redirect virus

Microsoft Windows 7 professional anytime...
May 22, 2010 at 06:45:24
Specs: Windows XP, 1.994 GHz / 2046 MB
I have the redirect virus.
I have used all virus removal programs.
Noting works.
Please help me.

See More: redirect virus

Report •

May 22, 2010 at 08:19:15
Please follow the instructions and we will help you get cleaned up :)

1.) Download and install HijackThis

2.) Once installed, open HijackThis by clicking Start > Program Files > HijackThis and click the button labeled "Do a system scan only".

3.) Once the scan is complete, the scan button will read "Save log". You may save the log file to your PC. Once you select where you would like to save the file, (your going to post it for us) it will open in your system's default text editor. Typically this application is Notepad. Please copy and paste the entire log. Please do nothing else for the time being in HijackThis. thank you

Report •

May 24, 2010 at 12:00:59
I ran combofix and it seemed to fix my problem.
Should I still run HyjackThis?

Report •

May 24, 2010 at 22:02:24
Hopefully.. :-)

Report •

Related Solutions

May 25, 2010 at 08:49:26
It seems to be back.
I think I will stop guessing and trust the pros.
Thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:25 AM, on 5/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
c:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe" /scan:boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B00AFB54-7E7A-4D4F-B086-CE346ED3208B}: NameServer =,
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

End of file - 4645 bytes

Report •

May 25, 2010 at 12:39:39
i doubt it ever left :)

I will read over your hjt log and get back to you

Report •

May 25, 2010 at 13:41:44
please start by making sure everything at this link is completed, let me know when your done.

Report •

May 26, 2010 at 06:19:57
I have done all that you asked. (I Hope)
I have decided to keep only AVG.

Report •

May 26, 2010 at 09:15:36
Next get this

and follow these directions

Rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.

Double Click mb.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform Quick Scan, then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

Make sure that you fix everything before you save a log otherwise your log will show No Action Taken which will make me believe you did not fix anything.

When disinfection is completed, a log will open in Notepad (you can close this notepad window) and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Attach this log to your next reply even if nothing is found. This way I know that the correct updated version of the program has been run

Report •

May 26, 2010 at 10:51:59
Nothing was found.

Malwarebytes' Anti-Malware 1.46

Database version: 4145

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/26/2010 1:49:37 PM
mbam-log-2010-05-26 (13-49-37).txt

Scan type: Quick scan
Objects scanned: 149127
Time elapsed: 13 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Report •

May 26, 2010 at 11:10:22
Download GMER Rootkit Scanner from here.

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help with this go here

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run on NO

In the right panel, you will see several boxes that have been checked. UNCHECK the following ...
Drives/Partitions other than C:\
Show All (don't miss this one)

Then click the Scan button & wait for it to finish

Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file

Save it where you can easily find it, such as your desktop, and post it in reply

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Report •

May 28, 2010 at 06:06:42
An update.
I am trying to run GMER. It ran the first time for about 10 minutes then I got a blue screen and had to hard start my computer.
The second time I ran GMER it ran for about 5 hours! Then I got the blue screen and had to hard start my computer.
I will try again tonight.

Report •

May 28, 2010 at 10:40:35
I am having the same trouble can I post in this thread or should I start a new one?

Report •

Ask Question