cleared cache and uninstalled combofix.I got a problem with uninstalling.It said something like: i had corrupted file and needed to download again from bleeping... forum and that its not safe , it said i had "Virut" virus.
When i clicked on otc cleanup i still got combofix telling me that some antivirus software are enabled. After that i totally forgot the log file(because of the reboots).
What to do now?
Sorry
 
Please check here for Virut. This is the first I've seen of it in your system:

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org free on-line scan service
  • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:
    Code: 
     [b]
    c:\windows\system32\userinit.exe
    c:\windows\explorer.exe
    c:\window\system32\svchost.exe[/b]
  • Click on the Upload button for each.
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
 
VirSCAN.org Scanned Report :
Scanned time : 2011/01/07 15:16:11 (CET)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 6de80f60d7de9ce6b8c2ddfdf79ef175
SHA1 : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c
Online report : http://virscan.org/report/059ac90ef438471c077dd6aa0918958d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110107031103 2011-01-07 40.09 -
AhnLab V3 2011.01.07.00 2011.01.07 2011-01-07 40.09 -
AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.29 -
Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
Arcavir 2010 201101072124 2011-01-07 0.13 -
Authentium 5.1.1 201101062238 2011-01-06 1.58 -
AVAST! 4.7.4 110107-0 2011-01-07 0.01 -
AVG 8.5.850 271.1.1/3365 2011-01-07 0.39 -
BitDefender 7.90123.6601913 7.35584 2011-01-07 7.72 -
ClamAV 0.96.5 12488 2011-01-07 0.03 -
Comodo 4.0 7323 2011-01-07 40.15 -
CP Secure 1.3.0.5 2011.01.07 2011-01-07 0.04 -
Dr.Web 5.0.2.3300 2011.01.07 2011-01-07 10.23 -
F-Prot 4.4.4.56 20110106 2011-01-06 1.47 -
F-Secure 7.02.73807 2011.01.07.06 2011-01-07 11.57 -
Fortinet 4.2.254 12.762 2011-01-07 40.09 -
GData 21.1494/21.596 20110107 2011-01-07 40.09 -
ViRobot 20110107 2011.01.07 2011-01-07 40.10 -
Ikarus T3.1.32.15.0 2011.01.07.77491 2011-01-07 5.04 -
JiangMin 13.0.900 2011.01.07 2011-01-07 40.13 -
Kaspersky 5.5.10 2011.01.07 2011-01-07 0.09 -
KingSoft 2009.2.5.15 2011.1.7.16 2011-01-07 40.12 -
McAfee 5400.1158 6218 2011-01-06 18.79 -
Microsoft 1.6402 2011.01.06 2011-01-06 40.09 -
Norman 6.06.11 6.06.00 2010-12-07 10.01 -
Panda 9.05.01 2011.01.06 2011-01-06 40.09 -
Trend Micro 9.200-1012 7.752.10 2011-01-07 0.03 -
Quick Heal 11.00 2011.01.07 2011-01-07 40.09 -
Rising 20.0 22.81.04.01 2011-01-07 40.13 -
Sophos 3.15.0 4.61 2011-01-07 2.96 -
Sunbelt 3.9.2464.2 7985 2011-01-06 40.09 -
Symantec 1.3.0.24 20110106.003 2011-01-06 0.06 -
nProtect 20110106.01 9546586 2011-01-06 40.09 -
The Hacker 6.7.0.1 v00111 2011-01-06 40.15 -
VBA32 3.12.14.2 20110106.1408 2011-01-06 3.39 -
VirusBuster 4.5.11.10 10.130.61/1989694 2011-01-03 2.53 -



