1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google redirect and slow pc

Discussion in 'Virus & Other Malware Removal' started by jeyobe13, Feb 19, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. jeyobe13

    jeyobe13 Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    3
    Hello Everyone,

    This is the problem I've been having for a few weeks. I noticed my computer was operation slow and redirects my browsing to advertisement pages. I since have cleaned and boot the laptop numerous times along with pc clean through malwarebytes/norton and windows essential and it stills keep doing it. Any help will be greatly appreciated.
    Thank you in advanced.
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz, Intel64 Family 6 Model 37 Stepping 5
    Processor Count: 4
    RAM: 3892 Mb
    Graphics Card: Intel(R) HD Graphics, 1722 Mb
    Hard Drives: C: Total - 461823 MB, Free - 383823 MB;
    Motherboard: Dell Inc., 08VFX1
    Antivirus: Norton Security Suite, Updated and Enabled
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please do not post any more duplicates, I have asked a moderator to remove them.

    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  3. jeyobe13

    jeyobe13 Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    3
    Thank you for helping me. This is the info you requested. Let me know if this is helpful.

    # AdwCleaner v2.112 - Logfile created 02/19/2013 at 20:54:13
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Jeyobe2 - JEYOBE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Jeyobe2\Downloads\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Users\Jeyobe2\AppData\Local\Ilivid Player

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKLM\Software\bflixtoolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16450

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\Jeyobe2\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1696 octets] - [19/02/2013 20:54:13]

    ########## EOF - C:\AdwCleaner[S1].txt - [1756 octets] ##########
     
  4. jeyobe13

    jeyobe13 Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    3
    This is the second part of the process.

    RogueKiller V8.5.1 _x64_ [Feb 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jeyobe2 [Admin rights]
    Mode : Scan -- Date : 02/19/2013 21:09:10
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] alotservice.exe -- C:\Users\Jeyobe2\AppData\LocalLow\alotservice\alotservice.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
    --- User ---
    [MBR] 6bbb4b1d53db29164185b5940ebb30ed
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461823 Mo
    User != LL1 ... KO!
    --- LL1 ---
    [MBR] ba94695639da83fd89510a5e98edf9c2
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code [possible maxSST in 3!]
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461823 Mo
    3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] ba94695639da83fd89510a5e98edf9c2
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code [possible maxSST in 3!]
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461823 Mo
    3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo

    Finished : << RKreport[1]_S_02192013_02d2109.txt >>
    RKreport[1]_S_02192013_02d2109.txt
     
  5. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have a Rootkit partition infection, please follow this and post the log:

    NOTE: Unless otherwise advised please use a clean working PC to download and copy FRST to a Flash Drive.
    Use these links to download the correct version for your operating system and save it to the Flash Drive.
    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit

    NOTE: For Windows 7 systems only: If you cannot get Option 1 to work you can make a Recovery disc to use for Option 2.
    Just do this: Click on Start > Control Panel and select Backup and Restore. In the left hand pane select Create a System Recovery disc and follow the prompts.
    This can be done on any Windows 7 PC but it must have the same bit rate as the infected PC, i.e. 64 or 32bit.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options by using Option 1 or Option 2
    STEP 1
    Option 1
    To enter the System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
    • Use the arrow keys to select Repair your computer and hit the Enter key. If Repair your computer is not in the menu you will need to follow Option 2 below.
    • Select US as the keyboard language settings, and then click Next. If you know your keyboard is for another language then select that from the list.
    • The system will scan for installed operating systems. Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next. If there is only one user account this will go straight to the System Recovery Options.
    • Now go to the instructions for STEP 2.


    Option 2
    To enter the System Recovery Options by using a Windows installation or Recovery disc:

    • Insert the Installation or Recovery disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer. NOTE: This Option will be skipped if using a Recovery disc.
    • Select US as the keyboard language settings, and then click Next. If you know your keyboard is for another language then select that from the list.
    • The system will scan for installed operating systems. Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next. If there is only one user account this will go straight to the System Recovery Options.
    • Now go to the instructions for STEP 2.


    NOTE: If you are unable to complete either Option 1 or 2 then stop and let me know. This tool will only run correctly if you are able to get to the System Recovery Options menu.

    STEP 2
    On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The Notepad opens. Click on File and select Open.
    • Select Computer and find your flash drive below Devices with Removable Storage make a note of the drive letter and close Notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
      NOTE: if you receive an error message "the system cannot find the drive specified" go back into Notepad and check the drive letter for the Flash Drive, also note the letter can change on subsequent runs.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer. (This may not appear on all systems).
    • Press the Scan button. The progress bar may freeze for a while which is normal, leave it undisturbed and it will complete the scan.
    • It will make a log (FRST.txt) on the flash drive. Put the Flash drive back in a working PC, open Windows Explorer and then click on the Flash Drive. Double click on FRST.txt then Copy & Paste the log into your next reply. Please DO NOT send the log as an attachment.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090132

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice