Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser redirects

Unread postby dgsounds » August 3rd, 2010, 6:19 am

RSit:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Computer at 2010-08-03 11:10:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (18%) free of 153 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:19, on 03/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Computer\Desktop\RSIT.exe
C:\Program Files\trend micro\Computer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8950523843
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B947BD34-91CC-4590-9BA0-6F0F0D2028E8} (EmailClientUtil Class) - http://www.productsandservices.bt.com/c ... pTools.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

--
End of file - 3297 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\expressripShakeIcon.job
C:\WINDOWS\tasks\ParetoLogic Registration3.job
C:\WINDOWS\tasks\ParetoLogic Update Version3.job
C:\WINDOWS\tasks\PC Health Advisor Defrag.job
C:\WINDOWS\tasks\PC Health Advisor.job
C:\WINDOWS\tasks\switchShakeIcon.job
C:\WINDOWS\tasks\wavepadShakeIcon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-15 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-11 16264192]
"CmUCRRun"=C:\WINDOWS\system32\CmUCReye.exe [2005-10-12 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-26 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-03 11:05:22 ----D---- C:\_OTM
2010-08-03 08:15:00 ----SHD---- C:\RECYCLER
2010-08-03 07:28:06 ----D---- C:\WINDOWS\temp
2010-08-03 07:28:03 ----A---- C:\ComboFix.txt
2010-08-02 21:21:00 ----A---- C:\Boot.bak
2010-08-02 21:20:55 ----RASHD---- C:\cmdcons
2010-08-02 21:19:14 ----A---- C:\WINDOWS\zip.exe
2010-08-02 21:19:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-02 21:19:14 ----A---- C:\WINDOWS\SWSC.exe
2010-08-02 21:19:14 ----A---- C:\WINDOWS\SWREG.exe
2010-08-02 21:19:14 ----A---- C:\WINDOWS\sed.exe
2010-08-02 21:19:14 ----A---- C:\WINDOWS\PEV.exe
2010-08-02 21:19:14 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-02 21:19:14 ----A---- C:\WINDOWS\MBR.exe
2010-08-02 21:19:14 ----A---- C:\WINDOWS\grep.exe
2010-08-02 21:18:36 ----D---- C:\Qoobox
2010-08-02 21:10:46 ----D---- C:\Documents and Settings\Computer\Application Data\AVG9
2010-08-02 21:07:29 ----D---- C:\WINDOWS\ERDNT
2010-08-02 21:06:37 ----D---- C:\Program Files\ERUNT
2010-08-02 20:01:57 ----D---- C:\rsit
2010-08-01 11:40:29 ----A---- C:\WINDOWS\system32\drivers\isdrvinf.exe
2010-08-01 11:39:52 ----N---- C:\WINDOWS\system32\drivers\dgtvcap2.sys
2010-08-01 11:39:52 ----N---- C:\WINDOWS\system32\drivers\dgtvcap.sys
2010-08-01 11:39:52 ----A---- C:\WINDOWS\system32\drivers\dgtvload3.sys
2010-08-01 11:39:52 ----A---- C:\WINDOWS\system32\drivers\dgtvload2.sys
2010-08-01 11:39:52 ----A---- C:\WINDOWS\system32\drivers\dgtvload.sys
2010-07-27 09:54:46 ----D---- C:\Program Files\WMA-MP3.com
2010-07-26 19:53:44 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2010-07-26 19:53:43 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-07-26 19:53:40 ----D---- C:\Program Files\ParetoLogic
2010-07-26 19:09:22 ----D---- C:\$AVG
2010-07-26 18:55:26 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-07-26 18:55:23 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-07-26 18:55:18 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-07-26 18:55:15 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-07-26 18:55:05 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-07-26 18:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-07-26 18:52:15 ----D---- C:\Program Files\AVG
2010-07-26 18:51:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-07-25 15:46:11 ----A---- C:\WINDOWS\system32\drivers\stdriver32.sys
2010-07-24 18:32:17 ----D---- C:\Program Files\WhatsRunning
2010-07-18 15:32:03 ----D---- C:\Program Files\Digital TV
2010-07-15 21:02:54 ----D---- C:\Documents and Settings\Computer\Application Data\dvdcss
2010-07-14 18:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

