Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser redirects

Unread postby glenncvance » July 6th, 2010, 6:48 pm

Hello all - I'm getting numerous browser redirects, usually when clicking Google search links. Winpatrol pops up a startup clarification for something using '?' as the process name.

Here is my HJT log -

Logfile of HijackThis v1.99.1
Scan saved at 5:37:41 PM, on 7/6/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Locate32\locate32.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe
C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetPluginHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Virtual Storage Mount Notification - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\Windows\system32\VSMntNtf.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [O&O Defrag Agent (Win32)] C:\Program Files\OO Software\Defrag\oodag.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Startup: desktopListView.lnk = C:\Program Files\desktoplistview\desktopListView.exe
O4 - Startup: Locate32 Autorun.lnk = C:\Program Files\Locate32\locate32.exe
O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: Gladinet Cloud Desktop.lnk = ?
O4 - Global Startup: Jungle Disk Desktop.lnk = C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0FE5EFF-0CF0-40D0-8D8E-DA8343368353}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ?
O20 - Winlogon Notify: WgaLogon - C:\Windows\
O21 - SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\Windows\system32\VSMntNtf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoExNT - Unknown owner - C:\Windows\system32\AutoExNT.Exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GladFileMonSvc - Gladinet, INC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
O23 - Service: JungleDiskService - Unknown owner - C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe" --service (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)



And here is the uninstall list -

2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Digital Editions
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
BatteryBar (remove only)
Bonjour
CCleaner
CDisplay 1.8
Content Transfer
ConvertXtoDVD 4.0.10.324
CutePDF Writer 2.8
DeepBurner v1.9.0.228
Device Doctor 1.0.0.1
DVD Decrypter (Remove Only)
DVD Shrink 3.2
FileZilla Client 3.3.3
Gladinet Cloud Desktop
HijackThis 1.99.1
HP Customer Participation Program 13.0
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
ImgBurn
Java(TM) 6 Update 20
Jungle Disk Desktop
LAME v3.98.2 for Audacity
Launchy 2.1.2
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
MediaMonkey 3.2
Microsoft Antimalware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Miranda IM 0.8.20
MozBackup 1.4.10
Mozilla Firefox (3.6.6)
Mozilla Thunderbird (3.0.4)
Mp3tag v2.46a
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
O&O Defrag Professional
OGA Notifier 2.0.0048.0
PDF Settings
pdfsam
QuickTime
ReaderWorks Standard
Revo Uninstaller 1.88
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB982135)
Serious Samurize
Spybot - Search & Destroy
SumatraPDF
SyncBackPro
TOSHIBA Value Added Package
TweetDeck
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
VanDyke Software SecureCRT 6.2
VirtualCloneDrive
VLC media player 1.0.5
Winamp (remove only)
WinPatrol 2009
WinSCP 4.2.7

All of your help is much appreciated. Thank you in advance.

- Glenn
glenncvance
Active Member
 
Posts: 2
Joined: July 6th, 2010, 6:42 pm
Advertisement
Register to Remove

Re: Browser redirects

Unread postby glenncvance » July 7th, 2010, 9:04 am

I have solved this with ComboFix. Thanks though for this forum!
glenncvance
Active Member
 
Posts: 2
Joined: July 6th, 2010, 6:42 pm

Re: Browser redirects

Unread postby Gary R » July 7th, 2010, 12:22 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware