Google Redirect Virus

July 20, 2010 at 05:42:11
Specs: Windows 7 Enterprise 32 bit
I have been having a problem with a redirect virus for a while now. I actually ended up moving from XP to Windows 7 and rebuilding my computer, partially to try and get rid of this thing. It is still showing up though.

If I go to any search engine, when I click the links it will take me to a completely different page. Any help in getting rid of this would be much appreciated.


See More: Google Redirect Virus

Report •


#1
July 20, 2010 at 11:44:34
Google Redirect Virus is infact a browser hijacker that leards your web links and search quesries to unwanted websites. to fix this issue, follow the instructions within this link
http://darfuns.com/remove-google-se...

TechVTS - Virus removal techniques


Report •

#2
July 20, 2010 at 15:33:49
I tried both the Malaware and the UnHack me tools at this link and neither found anything. I will post both logs if needed. I don't know if this makes a difference but when I get the re-direct it tries to go to googleanalytics every time before re-directing to other sites with ads etc.

Thanks!


Report •

#3
July 21, 2010 at 11:05:22
Another thing to mention about my experience with the tools above, the Malware bytes could not update at the beginning of the scan.

I am still experiencing the same problems and have now noticed a pretty significant slow down in my browser.

Any help is greatly appreciated!


Report •

Related Solutions

#4
July 21, 2010 at 11:06:46

Report •

#5
July 21, 2010 at 14:39:58
Ok I ran ComboFix and here are the results

ComboFix 10-07-21.01 - Jesse 07/21/2010 16:16:53.1.1 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.959.459 [GMT -5:00]
Running from: c:\users\Jesse\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 21:13 . 2010-07-21 21:14 -------- d-----w- C:\32788R22FWJFW
2010-07-21 00:34 . 2010-07-21 00:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-21 00:32 . 2010-07-21 00:32 -------- d-----w- c:\programdata\Hitman Pro
2010-07-21 00:32 . 2010-07-21 00:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-21 00:32 . 2006-06-19 18:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-07-21 00:32 . 2006-05-25 20:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-07-21 00:32 . 2005-08-26 06:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-07-21 00:32 . 2003-02-03 01:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-07-21 00:32 . 2002-03-06 06:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-07-21 00:31 . 2010-07-21 00:38 -------- d-----w- c:\users\Jesse\AppData\Roaming\Simply Super Software
2010-07-21 00:31 . 2010-07-21 00:31 -------- d-----w- c:\programdata\Simply Super Software
2010-07-20 22:11 . 2010-07-20 22:11 2 --shatr- c:\windows\winstart.bat
2010-07-20 22:10 . 2010-07-21 01:09 -------- d-----w- c:\program files\UnHackMe
2010-07-20 22:08 . 2010-07-20 22:08 -------- d-----w- c:\users\Jesse\AppData\Roaming\Malwarebytes
2010-07-20 22:07 . 2010-07-20 22:07 -------- d-----w- c:\programdata\Malwarebytes
2010-07-20 12:30 . 2010-07-20 12:30 -------- d-----w- c:\program files\Common Files\Java
2010-07-20 12:29 . 2010-07-20 12:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-20 12:29 . 2010-07-20 12:29 -------- d-----w- c:\program files\Java
2010-07-15 22:51 . 2010-07-15 22:57 -------- d-----w- c:\users\Jesse\AppData\Roaming\Apple Computer
2010-07-15 22:51 . 2010-07-15 22:51 -------- d-----w- c:\users\Jesse\AppData\Local\Apple Computer
2010-07-15 22:51 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-15 22:51 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-15 22:51 . 2010-07-15 22:51 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-15 22:49 . 2010-07-15 22:49 -------- d-----w- c:\program files\iPod
2010-07-15 22:49 . 2010-07-15 22:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-15 22:49 . 2010-07-15 22:51 -------- d-----w- c:\program files\iTunes
2010-07-14 21:37 . 2010-07-14 21:40 -------- d-----w- c:\users\Jesse\AppData\Roaming\Peace Craft
2010-07-14 21:36 . 2010-07-14 21:36 -------- d-----w- c:\program files\My Kingdom for the Princess
2010-07-14 12:30 . 2010-07-15 06:10 -------- d-----w- c:\users\Jesse\AppData\Roaming\BitTorrent
2010-07-14 12:30 . 2010-07-14 12:30 -------- d-----w- c:\program files\BitTorrent
2010-07-13 11:23 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-08 02:13 . 2010-07-08 02:13 -------- d-----w- c:\users\Jesse\AppData\Roaming\Xerox
2010-07-08 02:12 . 2010-07-08 02:12 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-08 02:12 . 2010-07-08 02:12 -------- d-----w- c:\users\Jesse\Office Genuine Advantage