======List of files/folders modified in the last 1 months======

2010-08-03 11:10:10 ----D---- C:\Program Files\Trend Micro
2010-08-03 11:10:05 ----D---- C:\WINDOWS\Prefetch
2010-08-03 11:08:15 ----D---- C:\WINDOWS
2010-08-03 11:07:14 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2010-08-03 11:05:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-03 11:05:35 ----D---- C:\WINDOWS\system32
2010-08-03 11:05:25 ----RD---- C:\Program Files
2010-08-03 11:05:25 ----D---- C:\WINDOWS\system32\drivers
2010-08-03 10:07:22 ----SD---- C:\WINDOWS\Tasks
2010-08-03 09:34:23 ----HD---- C:\WINDOWS\inf
2010-08-03 09:34:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-03 07:26:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-03 07:24:09 ----A---- C:\WINDOWS\system.ini
2010-08-03 07:23:51 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-03 07:09:58 ----D---- C:\WINDOWS\system32\config
2010-08-03 07:08:31 ----D---- C:\WINDOWS\AppPatch
2010-08-03 07:08:29 ----D---- C:\Program Files\Common Files
2010-08-02 21:21:01 ----RASH---- C:\boot.ini
2010-08-02 20:00:45 ----A---- C:\WINDOWS\win.ini
2010-08-02 19:57:01 ----D---- C:\Config.Msi
2010-08-02 19:56:57 ----SHD---- C:\WINDOWS\Installer
2010-08-02 19:39:22 ----D---- C:\Program Files\uTorrent
2010-08-02 19:39:06 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-02 19:39:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-02 12:32:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-08-01 11:40:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-31 16:27:36 ----D---- C:\WINDOWS\Config
2010-07-30 13:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-29 20:58:03 ----D---- C:\WINDOWS\Debug
2010-07-29 17:55:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-28 08:46:04 ----D---- C:\WINDOWS\WinSxS
2010-07-27 17:02:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-27 09:28:47 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-07-26 21:04:06 ----A---- C:\WINDOWS\wininit.ini
2010-07-25 18:14:48 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2010-07-25 18:14:14 ----D---- C:\Documents and Settings\Computer\Application Data\NCH Swift Sound
2010-07-25 15:46:11 ----D---- C:\Program Files\NCH Swift Sound
2010-07-25 13:46:25 ----D---- C:\Documents and Settings\Computer\Application Data\Vso
2010-07-24 18:34:05 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-24 18:31:20 ----D---- C:\Program Files\SpywareBlaster
2010-07-24 18:22:00 ----D---- C:\WINDOWS\Connection Wizard
2010-07-24 18:21:04 ----SD---- C:\Documents and Settings\Computer\Application Data\Microsoft
2010-07-24 16:44:41 ----D---- C:\WINDOWS\pss
2010-07-23 09:44:48 ----D---- C:\WINDOWS\system32\wbem
2010-07-23 09:44:48 ----D---- C:\WINDOWS\Registration
2010-07-23 09:44:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-23 09:43:14 ----D---- C:\WINDOWS\network diagnostic
2010-07-16 10:40:10 ----D---- C:\Documents and Settings\Computer\Application Data\Canon
2010-07-14 21:16:51 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-07-14 16:35:22 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-07-14 16:34:50 ----D---- C:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-26 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-07-26 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-26 243024]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-03-31 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-03-31 55936]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver; C:\WINDOWS\System32\DRIVERS\cmiucr.SYS [2005-10-04 72320]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-11 4381184]
R3 MODUSB;Digital TV DVB-T USB adapter driver; C:\WINDOWS\System32\Drivers\dgtvcap.sys [2004-06-03 16312]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-07 7429088]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-30 47360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-08-30 81280]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0; C:\WINDOWS\system32\DRIVERS\stdriver32.sys [2010-07-25 49208]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 DongleArtNet1;DongleArtNet1; C:\WINDOWS\System32\drivers\DongleArtNet1.SYS [2003-09-03 20172]
S2 DongleArtNet2;DongleArtNet2; C:\WINDOWS\System32\drivers\DongleArtNet2.SYS [2003-09-03 20308]
S2 DongleArtNet3;DongleArtNet3; C:\WINDOWS\System32\drivers\DongleArtNet3.SYS [2003-09-03 20320]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-25 465952]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 DIBLOAD2;Digital TV firmware loader(Type 2); C:\WINDOWS\system32\DRIVERS\dgtvload2.sys [2004-06-21 17118]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-07-04 101120]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys [2010-04-23 34760]
S3 S3GIGP;S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [2006-06-23 808448]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 sftfs;sftfs; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys []
S3 sftplay;sftplay; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys []
S3 Sftredir;Sftredir; C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys [2009-09-23 21864]
S3 sftvol;sftvol; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-26 308136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
S4 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]
S4 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe [2010-01-09 16680]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S4 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-08-14 319488]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-07 155716]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S4 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]
S4 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
dgsounds
Regular Member
 
