Google search redirect virus, ran 8 steps, logs attached

[KyleH186]

When I click a search result using google.com through the google chrome browser it redirects me through about 3-4 pages before finally taking me to some junk page. If I right click the search result and "open in new tab" it works fine. I was unable to duplicate the problem using another browser or search engine. I tried uninstalling and reinstalling google chrome as well as various spyware and virus removal programs.

I ran all 8 steps suggested on those forums and have attached the logs. My normal virus protection and firewall are through McAfee Security Center and I usually have Spybot running as well.


Any help would be greatly appreciated.

 

[KyleH186]

small bump hoping for someone to help me out, this virus is a real pain in the butt

 

[KyleH186]

bump, still having trouble

 

[KyleH186]

bump, seems like google is sending a lot of search redirect people to this forum so I understand the delay but I am still in need of assistance

 

[KyleH186]

Ok this has gone from a minor problem to a major one. I am now getting this message on a loop every 15 minutes or so:

System shutdown initiated by NT Authority/system System must restart
because DCOM server process launcher terminated

and it restarts my computer. Obviously having my computer restart every 15 minutes sucks. Someone please help.

 

[KyleH186]

bumpity doo dah

 

[KyleH186]

desperate for some help, my laptop is virtually useless right now with this shutdown thing going on

 

[KyleH186]

still dying over here, waiting patiently (if you don't count the incessant bumping)

 

[KyleH186]

bump, 10char

 

[Kalmah36]

I'm having the same problem but with firefox.

Anytime I use google search whether it be from the toolbar or the main site it redirects me to a clicksearch8.com or somethin along those lines. Sometimes it randomly takes me to a website and my virus protection (avast) blocks an incoming virus download.

I was told that combofix the freeware would work, unfortunately it didn't. You might try it though; you might get lucky.

If anyone else has any advice that would be great.

I use ad-aware, avast, and malewarebytes and none of those have caught anything.

Thanks

 

[fluffykitten]

wow, nobody replied... a bump for you... very very few actual techs on here.

 

[Bobbye]

KyleH186, I'm sorry your thread wasn't picked up. There is some problem here now as to who is helping. Give me a few minutes to review your logs and I will be back.

Kalmah36, you will need your own thread. But you might want to go elsewhere to get help for your Google redirect problem.

 

[Bobbye]

Kyle, let's see if we can get this under control first:

System shutdown initiated by NT Authority/system System must restart
because DCOM server process launcher terminated

There is actually a timer running that you don't see- cause unknown at this point. But if you shut the timer down as follows, you should be able to run the program I'm leaving:

First: Right before the 15 minute interval starts or when you see the timer do this:

Click on Start> Run> type in shutdown -a> then press enter. This should disable the timer.

You have a rogue program that's causing the redirect. Did you download a trial for something called the Ascentive Performance Center? I don't see it running now, but it's a rogue program that infected some of your files. Please do the following:

Download SDFix HERE and save it to your Desktop.

• Double click SDFix.exe and it will extract the files to %systemdrive%
  (Drive that contains the Windows Directory, typically C:\SDFix)
  
  Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  
  Run SDFix
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Attach Report.txt back here

I'll know better what to do next after I see that report.

 

[KyleH186]

It is not letting me boot into safe mode. When I try i get a black screen full of stuff that says:

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\drivers\ and then it has a random .sys file, and this fills my screen and I have no way to exit this without removing my laptop battery.

i tried all 3 safe mode options (safe mode, safe mode with networking, and safe mode with command prompt)



edit: also to answer you I did accidentally get that Ascentive Performance Center, but I tried to remove it as best as I could. I had a feeling that I wasn't fully able to clean it though. The Ascentive was intended to be for the redirect though so it is just an additional problem, not the original cause.

 

[Bobbye]

Kyle, if you check the Mbam log, you will see that most of the infected files were caused by the Ascentive program. Even though you removed it, the damage was done. That's one of the reasons I push so hard to only use approved programs recommended by the helper who knows what they are.

For the Safe Mode+Black Screen problem:
If you have a Windows disc, boot up from the Windows disc and instead of reinstalling Windows choose to go to the Recovery Console and try running a chkdsk /r
(Note space between k and r. This needs to be there)

If is possible that you might have to assess the BIOS and change the boot order to CD first, Hard Drive second.

It would also help if you could further identify the sys file: for example:
multi(0)disk(0)rdisk(0)partition(2)\windows\system32\drivers\ACPI.sys
multi(0)disk(0)rdisk(0)partition(2)\windows\system32\drivers\WMILIB.sys
multi(0)disk(0)rdisk(0)partition(2)\windows\system32\drivers\pci.sys
etc etc.

For this, try going to the Device Manager:
Control Panel> System> Hardware tab> Device Manager> you are looking for the error icon which is a yellow triangle with a black !- if you see one, click on that driver and see what it says. If you don't see one, click on the + signs to open the groups.

I am not very experienced with hardware issues but rdisk is 'repair' and but I don't know what's on your 'partion 2.'