Please help me. I got Google redirects and my sound drivers crash.

~~~

Hello all,

I am new to this forum. I got a computer problem here at work that is driving me nuts. I think the problem started out as a Google redirect infection which escalated from the stupid things I've done. Any help from you guys to get me back on track would be much appreciated.

Here is a quick backgrounder on my problem:

Two weeks ago, I was browsing some forum, and before I realized it, every website I visit triggers the MicroTrend Client on my computer to pop up with a message that it has caught a virus from adserve or something with a long name made up of a long string of letters and numbers.

Here are the steps I have tried to solve the problem:

1) I went to MicroTrend Online and ran all their scanners and rootkit removers, all of which did not catch any infection.
2) I did more searching and found a thread on the forum.techguy.org with the same problem and followed one of the suggested solution to run SDFix.
3) The next day, the MicroTrend Client on my computer was still doing the same thing, so I called in one of the techies in the office. First, she said my MicroTrend Client was not updated for a long time because she forgot to re-activate it with a new registration key. She then tried to do a couple of system restores, both of which completely crapped out. Eventhough the system restores failed, she continued to un-install and re-install MicroTrend Client on my computer.
4) I run a quick scan on MicroTrend Client and it did not catch any infection.
But when I visit a website, I do not get any MicroTrend Client pop-ups anymore, so I though everything is fine and I was happy.

However, on the days following I realized that something was wrong. Here are the problems I am encountering:

1) All my Google searches are now redirecting me to the wrong websites (usually advertisement sites). I have to try 3 or 4 times before getting to the right website.
2) After being logged on for a while, my taskbar would go all grey/white on me. (I have WinXP so my taskbar is usually blue). The grey/white taskbar would usually go away and sometimes it would stay on. I would then have to do a right-click/Properties on my desktop to restore my desktop settings through Display Properties.
3) After my taskbar goes wonky, I would usually get a pop-up message from the system tray that Outlook got disconnected, and then another message that my Outlook connection has been restored.
4) After 2 and 3 above happens, I will get a couple of pop-ups from the Visual Studio Just-In-Time Debugger with the error message "An unhandled win32 exception occurred in svchost.exe [nnnn]"
5) After 4 above happens, all my sound device drivers become non-existent to the system. So I cannot play any sound/music through Windows Media Player. I cannot hear any sound from Youtube clips. My Accessories/Volume Control is also unaccessible.
6) If I am logged on for a while, and then shutdown the computer, the computer cannot update my roaming profile or save my profile settings.
7) For a little while, when I log on to my computer in the morning, it would stop at a blue screen and I don't get a login box. But this one got resolved when I run a few more spyware utilities. The other problems remained the same.

I ran a few more spyware utilities mentioned in other forums. I am at the end of my wits by this point, I was just running whatever utilities I read from other forums:
1) STOPzilla, but it did not catch any infection.
2) TDSSkiller, but it keeps stopping at 80% initialization.
3) Malwarebyte's Anti-Malware. It caught and quarantined 5 viruses.
4) Dr. Web CureIt. It caught and quarantined a TDSS infection.

All the problems (except the 7th) I stated above are still there. In spite of these problems, I am still able to do the core duties of my job as a database analyst/programmer, meaning that the essential software that I need to function at work seem unaffected: Visual FoxPro 6.0, MS Office, MSDN. I can still use the Internet Explorer (I just have to endure 3-5 redirects though). But it is really irritating when the sound drivers suddenly bomb or when the taskbar goes all grey/white. I would really like to resolve my computer problems.

This has led me your forum. Hopefully you will be able to help me. I have already gone through the READ and RUN ME Malware Removal Guide. The necessary logs are attached. If you have the time, please guys, I need your assistance. Thank you in advance.

Troy

~~~

 

~~~

Hello again,

Here are the rest of the log files from the READ ME and RUN ME guidelines.
Please note that I attached two log files from Malwarebyte (mbam-log) one of them is the log I got the very first time I ran it, and the second log is the one I got when I ran the utilities/tools as mentioned in the guide.

Thank you in advance for your assistance and patience.

Troy

~~~

 

~~~

Hi Kestrel13, thank you so much for looking into this problem for me. I have attached the MGlogs.zip. I going into a meeting at work right now. I will do your instructions as soon as I get out from the meeting (1 hour). Please don't think I'm ignoring your instructions.

Troy

~~~

 

Hello Kestrel13,

I am back again again. I did as per your instructions:
1) I ran the Recovery Console that got downloaded and installed when I ran ComboFix (per the malware guideline).
2) I ran FixMBR. I got a couple of warning messages about my partitions getting wiped out if I continued etc. but I continued to run FixMBR anyway.
3) I ran TDSSKiller. The latest update apparently is 2.5.0.0. I ran with both checkboxes selected (Services and Drivers, and Bootsectors). I am attaching the log.