2010-07-05 23:46 . 2010-07-05 23:46 -------- d-----w- c:\users\Jesse\.ssh
2010-07-04 17:42 . 2010-07-04 17:42 -------- d-----w- c:\program files\AC3Filter
2010-07-04 17:32 . 2010-07-04 17:33 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2010-07-04 17:31 . 2010-07-04 17:31 -------- d-----w- c:\program files\DirectVobSub
2010-07-04 17:27 . 2010-07-04 17:27 -------- d-----w- c:\program files\Haali
2010-07-04 17:22 . 2010-07-04 17:23 -------- d-----w- c:\program files\Bass Audio Decoder
2010-07-04 17:19 . 2009-11-04 00:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-04 17:19 . 2010-07-04 17:19 -------- d-----w- c:\program files\ffdshow
2010-07-04 17:08 . 2010-07-04 17:08 -------- d-----w- c:\program files\Zoom Player
2010-07-04 15:53 . 2010-07-04 15:53 -------- d-----w- c:\program files\Amazon
2010-07-03 18:58 . 2010-07-03 18:58 -------- d-----w- c:\programdata\PopCap Games
2010-07-03 18:58 . 2010-07-03 18:58 -------- d-----w- c:\program files\PopCap Games
2010-07-02 21:42 . 2010-07-02 21:42 -------- d-----w- c:\programdata\Reflexive
2010-07-02 18:21 . 2010-07-21 12:26 -------- d-----w- c:\users\Jesse\.nx
2010-07-02 18:20 . 2010-07-02 18:20 -------- d-----w- c:\program files\NX Client for Windows
2010-07-02 12:57 . 2010-07-15 22:49 -------- d-----w- c:\programdata\Apple Computer
2010-07-02 12:57 . 2010-07-02 12:58 -------- d-----w- c:\program files\QuickTime
2010-07-02 12:54 . 2010-07-02 12:54 -------- d-----w- c:\users\Jesse\AppData\Local\Apple
2010-07-02 12:52 . 2010-07-02 12:52 -------- d-----w- c:\program files\Apple Software Update
2010-07-02 12:46 . 2010-07-02 12:47 -------- d-----w- c:\program files\Bonjour
2010-07-02 12:44 . 2010-07-15 22:49 -------- d-----w- c:\program files\Common Files\Apple
2010-07-02 12:44 . 2010-07-02 12:44 -------- d-----w- c:\programdata\Apple
2010-07-02 12:26 . 2010-07-02 12:26 -------- d-----w- c:\users\Jesse\AppData\Roaming\wootalyzer
2010-07-02 08:23 . 2010-07-02 08:23 -------- d-----w- c:\windows\system32\Wat
2010-07-02 08:07 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-02 08:06 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-02 08:06 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-02 08:06 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-02 08:06 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-02 08:06 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-02 08:01 . 2010-07-02 08:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-07-01 21:37 . 2010-07-04 15:53 -------- d-----w- c:\programdata\Amazon
2010-07-01 21:32 . 2010-07-01 21:32 -------- d-----w- c:\windows\Downloaded Installations
2010-07-01 21:08 . 2010-07-01 21:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-01 21:02 . 2010-07-04 08:07 -------- d-----w- c:\program files\Microsoft Works
2010-07-01 21:00 . 2010-07-01 21:00 -------- d-----w- c:\windows\PCHEALTH
2010-07-01 21:00 . 2010-07-01 21:00 -------- d-----w- c:\program files\Microsoft.NET
2010-07-01 20:57 . 2010-07-01 20:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-01 20:55 . 2010-07-01 20:55 -------- d-----w- c:\users\Jesse\AppData\Local\Microsoft Help
2010-07-01 20:55 . 2010-07-15 11:14 -------- d-----w- c:\programdata\Microsoft Help
2010-07-01 20:55 . 2010-07-20 12:33 -------- d-sh--w- c:\windows\Installer
2010-07-01 16:14 . 2010-07-01 16:14 -------- d-----w- c:\users\Jesse\AppData\Local\Mozilla
2010-07-01 13:22 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-07-01 13:22 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-07-01 13:22 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-07-01 13:22 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-07-01 13:22 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-07-01 13:22 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-07-01 13:22 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-07-01 13:22 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-07-01 12:57 . 2009-10-24 04:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-07-01 12:57 . 