VirSCAN.org Scanned Report :
Scanned time : 2011/01/07 15:34:08 (CET)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 2870272 byte
File Type : PE32+ executable for MS Windows (GUI)
MD5 : 9aaaec8dac27aa17b053e6352ad233ae
SHA1 : 0f841176602288ee1be832573265f88ca78f4ba7
Online report : http://virscan.org/report/ce9cee8a249732fbae0898489e795b93.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110107031103 2011-01-07 40.09 -
AhnLab V3 2011.01.07.00 2011.01.07 2011-01-07 40.09 -
AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.28 -
Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
Arcavir 2010 201101072224 2011-01-07 0.12 -
Authentium 5.1.1 201101062238 2011-01-06 1.44 -
AVAST! 4.7.4 110107-0 2011-01-07 0.12 -
AVG 8.5.850 271.1.1/3365 2011-01-07 0.26 -
BitDefender 7.90123.6601913 7.35584 2011-01-07 6.23 -
ClamAV 0.96.5 12488 2011-01-07 0.77 -
Comodo 4.0 7323 2011-01-07 40.09 -
CP Secure 1.3.0.5 2011.01.07 2011-01-07 0.49 -
Dr.Web 5.0.2.3300 2011.01.07 2011-01-07 10.43 -
F-Prot 4.4.4.56 20110106 2011-01-06 1.45 -
F-Secure 7.02.73807 2011.01.07.07 2011-01-07 0.18 -
Fortinet 4.2.254 12.762 2011-01-07 40.09 -
GData 21.1494/21.596 20110107 2011-01-07 40.09 -
ViRobot 20110107 2011.01.07 2011-01-07 40.13 -
Ikarus T3.1.32.15.0 2011.01.07.77491 2011-01-07 5.10 -
JiangMin 13.0.900 2011.01.07 2011-01-07 40.09 -
Kaspersky 5.5.10 2011.01.07 2011-01-07 0.09 -
KingSoft 2009.2.5.15 2011.1.7.16 2011-01-07 40.09 -
McAfee 5400.1158 6218 2011-01-06 18.47 -
Microsoft 1.6402 2011.01.06 2011-01-06 40.13 -
Norman 6.06.11 6.06.00 2010-12-07 14.02 -
Panda 9.05.01 2011.01.06 2011-01-06 40.09 -
Trend Micro 9.200-1012 7.752.10 2011-01-07 0.03 -
Quick Heal 11.00 2011.01.07 2011-01-07 40.09 -
Rising 20.0 22.81.04.01 2011-01-07 40.09 -
Sophos 3.15.0 4.61 2011-01-07 3.08 -
Sunbelt 3.9.2464.2 7985 2011-01-06 40.11 -
Symantec 1.3.0.24 20110106.003 2011-01-06 0.15 -
nProtect 20110106.01 9546586 2011-01-06 40.09 -
The Hacker 6.7.0.1 v00111 2011-01-06 40.09 -
VBA32 3.12.14.2 20110106.1408 2011-01-06 3.19 -
VirusBuster 4.5.11.10 10.130.61/1989694 2011-01-03 3.60 -