Posts: 16
Joined: July 30th, 2010, 4:11 am
Advertisement
Register to Remove

Re: Browser redirects

Unread postby dgsounds » August 3rd, 2010, 6:26 am

Filename: dgtvcap2.sys
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Tue 3 Aug 2010 12:14:35 (CET) Permalink




2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-02 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing


Filename: ArtXpLoad.exe
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Tue 3 Aug 2010 12:18:58 (CET) Permalink



2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-02 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing


Filename: isdrvinf.exe
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Tue 3 Aug 2010 12:24:35 (CET) Permalink




2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-03 Found nothing

2010-08-03 Found nothing
2010-08-02 Found nothing

2010-08-02 Found nothing
2010-08-02 Found nothing

2010-08-03 Found nothing
dgsounds
Regular Member
 
Posts: 16
Joined: July 30th, 2010, 4:11 am

Re: Browser redirects

Unread postby dgsounds » August 3rd, 2010, 6:29 am

Sorry forgot to say.. still no re-directs or pop-ups. PC seems to be working fine.
dgsounds
Regular Member
 
Posts: 16
Joined: July 30th, 2010, 4:11 am

Re: Browser redirects

Unread postby Cypher » August 3rd, 2010, 6:45 am

Hi dgsounds.
That looks a lot better now but we need to run one more scan to check for leftovers.

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.


Next.

I see you have CCleaner installed Please run it now.
CAUTION: Please do NOT use the "Registry" button in the left pane.
This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!

Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser redirects

Unread postby dgsounds » August 3rd, 2010, 8:23 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f7831c945d81a24383a0df035ee54803
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-03 11:17:54
# local_time=2010-08-03 12:17:54 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 3051 3051 0 0
# compatibility_mode=1024 16777191 100 0 666526 666526 0 0
# compatibility_mode=8192 67108863 100 0 127 127 0 0
# scanned=26640
# found=0
# cleaned=0
# scan_time=1032
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f7831c945d81a24383a0df035ee54803
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-03 12:16:22
# local_time=2010-08-03 01:16:22 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 4199 4199 0 0
# compatibility_mode=1024 16777191 100 0 667674 667674 0 0
# compatibility_mode=8192 67108863 100 0 1275 1275 0 0
# scanned=98098
# found=2
# cleaned=0
# scan_time=3391
C:\Qoobox\32788R22FWJFW\disk.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-1454471165-764733703-839522115-1004\Dc6\Native Instruments Traktor Scratch Pro v1.1.2 [h33t][deepstatus].rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I


Log file as requested. there seems to be trojan activity but i will leave it to the expert for diagnosis.

Computer seems to be running fine.
dgsounds
Regular Member
 
Posts: 16
Joined: July 30th, 2010, 4:11 am

Re: Browser redirects

Unread postby dgsounds » August 3rd, 2010, 8:24 am

I need to go out for an hour or so. So will pick up when i get back.

Thanks again for your help.
dgsounds
Regular Member
 
Posts: 16
Joined: July 30th, 2010, 4:11 am

Re: Browser redirects

Unread postby Cypher » August 3rd, 2010, 11:03 am

Hi dgsounds.
Thanks again for your help.

You're most welcome.
What the ESET log shows is nothing to worry anout :)

your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Now we needed to deal with security vulnerabilities

Install internet explorer 8

You can find information and install IE 8 from Here


Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser redirects

Unread postby dgsounds » August 3rd, 2010, 12:33 pm

Cypher,

can't thank you enough. excellent job, well done!

All tools used have now been deleted.

Suggested software has been downloaded & is now in operation.

All other advice has been carried out.. windows is totally up to date as are other programs as identified by Secunia.

My pc is running smoothly with no sign of previous problems. Wish i had come to you before, the guys from my service provider support line really don't have a patch on you guys.

Thanks so much.. have a great day.

Regards


Dave (dgsounds)
dgsounds
Regular Member
 
Posts: 16
Joined: July 30th, 2010, 4:11 am

Re: Browser redirects

Unread postby Cypher » August 3rd, 2010, 12:38 pm

You're welcome Dave glad we could help.
I will ask for this topic to be closed, good luck and stay safe.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser redirects

Unread postby Gary R » August 3rd, 2010, 12:54 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware