Google Analytics Virus

August 5th, 2016

Hey guys,
I have installed a fresh copy of windows with plenty of different programs to prevent this from happening again (we actually had an expert do all the installations for us this time around)..and this problem is still happening..its getting very annoying. Before, it would direct me to completely different websites from the ones I searched up. Now it loads some of my websites blank..says something along the lines of Google Analytics? The internet is acting very slow sometimes, opens random popups and it keeps getting worse..
Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:26:53 PM, on 12/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fileresearchcenter.com/whatsrunningpre.html?tag=SUPERANTISPYWARE&trial=yes&activated=yes&appid={F5F8C0B4-BEDA-45F5-9F5A-F0543A40333D}
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VIPHD\vsdrv.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285446911031
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
--
End of file - 6775 bytes

Thanks !

Answer #1
A pure format? That usually would fix it! My guess is that it is possibly integrated to your network do you have a router or multi port modem? Also pleAse post a hijack this log. EDIT also please look at this page http://ezinearticles.com/?Google-Redirect-Virus-Fix---How-to-Get-Rid-of-Google-Virus&id=2450094
Answer #2
A pure format? That usually would fix it! My guess is that it is possibly integrated to your network do you have a router or multi port modem? Also pleAse post a hijack this log. EDIT also please look at this page http://ezinearticles.com/?Google-Redirect-Virus-Fix---How-to-Get-Rid-of-Google-Virus&id=2450094
Log posted.
Also,
I checked the Hardware Device Manager
..however I cant find “TDSSserv.sys” anywhere
Really need help fixing this..its getting very annoying
Answer #3
Location: C:\Windows\System32\drivers\tdssserv.sys
http://www.techspot.com/vb/topic116603.html
http://www.scanforfree.com/24/tdssserv-sys-remover.html
Answer #4
Location: C:\Windows\System32\drivers\tdssserv.sys
http://www.techspot.com/vb/topic116603.html
http://www.scanforfree.com/24/tdssserv-sys-remover.html
. This. Also this may not help but I’ve realized a great remover and scanner for this type of stuff is superantispyware it really is a great little program you can get it at http://www.superantispyware.com When i get back home I will take a look at the hijack this log
Answer #5
Location: C:\Windows\System32\drivers\tdssserv.sys
http://www.techspot.com/vb/topic116603.html
http://www.scanforfree.com/24/tdssserv-sys-remover.html

Checked the directory..file is not there..not in device manager either Tried both links..still no help
I have tried doing everything under “How To Remove Google Redirect virus Manually?”
http://www.review-buddy.com/spyware-removers/how-to-remove-google-redirect-virus.html
I think I should mention that sometimes, while on the internet, windows media player opens and plays some unknown file..I never got to hear it play because I always close it right away..Didnt know it had anything to do with it until I read some of the threads.
Answer #6
Try formatting one more time if you can while having every other drive out except the one your installing windows on then first thong put virus protection before it can disable it or anything
Answer #7
Try formatting one more time if you can while having every other drive out except the one your installing windows on then first thong put virus protection before it can disable it or anything
Thanks for the advice………anybody else?
Answer #8
Selected the main partition (C), deleted it, recreated and installed the Windows XP on there, without touching any other partitions like as always. However now my 1tb WD is missing..not in my computer, however it shows up in BIOS..This hd is filled with my music and movie collection..I need it back ..
help!!
Answer #9
Is your main problem fixed? I need to do that first then I can help you solve the next
Answer #10
My main problem is not fixed..and my computer wont start..I get some blue screen right away that says I need to clear my computer from viruses and such..cant start in safe mode either b/c I get the same thing. Im more worried about my lost music/movie collection right now…I can do another install to fix the google virus/ and blue screen I suppose…I just dont want to lose my collection
Answer #11
get a thumb drive, a big one.
boot your computer using a linux live cd or hirens boot disk (with mini windows xp)
now your hard drive is a slave to your cd drive.
plug in your thumb drive and move your collection, and ONLY files that you are sure aren’t infected.
format ALL PARTITIONS. It’s quite possible that you’ve got something chilling on your D: drive waiting to attack C: every time it wakes up.
Answer #12
Well if you finally get sick to death of fixing windows systems
do yourself a favor and have a look at linux operating systems, Ubuntu 10.04 is very stable and the easiest to learn.
Hope this helps you out.
Answer #13
Alright, if you are still here, get this it is by Kaspersky, called TDSS Killer if you haven’t already tried it
http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
Answer #14
get a thumb drive, a big one.
boot your computer using a linux live cd or hirens boot disk (with mini windows xp)
now your hard drive is a slave to your cd drive.
plug in your thumb drive and move your collection, and ONLY files that you are sure aren't infected.
format ALL PARTITIONS. It's quite possible that you've got something chilling on your D: drive waiting to attack C: every time it wakes up.

Took the words right from my mouth.
Only thing is get an external not a thumb drive

 

| Sitemap |