Inactive [InActive] Another Google redirect

hey i have the same symptoms and problems and this link is blocked for me cos of the malware

 

Welcome to WindowsBBS miiles

Do you have access to another computer you can download a tool on, then a means of transferring it to the affected computer?

 

erm sorry nope ... sorry for the late reply

 

Lets see if this will work. Go to this proxy server then copy and paste the following link into the proxy address bar.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

If you get a download dialog, save the file to your desktop.

Post back and let me know if successful.

 

erm the proxy site just times out X.X can u post several others or an even better way sorry i shouldnt really tell u wot to do

 

I managed to get ComboFix. What now?

 

Great! Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

when it ask for what user do u want to run it on i choose current and click ok and then nothing happens.. tried it 20 times i also did the following user and chose this one :S </3

 

Sorry, I don't understand what you mean. Are you saying that when you double click ComboFix.exe on your desktop it asks you what user you want to run it on? If so, what are the choices?

XP or Vista operating system?

 

sorry for the incoherent reply ;
when i double click i got nothing
when i right click it says () current user
() other (drop down box)
i have tried both with current user and chosen the current user in the drop down box
and i use windows xp

 

Please download it again, but this time give it a different name prior to saving it - something like CimboFox.exe or similar. Then try double clicking again.

 

yh it worked and the redirecting seeems to be over however it doesnt create a report it just freezes i tried twice and waited 20mins each time (for the report only ) and nothing happened do you think my problem is solved???

 

Please see if there is a log at C:\ComboFix.txt and post it here if present.
If not, open C:\Qoobox and post the ComboFix-quarantined-files.txt log.

 

this was the text file within the c\ combofix :

ComboFix 08-11-14.01 - Owner 2008-11-16 19:32:15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.73 [GMT 0:00]
Running from: C:\Documents and Settings\Owner\Desktop\cimnobdv.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Mum\Application Data\HbTools
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\cdmxtras
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\cache329\B_329_0_0_446700.htm
C:\WINDOWS\system32\cache329\B_329_0_0_446800.htm
C:\WINDOWS\system32\cache329\B_329_0_0_446900.htm
C:\WINDOWS\system32\cache329\B_329_1_0_449200.htm
C:\WINDOWS\system32\cache329\B_329_1_0_449600.htm
C:\WINDOWS\system32\cache329\B_329_1_0_454300.htm
C:\WINDOWS\system32\cache329\B_329_2_0_446700.htm
C:\WINDOWS\system32\cache329\B_329_2_0_446800.htm
C:\WINDOWS\system32\cache329\B_329_2_0_446900.htm
C:\WINDOWS\system32\cache329\B_329_3_0_446700.htm
C:\WINDOWS\system32\cache329\B_329_3_0_446800.htm
C:\WINDOWS\system32\cache329\B_329_3_0_446900.htm
C:\WINDOWS\system32\cache329\B_329_4_0_448200.htm
C:\WINDOWS\system32\cache329\B_329_4_0_448300.htm
C:\WINDOWS\system32\cache329\B_329_4_0_453400.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_446700.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_446800.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_446900.htm
C:\WINDOWS\system32\cache329\t_B_329_1_0_449200.htm
C:\WINDOWS\system32\cache329\t_B_329_1_0_449600.htm
C:\WINDOWS\system32\cache329\t_B_329_1_0_454300.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_446700.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_446800.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_446900.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_446700.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_446800.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_446900.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_448200.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_448300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_453400.htm
C:\WINDOWS\system32\drivers\TDSSpqxt.sys
C:\WINDOWS\system32\drivers\TDSSserv.sys
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\TDSScbqp.dll
C:\WINDOWS\system32\TDSSciou.dll
C:\WINDOWS\system32\TDSSfpmp.dll
C:\WINDOWS\system32\TDSSnmxh.log
C:\WINDOWS\system32\TDSSnrse.dll
C:\WINDOWS\system32\TDSSoiqh.dll
C:\WINDOWS\system32\TDSSosvn.dat
C:\WINDOWS\system32\TDSSsbhc.dll
C:\WINDOWS\system32\TDSSthym.log
C:\WINDOWS\system32\TDSStkdv.log
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV
-------\Legacy_TDSSSERV
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.



and qoobox pnly contained registry back ups

 

i can tell u that i recently tried to download some dodgy media converter to convert to psp naturally i have removed it at control panal but yh

 

Please boot to safe mode and logon to your account, then run ComboFix again.
If/when it reboots, allow it to start normally. Please do not attempt to do anything else until it completes and opens a log. If it hasn't done so within an appropriate amount of time, use Ctrl+Alt+Del to open the task manager, then End Process on any of the following processes if present.

sed.exe
findstr.exe
vfind.exe
grep.exe

It should continue and open the log.