VirSCAN.org Scanned Report :
Scanned time : 2011/01/07 15:48:00 (CET)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 20992 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 54a47f6b5e09a77e61649109c6a08866
SHA1 : 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
Online report : http://virscan.org/report/be898f64b43d1e2d83fc8578b8894137.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110107031103 2011-01-07 40.09 -
AhnLab V3 2011.01.07.00 2011.01.07 2011-01-07 40.09 -
AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.27 -
Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
Arcavir 2010 201101072224 2011-01-07 0.04 -
Authentium 5.1.1 201101062238 2011-01-06 1.47 -
AVAST! 4.7.4 110107-0 2011-01-07 0.01 -
AVG 8.5.850 271.1.1/3365 2011-01-07 0.26 -
BitDefender 7.90123.6601913 7.35584 2011-01-07 6.07 -
ClamAV 0.96.5 12488 2011-01-07 0.01 -
Comodo 4.0 7323 2011-01-07 40.09 -
CP Secure 1.3.0.5 2011.01.07 2011-01-07 0.04 -
Dr.Web 5.0.2.3300 2011.01.07 2011-01-07 10.17 -
F-Prot 4.4.4.56 20110106 2011-01-06 1.47 -
F-Secure 7.02.73807 2011.01.07.07 2011-01-07 11.54 -
Fortinet 4.2.254 12.762 2011-01-07 40.09 -
GData 21.1494/21.596 20110107 2011-01-07 40.10 -
ViRobot 20110107 2011.01.07 2011-01-07 40.09 -
Ikarus T3.1.32.15.0 2011.01.07.77491 2011-01-07 5.02 -
JiangMin 13.0.900 2011.01.07 2011-01-07 40.09 -
Kaspersky 5.5.10 2011.01.07 2011-01-07 0.09 -
KingSoft 2009.2.5.15 2011.1.7.16 2011-01-07 40.09 -
McAfee 5400.1158 6218 2011-01-06 18.34 -
Microsoft 1.6402 2011.01.06 2011-01-06 40.09 -
Norman 6.06.11 6.06.00 2010-12-07 10.01 -
Panda 9.05.01 2011.01.06 2011-01-06 40.09 -
Trend Micro 9.200-1012 7.752.10 2011-01-07 0.03 -
Quick Heal 11.00 2011.01.07 2011-01-07 40.08 -
Rising 20.0 22.81.04.01 2011-01-07 40.09 -
Sophos 3.15.0 4.61 2011-01-07 2.98 -
Sunbelt 3.9.2464.2 7985 2011-01-06 40.09 -
Symantec 1.3.0.24 20110106.003 2011-01-06 3.69 -
nProtect 20110106.01 9546586 2011-01-06 40.11 -
The Hacker 6.7.0.1 v00111 2011-01-06 40.09 -
VBA32 3.12.14.2 20110106.1408 2011-01-06 3.34 -
VirusBuster 4.5.11.10 10.130.61/1989694 2011-01-03 2.52 -



Virustotal.com --> Esafe found a trojan-- eSafe 7.0.17.0 2011.01.06 Win32.TrojanHorse
here is the link of the scan if it works:
http://www.virustotal.com/file-scan...4e42792619a8a3a6d11e1f0025a7324bc2-1294411759

ok what now?
 
It's been 4 weeks and it took over one week for you to get logs for me to review. Then you weren't home and you 'were busy.'

After 1 week, I asked:
Were you able to delete the temporary internet files for Java?
Please bring me up to date on what the current problem is. Are you still being redirected when you search? Which browser?
Click to expand...
A week later, you answered. But you ended up discarding Internet Explorer and Firefox and installing Chrome. Then you started having other problems which you seemed to think followed Combofix although I hadn't instructed you to run it yet. And when you did run it, the only entry removed was a Backdoor Trojan.

You did not provide me with a log but said 'two days ago' Mbam said your Firefox profiles was malware and it was removed.

And this is the description of the IoBit security I instructed you to remove:
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe which is Related to IOBit Advanced SystemCare. ROGUE! program.

You are running a great number of processes. My job when I see the logs is to make sure every one of them is legitimate and okay to be on the system- or to set it up to be removed.

After 2 weeks, I told you that unless you give me the logs, I can't direct you. Then you tell me you get popups after Combofix, but don't tell me what they are.

Then you went on 'holiday'! And now you've started getting blue screens. And after attempting to get an online virus scan, you told me repeatedly that neither would work with Windows 7. I documented that they would- and magically, out of nowhere, the log for Eset appears! It showed the Java cache entries-again- that were supposedly removed. So I moved them again.

Since there was nothing else to do, I gave you instructions to remove the cleaning tools and logs. But you told me Combofix stated Virut which is a serious, non-curable polymorphic file infector. I had you run the online scan to check for Virut.

There was no Virus but you referred me to a VirScan log showing a Trojan- but that was a reference log that had already been run. It does not appear to be your result.
==============================================
I think I have extended every courtesy to you, given you clear instructions and patiently waited for you to follow them. At this point, I do not think I can help you and am going to withdraw my support and close this thread.
 
Status
Not open for further replies.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
119
James Ryan
J
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
628
Feng Lengshun
F
Jimmy2x
Hackers target unsecured Amex and Snapchat sites to steal user data
Replies
7
Views
838
bviktor
B

Latest posts

Back