Google Redirect Virus - HELP!!!

babybug · 3 January 2009 at 4:57PM

Yes I use Firefox, but it's the same on Chrome and IE as well.

babybug · 3 January 2009 at 5:05PM

OK, superantispyware log:

Still getting the redirects though

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/03/2009 at 04:51 PM
Application Version : 4.24.1004
Core Rules Database Version : 3694
Trace Rules Database Version: 1670
Scan type : Complete Scan
Total Scan Time : 00:32:40
Memory items scanned : 355
Memory threats detected : 0
Registry items scanned : 3740
Registry threats detected : 0
File items scanned : 19977
File threats detected : 136
Adware.Tracking Cookie
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@adbrite[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@adrevolver[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.googleadservices[6].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@insightexpressai[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@tacoda[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@statcounter[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@uk.sitestat[6].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@redirect.clickshield[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.socialtrack[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ad.slutload[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@atdmt[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@roiservice[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@secure1.missionmedia[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@adultadworld[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@megaporn[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wfloohczeko.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@revsci[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@zedo[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.googleadservices[8].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@fastclick[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ads.aol.co[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@112.2o7[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@imrworldwide[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@overture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@rambler[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@casalemedia[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ehg-bestwestern.hitbox[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www7.addfreestats[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@advertising[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@77tracking[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@freepornsite[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@mediaplex[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@xiti[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@indextools[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ads.pointroll[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.googleadservices[7].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@int.sitestat[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@adopt.euroclick[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.freepornsite[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@at.atwola[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.googleadservices[3].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.googleadservices[5].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ads.foodbuzz[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@specificclick[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@b5media[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@tradedoubler[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@apmebf[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@clientdata.globusmedia[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@msnportal.112.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.googleadservices[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@amazonms.122.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@enporn[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@int.sitestat[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@videoegg.adbureau[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ehg-futurepub.hitbox[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@stats.paypal[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@atwola[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@media.adrevolver[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@bs.serving-sys[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@maxporn[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@track.omguk[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.googleadservices[4].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@adtech[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.freepornsite[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ad.yieldmanager[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@socialmedia[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@uk.sitestat[4].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@serving-sys[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@247realmedia[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@adviva[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ehg-rodale.hitbox[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ads.monster[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@valueclick[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@tribalfusion[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@s.clickability[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wgkosmdzmfo.stats.esomniture[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.enporn[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@metacafe.122.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@uk.sitestat[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@questionmarket[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@mediaonenetwork[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@highbeam.122.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wfl4cgczglo.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@doubleclick[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ads.uknetguide.co[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@media.adrevolver[3].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@statse.webtrendslive[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@adserve.tescofinance[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wglokoczoeq.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wfmysjcpego.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ads.warmnetworks[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@hitbox[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@uk.sitestat[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wjkyagczigo.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wjmywnczako.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@fastfinders.co[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wglikndzakp.stats.esomniture[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wgk4kod5eko.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wgkyukajmlo.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wfkywlc5efo.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wjmiwlazocp.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@lovefilm.122.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@208.122.40[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@pr.valueclick[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@chitika[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.stopzilla[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ads.jpgmag[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wjkyugc5kgp.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wflokicziep.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@stat.onestat[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@paypal.112.2o7[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www3.addfreestats[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ehg-debenhams.hitbox[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ordie.adbureau[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@revenue[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wgkogodpmao.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@smartadserver[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@findprice.co[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@ads.anm.co[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wglywgd5ikq.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@kontera[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@uk.sitestat[3].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wfkielajilo.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@bluestreak[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@uk.sitestat[5].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wbliejdzego.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@e-2dj6wjmyslajocp.stats.esomniture[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@www.googleadservices[2].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@stopzilla[1].txt
C:\Documents and Settings\Splat & Jim\Cookies\splat_&_jim@linksynergy[2].txt

Browntoa · 3 January 2009 at 5:15PM

it's found nothing...just cookies

I've got the feeling it's a new one, try combifix a 2nd time to see if it picks anything up

Old_Sherlock · 3 January 2009 at 5:19PM

Have a go with this http://www.softpedia.com/get/Antivirus/Dr-WEB-CureIt.shtml Dont forget to reboot , I can`t remember if it asks or not

babybug · 3 January 2009 at 5:27PM

OK, ComboFix try number 2 generated this

ComboFix 09-01-01.02 - Splat & Jim 2009-01-03 17:20:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.588 [GMT 0:00]
Running from: c:\documents and settings\Splat & Jim\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-03 16:16 . 2009-01-03 16:16 <DIR> d

c:\program files\SUPERAntiSpyware
2009-01-03 16:16 . 2009-01-03 16:16 <DIR> d

c:\documents and settings\Splat & Jim\Application Data\SUPERAntiSpyware.com
2009-01-03 16:16 . 2009-01-03 16:16 <DIR> d

c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-03 16:15 . 2009-01-03 16:15 <DIR> d