2009-10-24 03:58 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-07-01 12:52 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-01 12:52 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-07-01 12:52 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-07-01 12:51 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-07-01 12:51 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-07-01 12:51 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-07-01 12:50 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-07-01 12:50 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-07-01 12:50 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-07-01 12:48 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-07-01 12:48 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-07-01 12:48 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-07-01 12:47 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-07-01 12:47 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-07-01 12:47 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2010-07-01 12:47 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2010-07-01 12:47 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-01 12:43 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-07-01 12:43 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-07-01 12:43 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-07-01 12:43 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-07-01 12:39 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-07-01 12:39 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-07-01 12:39 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-07-01 12:39 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-07-01 12:37 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-07-01 12:37 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-07-01 12:37 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-07-01 12:37 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-07-01 12:37 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-07-01 12:37 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-07-01 12:37 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-07-01 12:37 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-07-01 12:37 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-07-01 12:37 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-01 12:32 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-07-01 12:32 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-07-01 12:25 . 2010-07-01 12:25 -------- d-----w- c:\windows\system32\Macromed
2010-07-01 12:22 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 08:23 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-07-01 21:02 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-07-01 04:51 . 2010-07-01 04:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-01 03:28 . 2010-07-01 03:28 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-01 03:28 . 2010-07-01 03:28 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-16 01:01 . 2010-06-16 01:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 21:35 . 2010-05-18 21:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-01 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-09-21 2150400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-3-4 97384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-02 1343400]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [2010-06-19 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100720.001\IDSvix86.sys [2010-06-05 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 WN311BFCS;Netgear WN311B Wireless Control Service;c:\windows\system32\WN311BFCS.exe [2007-09-21 393216]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-01 102448]
S3 NETGEAR;Netgear 802.11 Network Adapter Driver;c:\windows\system32\DRIVERS\wn311b.sys [2008-03-27 1187320]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1753801874-1966898630-305826611-1000Core.job
- c:\users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-01 12:08]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1753801874-1966898630-305826611-1000UA.job
- c:\users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-01 12:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15438&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\ugkde92y.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15438&l=dis
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Jesse\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-21 16:27:56
ComboFix-quarantined-files.txt 2010-07-21 21:27

Pre-Run: 55,789,563,904 bytes free
Post-Run: 57,118,769,152 bytes free

- - End Of File - - 77B2CE15297F47C2607322FCCC3CDE8C


Report •

#6
July 21, 2010 at 14:47:07

Report •

#7
July 21, 2010 at 15:04:40
It is running a little faster than before but I still get the redirect when going to a search engine.

Report •

#8
Report •

#9
July 21, 2010 at 15:53:52
Trojan Remover found nothing and Hitman Pro only found the Trojan remover setup as a suspicious file.


Report •


Ask Question