So far, I haven't got a redirect or a crash, but it is too soon to tell. I've only been logged on for 30 minutes. The problems usually start after an hour. So I will report back to you after an hour.

In the meantime, here are other info that you might need or interested to know. The TrendMicro Client that I have been referring to is actually named TrendMicro OfficeScan client which is the standard anti-virus software we use here at work.

Yesterday, I caught the "MS Removal Toolkit" virus. This was probably from one of those ad-sites I get redirected to. This prompted me to run Malwarebyte and Trojan Remover in safe mode. Malwarebytes caught and quarantined two infections. But ever since then, TrendMicro OfficeScan would no longer load when I log on or at least, it does not seem to load because I don't see it on the system tray. And, when I am newly logged in my system tries to automatically install TrendMicro Officescan which then stops in the middle of the install saying that TrendMicro is already installed.

I also remembered, that in my original post under Dr. Web CureIt, you can add CCleaner.

Troy

~~~

 

~~~

Hi Kestrel13,

I have been logged on for 1.5 hours, and I still haven't experienced any redirects or sound driver crashes. It seems too good to be true. And for a procedure that is just too easy, it almost feels like I do not deserve it. Can we please keep this thread alive until tomorrow afternoon, at least? It would give me some time to observe the system.

In the meantime, I am wondering if I should re-install TrendMicro Officescan? I've tried to uninstall it from the Start menu and it cannot find the EXE for uninstalling it. I've looked in Add/Remove Programs of the Control Panel, and it is not even listed there. But when I log on, it tries to install but stops mid-way because it detects that it already install (just like I've explained in my earlier post.)

Anyway, I'll wait till tomorrow before I do anything.

Troy

~~~

 

~~~

Hi Kestrel13,

I just logged into the forum today, and so far, so good. I haven't had a redirect or crash. I just read your latest instructions, so I'll get back to you with the results, as soon as I can.

Troy

~~~

 

~~~

Hi Kestrel13,

I am back with the results. The log files are attached.

The ComboFix of your instruction was done in Safe Mode. Even then, ComboFix detected that TrendMicro Officescan was active. I tried to de-activate it but like I said in my earlier posts, its uninstall link from the Start menu does not work, it is not listed under Control Panel/Add or Remove Programs, and I do not know which process to kill in the Task Manager to de-activate it. So I just let ComboFix run its course even though it detected TM Officescan.

When the machine was rebooted, TM Officescan tried to install and then stopped (like I explained from my earlier posts). This could probably fixed later. Other than this the system seems to be working normally.

I've installed the Java Runtime 6 from the link provided. I've run C:\MGTools\GetLogs.bat in Safe Mode.

Troy

~~~

 

~~~

Hi Kestrel13,

I just gone through your latest instructions... The log files are attached.

A couple of things:
1) After running ComboFix in Safe Mode and rebooting, my machine failed to retrieve my roaming profile.
2) I've run the CCleaner and tried to install TrendMicro Officescan but can't. So I got our main techie here to take a look. She has to log on my computer as Admin, disconnect my machine from our network, and then reconnect. Afterward, she went into Network Properties and delete TrendMicro firewall. When I reboot and log in as myself, it went along fine, and TrendMicro Officescan automatically installed by itself.
3) I ran C:\MGtools\GetLogs.bat in Normal Mode.

One more thing, I would like to know your thoughts on using a virtualization software such as Sandboxie or iCore or ZoneBufferPro when browsing with IE or Firefox. Do you think I would not have caught the Google redirect virus if I had been using one of these virtualization software? I mean, is it advisable to use these software? Do they really add an extra layer of protection?

Thanks.

Troy

~~~

 

~~~

Hi Kestrel13,

I have just performed your latest instructions. The logs are attached.

Two things:
1) I ran them all in Normal mode using "Run as Administrator".
2) When OTM finished rebooting the machine, it automatically opened the log in Notepad, not in the OTM Results window.

Troy

~~~

 

~~~

Hi Kestrel,

It has been two days and I have not had any problems with my computer. So much so that I almost forgot to return to the MajorGeeks forum to check our thread.

I'll do your latest (final?) instructions at the end of the day.

Thank you so much. You guys are awesome. I told our tech support here at the office that if they ever encountered any malware problems to check out the MajorGeeks forum. You guys are the greatest.

Troy

~~~