c:\program files\Common Files\Wise Installation Wizard
2009-01-03 15:49 . 2009-01-03 15:49 <DIR> d

c:\program files\Trend Micro
2009-01-03 13:12 . 2009-01-03 13:12 <DIR> d--h

C:\$AVG8.VAULT$
2009-01-03 11:38 . 2009-01-03 11:38 <DIR> d

c:\program files\Malwarebytes' Anti-Malware
2009-01-03 11:38 . 2009-01-03 11:38 <DIR> d

c:\documents and settings\Splat & Jim\Application Data\Malwarebytes
2009-01-03 11:38 . 2009-01-03 11:38 <DIR> d

c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 11:38 . 2008-12-03 19:52 38,496 --a

c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 11:38 . 2008-12-03 19:52 15,504 --a

c:\windows\system32\drivers\mbam.sys
2009-01-03 11:34 . 2009-01-03 11:34 0 --a

c:\windows\nsreg.dat
2009-01-03 10:16 . 2009-01-03 10:16 97,928 --a

c:\windows\system32\drivers\avgldx86.sys
2009-01-03 10:16 . 2009-01-03 10:16 76,040 --a

c:\windows\system32\drivers\avgtdix.sys
2009-01-03 10:16 . 2009-01-03 10:16 10,520 --a

c:\windows\system32\avgrsstx.dll
2009-01-03 10:15 . 2009-01-03 10:19 <DIR> d

c:\windows\system32\drivers\Avg
2009-01-03 10:15 . 2009-01-03 10:15 <DIR> d

c:\program files\AVG
2009-01-03 10:15 . 2009-01-03 10:20 <DIR> d

c:\documents and settings\Splat & Jim\Application Data\AVGTOOLBAR
2009-01-03 10:15 . 2009-01-03 10:15 <DIR> d

c:\documents and settings\All Users\Application Data\avg8
2009-01-02 21:03 . 2009-01-02 21:03 <DIR> d

c:\program files\a-squared Free
2009-01-01 11:52 . 2009-01-01 11:52 <DIR> d

c:\windows\system32\scripting
2009-01-01 11:52 . 2009-01-01 11:52 <DIR> d

c:\windows\l2schemas
2009-01-01 11:51 . 2009-01-01 11:51 <DIR> d

c:\windows\system32\en
2009-01-01 11:51 . 2009-01-01 11:51 <DIR> d

c:\windows\system32\bits
2009-01-01 11:46 . 2009-01-01 11:53 <DIR> d

c:\windows\ServicePackFiles
2009-01-01 11:27 . 2009-01-01 11:27 <DIR> d

c:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 17:19

d

w c:\documents and settings\Splat & Jim\Application Data\StumbleUpon
2009-01-03 09:50

d

w c:\program files\Common Files\Symantec Shared
2008-12-07 19:44

d

w c:\documents and settings\All Users\Application Data\Tesco Photobook Creator
2008-11-25 18:19

d

w c:\program files\Alwil Software
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-03_15.36.09.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-03 16:16:42 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-01-03 16:16:42 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Splat & Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-03 1261336]
"VTTimer"="VTTimer.exe" [2006-08-02 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-07-10 c:\windows\system32\S3Trayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-20 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-01-15 614400]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2009-01-03 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-03 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2009-01-03 76040]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-01-14 659456]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-287218729-725345543-1005.job
- c:\documents and settings\Splat & Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 16:59]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath - c:\documents and settings\Splat & Jim\Application Data\Mozilla\Firefox\Profiles\1hn3xv0p.default\
FF - plugin: c:\documents and settings\Splat & Jim\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 17:24:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\avgrsstx.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-03 17:25:53
ComboFix-quarantined-files.txt 2009-01-03 17:25:19
ComboFix2.txt 2009-01-03 15:37:31

Pre-Run: 14,422,614,016 bytes free
Post-Run: 14,433,804,288 bytes free

145 --- E O F --- 2009-01-02 21:38:25

Browntoa · 3 January 2009 at 5:34PM

deleted no files , so supect this is a new one , bear with us for a few days by the looks of it

where does it redirect , any particular site each time ??

Browntoa · 3 January 2009 at 5:37PM

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post

babybug · 3 January 2009 at 5:38PM

Main links seem to be freescan, couponmountain and blinkx

Only got infected yesterday, so could well be a new one. What d you think - wait a few days and try rescanning when the virus software has updated?

Is it likely to cause any other problems with security etc do you think?

babybug · 3 January 2009 at 5:42PM

With the Kaspersky scanner it needs me to disable the other anti-virus software. I thought I had but it's still not working.

I know I'm rubbish!

Browntoa · 3 January 2009 at 5:42PM

Ignore Kapersky for now

you could attempt to use system restore to go back a few days

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

then update Mabam ( may need to re-install it if you did that since the infection ) and scan straight away (System Restore may not function because of the infection)

see if it it finds anything, and then see if the redirects still happen

Google Redirect Virus - HELP!!!

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free